Author: jmm-guest Date: 2006-12-28 00:31:02 +0100 (Thu, 28 Dec 2006) New Revision: 5191 Modified: data/CVE/list Log: no-dsa and unimportant issues for sarge Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-12-27 23:25:37 UTC (rev 5190) +++ data/CVE/list 2006-12-27 23:31:02 UTC (rev 5191) @@ -95,8 +95,9 @@ CVE-2006-6720 (PHP remote file inclusion vulnerability in admin/index_sitios.php in ...) NOT-FOR-US: Azucar CMS CVE-2006-6719 (The ftp_syst function in ftp-basic.c in Free Software Foundation (FSF) ...) - - wget <unfixed> - TODO: insufficient info, file bug when more info is available + - wget <unfixed> (unimportant) + NOTE: An FTP server crashing a download utility is a bug, but not a DoS security issue + TODO: insufficient info, check, whether code injection is possible CVE-2006-6718 (The Allied Telesis AT-9000/24 Ethernet switch has a default password ...) NOT-FOR-US: Allied Telesis CVE-2006-6717 (The Allied Telesis AT-9000/24 Ethernet switch accepts management ...) @@ -139,6 +140,7 @@ NOT-FOR-US: Oracle Portal CVE-2006-6698 (The GConf daemon (gconfd) in GConf 2.14.0 creates temporary files ...) - gconf2 <unfixed> (low; bug #404743) + [sarge] - gconf2 <no-dsa> (Minor nuisance, not much of a security problem) CVE-2005-4816 (Buffer overflow in mod_radius in ProFTPD before 1.3.0rc2 allows remote ...) TODO: check CVE-2003-1314 (PHP remote file inclusion vulnerability in admin/auth.php in ...) @@ -945,6 +947,7 @@ NOT-FOR-US: Simple machines Forum CVE-2006-6374 (Multiple CRLF injection vulnerabilities in PhpMyAdmin 2.7.0-pl2 allow ...) - phpmyadmin <unfixed> (low; bug filed) + [sarge] - phpmyadmin <no-dsa> (CRLF not backportable to Sarge) CVE-2006-6373 (PhpMyAdmin 2.7.0-pl2 allows remote attackers to obtain sensitive ...) - phpmyadmin <unfixed> (unimportant) NOTE: path is known in Debian anyway