Author: jmm-guest Date: 2007-01-05 21:03:10 +0100 (Fri, 05 Jan 2007) New Revision: 5209 Modified: data/CVE/list Log: correct linux-2.6 fixed version couple of no-dsas and not-affected entries for sarge Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-01-04 20:14:20 UTC (rev 5208) +++ data/CVE/list 2007-01-05 20:03:10 UTC (rev 5209) @@ -3889,7 +3889,7 @@ CVE-2006-5159 (** DISPUTED ** ...) NOT-FOR-US: Bogus Firefox issue CVE-2006-5158 (The nlmclnt_mark_reclaim in clntlock.c in NFS lockd in Linux kernel ...) - - linux-2.6 2.6.16 + - linux-2.6 2.6.15 CVE-2006-5157 (Format string vulnerability in the ActiveX control (ATXCONSOLE.OCX) in ...) NOT-FOR-US: TrendMicro OfficeScan CVE-2006-5156 (Buffer overflow in McAfee ePolicy Orchestrator before 3.5.0.720 and ...) @@ -6858,7 +6858,8 @@ CVE-2006-4046 (Multiple stack-based buffer overflows in Open Cubic Player 2.6.0pre6 ...) - ocp 0.1.10rc6-1 (medium; bug #381098) CVE-2006-XXXX [uqwk buffer overflow] - - uqwk 2.21-13 (bug #376577; medium) + - uqwk 2.21-13 (bug #376577; low) + [sarge] - uqwk <no-dsa> (Minor issue) CVE-2006-3837 (delcookie.php in Professional Home Page Tools Guestbook changes the ...) NOT-FOR-US: Professional Home Page Tools Guestbook CVE-2006-3836 (Directory traversal vulnerability in index.php in UNIDOmedia Chameleon ...) @@ -11653,6 +11654,7 @@ NOT-FOR-US: PHPKIT CVE-2006-1772 (debconf in Debian GNU/Linux, when configuring mnogosearch in the ...) - mnogosearch 3.2.37-3.1 (bug #361775) + [sarge] - mnogosearch <no-dsa> (Minor issue) CVE-2006-1771 (Directory traversal vulnerability in misc in pbcs.dll in SAXoTECH ...) NOT-FOR-US: SAXoPRESS CVE-2006-1770 (Multiple PHP remote file inclusion vulnerabilities in Azerbaijan ...) @@ -20593,10 +20595,10 @@ TODO: check xemacs21 CVE-2005-XXXX [egroupware unsafe use of /tmp for storing a log file] - egroupware 1.0.0.009.dfsg-3-1 (bug #329597; low) - NOTE: Sarge is affected (package doesn''t exist in Woody) + [sarge] - egroupware <no-dsa> (Minor issue) CVE-2005-XXXX [SQL injection vulnerability in egroupware in account deletion] - egroupware 1.0.0.009.dfsg-3-1 (bug #329597; low) - NOTE: Sarge is affected (package doesn''t exist in Woody) + [sarge] - egroupware <no-dsa> (Minor issue) CVE-2005-XXXX [Insecure pidfile handling in mailleds] - mailleds 0.93-11.1 (bug #329365; low) [sarge] - mailleds <no-dsa> (Hardly exploitable) @@ -25456,9 +25458,6 @@ CVE-2005-2350 [Cross Site Scripting in websieve] RESERVED - websieve <removed> (bug #311838; low) - NOTE: second half of bug suggets lack of escaping of user data - NOTE: could be used to compromise program somehow - NOTE: that is not covered by the CVE though due to vagueness CVE-2005-1840 (Directory traversal vulnerability in class.layout_phpcms.php in phpCMS ...) NOT-FOR-US: phpCMS CVE-2005-1839 (Multiple SQL injection vulnerabilities in Doug Luxem Liberum Help Desk ...) @@ -28001,7 +28000,9 @@ CVE-2005-1178 (SQL injection vulnerability in Oracle Forms 10g allows remote ...) NOT-FOR-US: Oracle CVE-2005-1177 (Unknown vulnerability in (1) Webmin and (2) Usermin before 1.200 ...) - - webmin 1.200-1 + - webmin <not-affected> + NOTE: I haven''t found further information on this, but this appears to only + NOTE: affect non-Debian setups CVE-2005-1176 (Race condition in JFS2 on AIX 5.2 and 5.3, when deleting a file while ...) NOT-FOR-US: AIX CVE-2005-1175 (Heap-based buffer overflow in the Key Distribution Center (KDC) in MIT ...)