thr3ads.net - Secure testing commits - [Secure-testing-commits] r5203

If this information is useful, please help other people find it:
Share via:
Stefan Fritsch
2006-Dec-30 23:24 UTC
[Secure-testing-commits] r5203 - data/CVE

Author: stef-guest
Date: 2006-12-30 23:24:06 +0100 (Sat, 30 Dec 2006)
New Revision: 5203

Modified:
   data/CVE/list
Log:
checked/removed a few old TODOs

Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-12-30 21:00:32 UTC (rev 5202)
+++ data/CVE/list	2006-12-30 22:24:06 UTC (rev 5203)
@@ -4274,7 +4274,7 @@
 CVE-2006-4843
 	RESERVED
 CVE-2006-4842 (The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as
used in ...)
-	- xulrunner <unfixed> (low; bug filed)
+	- xulrunner <unfixed> (low; bug #405062)
 	[sarge] - mozilla <unfixed> (low)
 	NOTE: could not find setuid binary in sid, but evolution-data-server has a
setgid mail binary
 	NOTE: see https://bugzilla.mozilla.org/show_bug.cgi?id=351470
@@ -27267,7 +27267,7 @@
 	- sork-vacation 2.2.2-1
 CVE-2005-1320 (Cross-site scripting (XSS) vulnerability in Horde Mnemo Note
Manager ...)
 	- mnemo 1.1-2.1 (bug #307180)
-	TODO: check whether nmeno2 is affected as well
+	- nmeno2 <not-affected> (fixed before 2.1.1)
 CVE-2005-1319 (Cross-site scripting (XSS) vulnerability in Horde IMP Webmail
client ...)
 	- imp4 <not-affected>
 	- imp3 3.2.8-1 (bug #328218; low)
@@ -31261,13 +31261,11 @@
 	- linux-2.6 <not-affected>
 	- kernel-source-2.4.27 2.4.27-10 (bug #308584)
 CVE-2005-0136 (The Linux kernel before 2.6.11 on the Itanium IA64 platform has
...)
-	TODO: Check, when this was fixed upstream
-	TODO: Check, whether 2.4 is affected
 	[sarge] - kernel-source-2.6.8 2.6.8-14
+	- linux-2.6 2.6.11
 CVE-2005-0135 (The unw_unwind_to_user function in unwind.c on Itanium (ia64)
...)
 	{DSA-1082-1 DSA-1070-1 DSA-1067-1}
-	TODO: Check, when this was fixed upstream
-	TODO: Check, whether 2.4 is affected
+	- linux-2.6 <not-affected>
 	[sarge] - kernel-source-2.6.8 2.6.8-14
 CVE-2005-0134 (The X server in SCO UnixWare 7.1.1, 7.1.3, and 7.1.4 does not
properly ...)
 	NOT-FOR-US: SCO UnixWare
@@ -31297,7 +31295,7 @@
 	NOT-FOR-US: MacOS
 CVE-2005-0124 (The coda_pioctl function in the coda functionality (pioctl.c)
for ...)
 	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1 DSA-1017-1}
-	TODO: Check, when this was fixed upstream
+	- linux-2.6 2.6.12-1
 CVE-2005-0123
 	RESERVED
 CVE-2005-0122
@@ -31361,9 +31359,7 @@
 	- abuse <removed>
 CVE-2005-0098 (Multiple buffer overflows in the SDL port of abuse (abuse-SDL)
before ...)
 	{DSA-691-1}
-	TODO: Check, when this was fixed upstream
-	TODO: Check, whether 2.4 is affected
-	[sarge] - kernel-source-2.6.8 2.6.8-14
+	- abuse <removed>
 CVE-2005-0097 (The NTLM component in Squid 2.5.STABLE7 and earlier allows
remote ...)
 	- squid 2.5.7-4
 CVE-2005-0096 (Memory leak in the NTLM fakeauth_auth helper for Squid
2.5.STABLE7 and ...)
@@ -31403,8 +31399,7 @@
 	{DSA-653-1}
 	- ethereal 0.10.9-1
 CVE-2005-0083 (MySQL MaxDB 7.5.00 for Windows, and possibly earlier versions
and ...)
-	NOTE: advisory is vague but implies non-Windows platforms may be vulnerable.
-	TODO: Check this
+	- maxdb-7.5.00 7.5.00.24-1
 CVE-2005-0082 (The sapdbwa_GetUserData function in MySQL MaxDB 7.5.0.0, and
other ...)
 	- maxdb-7.5.00 7.5.00.21-1
 CVE-2005-0081 (MySQL MaxDB 7.5.0.0, and other versions before 7.5.0.21, allows
remote ...)
@@ -32146,7 +32141,6 @@
 CVE-2004-1151 (Multiple buffer overflows in the (1) sys32_ni_syscall and (2)
...)
 	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.10)
 	[sarge] - kernel-source-2.6.8 2.6.8-11
-	TODO: Check 2.4
 CVE-2004-1150 (Stack-based buffer overflow in the in_cdda.dll plugin for Winamp
5.0 ...)
 	NOT-FOR-US: Winamp
 CVE-2004-1149 (Computer Associates eTrust EZ Antivirus 7.0.0 to 7.0.4,
including ...)
@@ -32380,7 +32374,7 @@
 	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.10)
 	[sarge] - kernel-source-2.6.8 2.6.8-14
 CVE-2004-1057 (Multiple drivers in Linux kernel 2.4.19 and earlier do not
properly ...)
-	TODO: check back with dilinger about 2.6
+	- linux-2.6 <not-affected> (Fixed before upload into archive)
 	TODO: previous fix in -9 has regressions
 	- kernel-source-2.4.27 2.4.27-10
 CVE-2004-1056 (Direct Rendering Manager (DRM) driver in Linux kernel 2.6 does
not ...)
@@ -32545,7 +32539,7 @@
 	- netkit-telnet-ssl 0.17.24+0.1-6
 CVE-2004-0997 (Unspecified vulnerability in the ptrace MIPS assembly code in
Linux ...)
 	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
-	TODO: check
+	- linux-2.6 <not-affected> (fixed before first upload)
 CVE-2004-0996 (main.c in cscope 15-4 and 15-5 creates temporary files with ...)
 	{DSA-610-1}
 	- cscope 15.5-1.1 (bug #282815)
@@ -33418,7 +33412,7 @@
 CVE-2004-0660 (Cross-site scripting (XSS) vulnerability in (1)
show_archives.php, (2) ...)
 	NOT-FOR-US: CuteNews
 CVE-2004-0659 (Buffer overflow in TranslateFilename for common.c in MPlayer
1.0pre4 ...)
-	TODO: check mplayer
+	- mplayer <not-affected> (fixed before upload in archive; 1.0pre5)
 CVE-2004-0658 (Integer overflow in the hpsb_alloc_packet function (incorrectly
...)
 	- linux-2.6 <not-affected> (Invalid, according to Ben Collins)
 	- kernel-source-2.4.27 <not-affected> (Invalid, according to Ben
Collins)
@@ -33495,9 +33489,10 @@
 CVE-2004-0629 (Buffer overflow in the ActiveX component (pdf.ocx) for Adobe
Acrobat ...)
 	NOT-FOR-US: adobe acrobat
 CVE-2004-0628 (Stack-based buffer overflow in MySQL 4.1.x before 4.1.3, and
5.0, ...)
-	TODO: Check, which 4.1 and 5.0 versions fixed this
 	- mysql <not-affected> (Apparently 3.2 not exploitable, see #330164)
 	- mysql-dfsg <not-affected> (Apparently 4.0 not exploitable, see
#330164)
+	- mysql-dfsg-4.1 <not-affected> (fixed before first upload; in 4.1.3)
+	- mysql-dfsg-5.0 <not-affected> (fixed before first upload; in 5.0.0)
 CVE-2004-0627 (The check_scramble_323 function in MySQL 4.1.x before 4.1.3, and
5.0, ...)
 	- mysql <not-affected> (Apparently 3.2 not exploitable, see #330164)
 	- mysql-dfsg <not-affected> (Apparently 4.0 not exploitable, see
#330164)
@@ -33577,7 +33572,6 @@
 CVE-2004-0596 (The Equalizer Load-balancer for serial network interfaces
(eql.c) in ...)
 	- linux-2.6 <not-affected> (Fixed before upload into archive)
 	TODO: Check, which version fixed this
-	TODO: Check 2.4
 CVE-2004-0595 (The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to
...)
 	{DSA-669-1 DSA-531}
 	- php3 3:3.0.18-27
@@ -33585,7 +33579,6 @@
 CVE-2004-0594 (The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x
up to ...)
 	{DSA-669-1 DSA-531}
 	- php4 4:4.3.8-1
-	TODO: DSA claims PHP3 is vulnerable, but this is not mentioned in the
changelog.
 CVE-2004-0593 (Sygate Enforcer 3.5MR1 and earlier passes broadcast traffic
before ...)
 	NOT-FOR-US: Sygate Enforcer
 CVE-2004-0592 (The tcp_find_option function of the netfilter subsystem for IPv6
in ...)
@@ -33652,7 +33645,7 @@
 CVE-2004-0565 (Floating point information leak in the context switch code for
Linux ...)
 	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
 	- kernel-source-2.4.27 2.4.27-1
-	TODO: Check 2.6
+	- linux-2.6 <not-affected> (fixed before first upload)
 CVE-2004-0564 (Roaring Penguin pppoe (rp-ppoe), if installed or configured to
run ...)
 	{DSA-557-1}
 	- rp-pppoe 3.5-4 (bug #343264)
@@ -33688,8 +33681,6 @@
 	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
 	- kernel-source-2.4.27 2.4.27-1 
 	- linux-2.6 2.6.12-1 (bug #261521)
-	TODO: Check 2.6, entries look flaky
-	TODO: Check 2.4, entries look flaky
 CVE-2004-0553
 	RESERVED
 CVE-2004-0552 (Sophos Small Business Suite 1.00 on Windows does not properly
handle ...)
@@ -33729,7 +33720,7 @@
 	- tripwire 2.3.1.2.0-2.1
 CVE-2004-0535 (The e1000 driver for Linux kernel 2.4.26 and earlier does not
properly ...)
 	- kernel-source-2.4.27 2.4.27-1
-	TODO: Check 2.6
+	- linux-2.6 <not-affected> (fixed before first upload; 2.6.6)
 CVE-2004-0534 (Cross-site scripting (XSS) vulnerability in Business Objects
InfoView ...)
 	NOT-FOR-US: Business Objects WebIntelligence
 CVE-2004-0533 (Business Objects WebIntelligence 2.7.0 through 2.7.4 only
enforces ...)
@@ -33811,7 +33802,7 @@
 	NOT-FOR-US: StoneSoft firewall engine
 CVE-2004-0497 (Unknown vulnerability in Linux kernel 2.x may allow local users
to ...)
 	- kernel-source-2.4.27 2.4.27-1
-	TODO: Check 2.6
+	- linux-2.6 <not-affected> (fixed before first upload; 2.6.8)
 CVE-2004-0496 (Multiple unknown vulnerabilities in Linux kernel 2.6 allow local
users ...)
 	NOTE: fixed in 2.6.7
 CVE-2004-0495 (Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6
allow ...)
@@ -33985,7 +33976,6 @@
 	NOTE: bug still exists in the ssmtp source, but is only activated if
 	NOTE: --enable-logfile is used in ./configure
 	NOTE: The package doesn''t enable that flag so it is safe.
-	TODO: Check, whether this is fixed by now
 CVE-2004-0422 (flim before 1.14.3 creates temporary files insecurely, which
allows ...)
 	{DSA-500}
 	- flim 1:1.14.6+0.20040415-1
@@ -33996,7 +33986,8 @@
 CVE-2004-0420 (The Windows Shell application in Windows 98, Windows ME, Windows
NT ...)
 	NOT-FOR-US: windows
 CVE-2004-0419 (XDM in XFree86 opens a chooserFd TCP socket even when ...)
-	TODO: Check
+	[sarge] - xfree86 <not-affected> (vulnerable code not present)
+	- xdm <not-affected> (vulnerable code not present)
 CVE-2004-0418 (serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through
1.11.16, ...)
 	{DSA-519}
 	- cvs 1:1.12.9-1
@@ -34069,7 +34060,6 @@
 	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
 	- linux-2.6 <not-affected>
 	NOTE: patch: http://www.ultramonkey.org/bugs/cve-patch/CVE-2004-0394.patch
-	TODO: not fixed in 2.4.27 by inspection, didn''t bother with a bug
 CVE-2004-0393 (Format string vulnerability in the msg function for rlpr daemon
...)
 	{DSA-524}
 	- rlpr 2.02-7.1 (bug #255402)
@@ -34390,7 +34380,7 @@
 	NOT-FOR-US: Kernel 2.6 framebuffer bug
 CVE-2004-0228 (Integer signedness error in the cpufreq proc handler
(cpufreq_procctl) ...)
 	- kernel-source-2.4.27 <not-affected> (2.4 does not have cpufreq)
-	TODO: Check 2.6
+	- linux-2.6 <not-affected> (fixed before first upload; 2.6.8)
 CVE-2004-0227 (Buffer overflow in the zms script in ZoneMinder before 1.19.2
may ...)
 	NOT-FOR-US: ZoneMinder
 CVE-2004-0226 (Multiple buffer overflows in Midnight Commander (mc) before
4.6.0 may ...)
@@ -34480,11 +34470,11 @@
 	- neon 0.24.5-1
 CVE-2004-0178 (The OSS code for the Sound Blaster (sb16) driver in Linux 2.4.x
before ...)
 	{DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479}
-	TODO: Check 2.6
+	- linux-2.6 <not-affected> (fixed before first upload; 2.6.8)
 	- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive;
2.4.26-pre3)
 CVE-2004-0177 (The ext3 code in Linux 2.4.x before 2.4.26 does not properly
...)
 	{DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479}
-	TODO: Check 2.6
+	- linux-2.6 <not-affected> (fixed before first upload; 2.6.8)
 	- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive;
2.4.26-pre4)
 CVE-2004-0176 (Multiple buffer overflows in Ethereal 0.8.13 to 0.10.2 allow
remote ...)
 	{DSA-511}
@@ -34563,7 +34553,7 @@
 	NOT-FOR-US: SGI IRIX
 CVE-2004-0138 (The ELF loader in Linux kernel 2.4 before 2.4.25 allows local
users to ...)
 	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
-	TODO: check
+	- linux-2.6 <not-affected> (fixed before first upload)
 CVE-2004-0137 (Unknown vulnerability in init for IRIX 6.5.20 through 6.5.24
allows ...)
 	NOT-FOR-US: IRIX init
 CVE-2004-0136 (The mapelf32exec function call in IRIX 6.5.20 through 6.5.24
allows ...)
@@ -34574,7 +34564,7 @@
 	NOT-FOR-US: IRIX
 CVE-2004-0133 (The XFS file system code in Linux 2.4.x has an information leak
in ...)
 	- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive;
2.4.26-rc2)
-	TODO: Check 2.6
+	- linux-2.6 <not-affected> (fixed before first upload; 2.6.5)
 CVE-2004-0132 (Multiple PHP remote file inclusion vulnerabilities in ezContents
2.0.2 ...)
 	NOT-FOR-US: ezContents
 CVE-2004-0130 (login.php in phpGedView 2.65 and earlier allows remote attackers
to ...)
@@ -34606,7 +34596,7 @@
 CVE-2004-0109 (Buffer overflow in the ISO9660 file system component for Linux
kernel ...)
 	{DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479}
 	- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive;
2.4.26-rc4)
-	TODO: Check 2.6
+	- linux-2.6 <not-affected> (fixed before first upload; 2.6.6)
 CVE-2004-0107 (The (1) post and (2) trigger scripts in sysstat 4.0.7 and
earlier ...)
 	- sysstat 5.0.2-1
 CVE-2004-0106 (Multiple unknown vulnerabilities in XFree86 4.1.0 to 4.3.0,
related to ...)
@@ -36779,7 +36769,7 @@
 CVE-2003-0164
 	RESERVED
 CVE-2003-0163 (decrypt_msg for the Gaim-Encryption GAIM plugin 1.15 and earlier
does ...)
-	TODO: Check, gaim-encryption is now in Debian
+	- gaim-encryption <not-affected> (fixed before first upload; 1.16)
 CVE-2003-0162 (Ecartis 1.0.0 (formerly listar) before snapshot 20030227 allows
remote ...)
 	{DSA-271}
 	- ecartis 1.0.0+cvs.20030321-1
Secure testing commits - Dec 2006 - r5203 - data/CVE

[Secure-testing-commits] r5203 - data/CVE
