Author: fw
Date: 2007-01-10 21:37:50 +0100 (Wed, 10 Jan 2007)
New Revision: 5234
Modified:
data/CVE/list
Log:
some whitespace fixes
a few fixed versions for unimportant bugs
Modified: data/CVE/list
==================================================================---
data/CVE/list 2007-01-10 20:14:20 UTC (rev 5233)
+++ data/CVE/list 2007-01-10 20:37:50 UTC (rev 5234)
@@ -13901,7 +13901,7 @@
CVE-2006-1053
RESERVED
CVE-2006-1052 (The selinux_ptrace logic in hooks.c in SELinux for Linux 2.6.6
allows ...)
- - linux-2.6 2.6.15+2.6.16-rc5-0experimental.1 (low)
+ - linux-2.6 2.6.15+2.6.16-rc5-0experimental.1 (low)
CVE-2006-1051 (SQL injection vulnerability in Akarru Social BookMarking Engine
before ...)
NOT-FOR-US: Akurru Social BookMarking Engine
CVE-2006-1050 (Kwik-Pay Payroll 4.2.20, and possibly other versions, stores the
...)
@@ -16378,8 +16378,7 @@
{DSA-930-2 DSA-930-1}
- smstools 1.16-1.1 (bug #347221; medium)
CVE-2006-0106 (gdi/driver.c and gdi/printdrv.c in Wine 20050930, and other
versions, ...)
- {DSA-954-1}
- {CVE-2005-4560}
+ {DSA-954-1 CVE-2005-4560}
- wine 0.9.2-1 (bug #346197; medium)
CVE-2006-0082 (Format string vulnerability in the SetImageInfo function in
image.c ...)
{DSA-1213}
@@ -16424,10 +16423,11 @@
CVE-2006-0064 (PHP remote file include vulnerability in
includes/orderSuccess.inc.php ...)
NOT-FOR-US: CubeCart
CVE-2006-0063 (Cross-site scripting (XSS) vulnerability in phpBB 2.0.19, when
...)
- - phpbb2 (unimportant)
+ - phpbb2 2.0.21-1 (unimportant)
[sarge] - phpbb2 <no-dsa> (Affects only an inherently unsafe option only
suitable for trusted users)
NOTE: According to the maintainer only affects a config option that is
strongly
NOTE: discouraged due to potential security problems
+ NOTE: (Upstream fix was in 2.0.20.)
CVE-2005-4617 (SQL injection vulnerability in tickets.php in cSupport 1.0 and
earlier ...)
NOT-FOR-US: cSupport
CVE-2005-4616 (SQL injection vulnerability in index.php in iSupport 1.06 allows
...)
@@ -16911,8 +16911,8 @@
CVE-2005-4443 (Untrusted search path vulnerability in Gauche before 0.8.6-r1 on
...)
- gauche <not-affected> (Gentoo-specific packaging flaw)
CVE-2005-4442 (Untrusted search path vulnerability in OpenLDAP before 2.2.28-r3
on ...)
- - openldap2 <not-affected> (Gentoo-specific packaging flaw)
- - openldap2.2 <not-affected> (Gentoo-specific packaging flaw)
+ - openldap2 <not-affected> (Gentoo-specific packaging flaw)
+ - openldap2.2 <not-affected> (Gentoo-specific packaging flaw)
CVE-2005-4441 (The PVLAN protocol allows remote attackers to bypass network
...)
TODO: check, whether this has ramifications on the kernel''s VLAN
implementation
TODO: or whether it''s a generic unfixable protocol flaw
@@ -21227,7 +21227,7 @@
CVE-2005-2947 (Buffer overflow in KillProcess 2.20 and earlier allows
user-assisted ...)
NOT-FOR-US: KillProcess
CVE-2005-2946 (The default configuration on OpenSSL before 0.9.8 uses MD5 for
...)
- - openssl (bug #314465; unimportant)
+ - openssl 0.9.8-1 (bug #314465; unimportant)
NOTE: MD5 is still good enough for most applications, second preimage attacks
NOTE: haven''t been presented yet
CVE-2005-2944 (The perform_file_save function in GNOME Workstation Command
Center ...)
@@ -23002,8 +23002,9 @@
CVE-2005-2432 (SQL injection vulnerability in PhpList allows remote attackers
to ...)
NOT-FOR-US: PhpList
CVE-2005-2431 (The (1) lost password and (2) account pending features in GForge
4.5 ...)
- - gforge (bug #328224; unimportant)
+ - gforge 4.5.14-2 (bug #328224; unimportant)
NOTE: Direct flooding is possible as well in most circumstances.
+ NOTE: (Upstream fix was in gforge 4.5.0.1.)
CVE-2005-2430 (Multiple cross-site scripting (XSS) vulnerabilities in GForge
4.5 ...)
{DSA-1094-1}
- gforge 4.5.14-9 (bug #328224; medium)
@@ -23039,8 +23040,10 @@
CVE-2005-2415 (Multiple SQL injection vulnerabilities in Contrexx before 1.0.5
allow ...)
NOT-FOR-US: Contrexx
CVE-2005-2414 (Race condition in the xpcom library, as used by web browsers
such as ...)
- - mozilla-firefox (bug #327549; unimportant)
- - mozilla (bug #327550; unimportant)
+ - firefox 1.5.dfsg-1 (unimportant)
+ - mozilla-firefox <unfixed> (bug #327549; unimportant)
+ - mozilla <unfixed> (bug #327550; unimportant)
+ - iceweasel <not-affected>
NOTE: The turned out to be non-exploitable
CVE-2005-2413 (PHP remote file inclusion vulnerability in
apa_phpinclude.inc.php in ...)
NOT-FOR-US: Atomic Photo Album
@@ -23884,7 +23887,7 @@
- slash 2.2.6-8 (bug #328927; low)
[sarge] - slash <no-dsa> (Lack of a security feature, minor security
problem)
CVE-2001-1534 (mod_usertrack in Apache 1.3.11 through 1.3.20 generates session
ID''s ...)
- - apache (bug #328919; unimportant)
+ - apache <unfixed> (bug #328919; unimportant)
- apache2 <unfixed> (unimportant)
NOTE: Cookies are only used for invading user privacy,
NOTE: not for authentication, so apache and apache2 should be fine.
@@ -24498,8 +24501,7 @@
[sarge] - texmacs <no-dsa> (Hardly exploitable)
- zlib 1:1.2.2-7 (bug #317133; medium)
- pvpgn 1.7.8-2 (bug #332236; unknown)
- - mysql-dfsg-4.1 (bug #319858; unimportant)
- NOTE: fixed in experimental in 1:1.0.5.6-1, not yet in sid
+ - mysql-dfsg-4.1 4.1.13-1 (bug #319858; unimportant)
- mrtg <not-affected> (Only used for internal compression, current
versions link dynamically)
- rsync <not-affected> (Uses zlib 1.1, which is not affected)
NOTE: rsync upstream updated the internal zlib copy in 2.6.6 without real
need,
@@ -40059,7 +40061,7 @@
CVE-2002-0704 (The Network Address Translation (NAT) capability for Netfilter
...)
NOTE: kernel netfilter bug, not in user space
NOTE: this is fixed in kernel 2.4.20
- - kernel-image-2.4.18-i386 (bug #152152; unimportant)
+ - kernel-image-2.4.18-i386 <unfixed> (bug #152152; unimportant)
CVE-2002-0703 (An interaction between the Perl MD5 module (perl-Digest-MD5) and
Perl ...)
- perl 5.8.0-7 (bug #282527)
CVE-2002-0701 (ktrace in BSD-based operating systems allows the owner of a
process ...)