Author: nion Date: 2007-09-19 19:45:21 +0000 (Wed, 19 Sep 2007) New Revision: 6644 Modified: data/CVE/list Log: CVE-2004-0967 fixed in gs-gpl 8.56.dfsg.1-1 CVE-2007-0253 fixed in kernel-patch-grsecurity 2.1.10-1 CVE-2005-2311 fixed in sms-pl 2.1.0-1 CVE-2007-0905 fixed in php5 5.2.0-9 end of house cleaning :) Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-09-19 16:47:07 UTC (rev 6643) +++ data/CVE/list 2007-09-19 19:45:21 UTC (rev 6644) @@ -9755,7 +9755,7 @@ [etch] - php4 6:4.4.4-8+etch1 [etch] - php5 5.2.0-8+etch1 CVE-2007-0905 (PHP before 5.2.1 allows attackers to bypass safe_mode and open_basedir ...) - - php5 <unfixed> (bug #410561; bug #410995; unimportant) + - php5 5.2.0-9 (bug #410561; bug #410995; unimportant) NOTE: we normally don''t spend much time on safe_mode and open_basedir NOTE: issues, but the because the attack vectors are "unspecified", it NOTE: might be harder for us to try and sort out the fixes for this @@ -11415,7 +11415,7 @@ - xine-ui 0.99.4+dfsg+cvs20061111-1 (low; bug #407369) NOTE: If''ve verified the Etch version to contain the necessary format strings CVE-2007-0253 (** DISPUTED ** ...) - - kernel-patch-grsecurity2 <unfixed> (unimportant; bug #407350) + - kernel-patch-grsecurity2 2.1.10-1 (unimportant; bug #407350) NOTE: See CVE-2007-0257 CVE-2007-0252 (Unspecified vulnerability in easy-content filemanager allows remote ...) NOT-FOR-US: easy-content @@ -34812,8 +34812,8 @@ NOT-FOR-US: Contrexx CVE-2005-2414 (Race condition in the xpcom library, as used by web browsers such as ...) - firefox 1.5.dfsg-1 (unimportant) - - mozilla-firefox <unfixed> (bug #327549; unimportant) - - mozilla <unfixed> (bug #327550; unimportant) + - mozilla-firefox 1.5.dfsg-1 (bug #327549; unimportant) + - mozilla 1.5.dfsg-1 (bug #327550; unimportant) - iceweasel <not-affected> NOTE: The turned out to be non-exploitable CVE-2005-2413 (PHP remote file inclusion vulnerability in apa_phpinclude.inc.php in ...) @@ -35067,7 +35067,7 @@ CVE-2005-2312 (management.php in Realnode Emilda 1.2.2 and earlier allows remote ...) NOT-FOR-US: Realnode Emilda CVE-2005-2311 (SMS 1.9.2m and earlier allows local users to overwrite arbitrary files ...) - - sms-pl <unfixed> (bug #320540; unimportant) + - sms-pl 2.1.0-1 (bug #320540; unimportant) NOTE: vulnerable contrib file only in source package CVE-2005-2310 (Buffer overflow in Winamp 5.03a, 5.09 and 5.091, and other versions ...) NOT-FOR-US: Winamp @@ -45051,7 +45051,7 @@ - glibc 2.3.2.ds1-19 CVE-2004-0967 (The (1) pj-gs.sh, (2) ps2epsi, (3) pv.sh, and (4) sysvlp.sh scripts ...) - gs-common 0.3.6-0.1 - - gs-gpl <unfixed> (bug #291373; unimportant) + - gs-gpl 8.56.dfsg.1-1 (bug #291373; unimportant) NOTE: ps2epsi hole present in gs-gpl, but not shipped in binary CVE-2004-0966 (The (1) autopoint and (2) gettextize scripts in the GNU gettext ...) - gettext 0.14.1-6