Author: gilbert-guest
Date: 2010-01-09 21:06:12 +0000 (Sat, 09 Jan 2010)
New Revision: 13774
Modified:
data/CVE/list
Log:
remove manual uses of unknown since it is redundant/unnecessary
Modified: data/CVE/list
==================================================================---
data/CVE/list 2010-01-09 20:53:11 UTC (rev 13773)
+++ data/CVE/list 2010-01-09 21:06:12 UTC (rev 13774)
@@ -4351,16 +4351,16 @@
- jquery <not-affected> (fixed since initial inclusion)
- passenger <not-affected> (fixed since initial inclusion)
CVE-2008-7219 (Horde Kronolith H3 2.1 before 2.1.7 and 2.2 before 2.2-RC2; Nag
H3 2.1 ...)
- - kronolith2 2.1.7-1 (unknown)
- - nag2 2.1.4-1 (unknown)
- - mnemo2 2.1.2-1 (unknown)
+ - kronolith2 2.1.7-1
+ - nag2 2.1.4-1
+ - mnemo2 2.1.2-1
CVE-2008-7218 (Unspecified vulnerability in the Horde API in Horde 3.1 before
3.1.6 ...)
{DSA-1897-1}
- - horde3 3.1.6-1 (unknown)
- - turba2 2.1.7-1 (unknown)
- - kronolith2 2.1.7-1 (unknown)
- - nag2 2.1.4-1 (unknown)
- - mnemo2 2.1.2-1 (unknown)
+ - horde3 3.1.6-1
+ - turba2 2.1.7-1
+ - kronolith2 2.1.7-1
+ - nag2 2.1.4-1
+ - mnemo2 2.1.2-1
CVE-2008-7217 (Microsoft Office 2008 for Mac, when running on Macintosh systems
that ...)
NOT-FOR-US: Microsoft Office
CVE-2007-6732 (Multiple buffer overflows in the dtt_load function in ...)
@@ -6103,22 +6103,22 @@
CVE-2009-2725
RESERVED
CVE-2009-2724 (Race condition in the java.lang package in Sun Java SE 5.0
before ...)
- - sun-java5 1.5.0-20-1 (unknown)
+ - sun-java5 1.5.0-20-1
[etch] - sun-java5 <no-dsa> (Non-free not supported)
[lenny] - sun-java5 <no-dsa> (Non-free not supported)
NOTE: unknown impact and attack vectors
CVE-2009-2723 (Unspecified vulnerability in deserialization in the Provider
class in ...)
- - sun-java5 1.5.0-20-1 (unknown)
+ - sun-java5 1.5.0-20-1
[etch] - sun-java5 <no-dsa> (Non-free not supported)
[lenny] - sun-java5 <no-dsa> (Non-free not supported)
NOTE: unknown impact and attack vectors
CVE-2009-2722 (Multiple unspecified vulnerabilities in the Provider class in
Sun Java ...)
- - sun-java5 1.5.0-20-1 (unknown)
+ - sun-java5 1.5.0-20-1
[etch] - sun-java5 <no-dsa> (Non-free not supported)
[lenny] - sun-java5 <no-dsa> (Non-free not supported)
NOTE: unknown impact and attack vectors
CVE-2009-2721 (Multiple unspecified vulnerabilities in the Provider class in
Sun Java ...)
- - sun-java5 1.5.0-20-1 (unknown)
+ - sun-java5 1.5.0-20-1
[etch] - sun-java5 <no-dsa> (Non-free not supported)
[lenny] - sun-java5 <no-dsa> (Non-free not supported)
NOTE: unknown impact and attack vectors
@@ -22969,7 +22969,7 @@
CVE-2008-2958 (Race condition in (1) checkinstall 1.6.1 and (2) installwatch
allows ...)
- checkinstall 1.6.1-7 (low; bug #488140)
CVE-2008-XXXX [werkzeug hashes its secret instead of using hmac]
- - python-werkzeug 0.3.1-1 (unknown)
+ - python-werkzeug 0.3.1-1
NOTE: http://lucumr.pocoo.org/cogitations/2008/06/24/werkzeug-031-released/
CVE-2008-2841 (Argument injection vulnerability in XChat 2.8.7b and earlier on
...)
- xchat <not-affected> (Windows specific problem)
@@ -28151,7 +28151,7 @@
CVE-2008-0647 (Multiple stack-based buffer overflows in the ...)
NOT-FOR-US: Ourgame GLWorld
CVE-2008-0646 (The bdecode_recursive function in include/libtorrent/bencode.hpp
in ...)
- - deluge-torrent 0.5.8.3-1 (unknown; bug #463357)
+ - deluge-torrent 0.5.8.3-1 (bug #463357)
CVE-2008-0645 (Multiple PHP remote file inclusion vulnerabilities in Portail
Web Php ...)
NOT-FOR-US: Portail Web Php
CVE-2008-0644 (Adobe ColdFusion MX 7 and ColdFusion 8 allows remote attackers
to ...)
@@ -38488,7 +38488,7 @@
- vlc 0.8.6.c.debian-1 (unimportant; bug #429726)
CVE-2007-3467 (Integer overflow in the __status_Update function in stats.c
VideoLAN ...)
{DSA-1332-1}
- - vlc 0.8.6.c-1 (unknown; bug #429726)
+ - vlc 0.8.6.c-1 (bug #429726)
CVE-2007-3466
RESERVED
CVE-2007-3465 (Check Point SofaWare Safe at Office, with firmware before
Embedded NGX ...)
@@ -59599,7 +59599,7 @@
- util-vserver 0.30.210-1 (bug #360438; unimportant)
CVE-2006-1655 (Multiple buffer overflows in mpg123 0.59r allow user-assisted
...)
{DSA-1074-1}
- - mpg123 0.59r-22 (bug #361863; unknown)
+ - mpg123 0.59r-22 (bug #361863)
CVE-2006-1654 (Directory traversal vulnerability in the HP Color LaserJet 2500
...)
NOT-FOR-US: HP Colour LaserJet 2500 and 4600 Toolbox
CVE-2006-1653 (PHP remote file inclusion vulnerability in loadkernel.php in
...)
@@ -66334,7 +66334,7 @@
NOT-FOR-US: protection.php from several crappy web apps not in Debian
CVE-2005-3570 (Unspecified cross-site scripting (XSS) vulnerability in Horde
before ...)
{DSA-914-1}
- - horde2 2.2.9-1 (bug #338983; unknown)
+ - horde2 2.2.9-1 (bug #338983)
CVE-2005-3569 (INSO service in IBM DB2 Content Manager before 8.2 Fix Pack 10
on AIX ...)
NOT-FOR-US: DB2
CVE-2005-3568 (db2fmp process in IBM DB2 Content Manager before 8.2 Fix Pack 10
...)
@@ -66960,26 +66960,26 @@
NOT-FOR-US: Hyper Estraier
CVE-2005-3420 (usercp_register.php in phpBB 2.0.17 allows remote attackers to
modify ...)
{DSA-925-1}
- - phpbb2 2.0.18-1 (bug #336582; bug #336587; unknown)
+ - phpbb2 2.0.18-1 (bug #336582; bug #336587)
NOTE: http://www.hardened-php.net/advisory_172005.75.html
NOTE: http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=336756
NOTE: Remote code execution may be possible, especially in conjunction
NOTE: with PHP bugs.
CVE-2005-3419 (SQL injection vulnerability in usercp_register.php in phpBB
2.0.17 ...)
{DSA-925-1}
- - phpbb2 2.0.18-1 (bug #336582; bug #336587; unknown)
+ - phpbb2 2.0.18-1 (bug #336582; bug #336587)
CVE-2005-3418 (Multiple cross-site scripting (XSS) vulnerabilities in phpBB
2.0.17 ...)
{DSA-925-1}
- - phpbb2 2.0.18-1 (bug #336582; bug #336587; unknown)
+ - phpbb2 2.0.18-1 (bug #336582; bug #336587)
CVE-2005-3417 (phpBB 2.0.17 and earlier, when the register_long_arrays
directive is ...)
{DSA-925-1}
- - phpbb2 2.0.18-1 (bug #336582; bug #336587; unknown)
+ - phpbb2 2.0.18-1 (bug #336582; bug #336587)
CVE-2005-3416 (phpBB 2.0.17 and earlier, when register_globals is enabled and
the ...)
{DSA-925-1}
- - phpbb2 2.0.18-1 (bug #336582; bug #336587; unknown)
+ - phpbb2 2.0.18-1 (bug #336582; bug #336587)
CVE-2005-3415 (phpBB 2.0.17 and earlier allows remote attackers to bypass
protection ...)
{DSA-925-1}
- - phpbb2 2.0.18-1 (bug #336582; bug #336587; unknown)
+ - phpbb2 2.0.18-1 (bug #336582; bug #336587)
CVE-2005-3414 (eyeOS 0.8.4 stores usrinfo.xml under the web document root with
...)
NOT-FOR-US: eyeOS
CVE-2005-3413 (Cross-site scripting (XSS) vulnerability in desktop.php in eyeOS
0.8.4 ...)
@@ -67200,7 +67200,7 @@
- dhis-tools-dns 5.0-5
CVE-2005-3339 (Mantis before 0.19.3 caches the User ID longer than necessary,
which ...)
{DSA-905-1}
- - mantis 0.19.3-0.1 (bug #330682; unknown)
+ - mantis 0.19.3-0.1 (bug #330682)
CVE-2005-3338 (Unspecified vulnerability in Mantis before 0.19.3, when using
...)
{DSA-905-1}
- mantis 0.19.3-0.1 (bug #330682; low)
@@ -67808,7 +67808,7 @@
CVE-2005-3167 (Incomplete blacklist vulnerability in MediaWiki before 1.4.11
does not ...)
- mediawiki 1.4.11-1 (bug #332408; medium)
CVE-2005-3166 (Unspecified vulnerability in "edit submission
handling" for MediaWiki ...)
- - mediawiki 1.4.11-1 (bug #332408; unknown)
+ - mediawiki 1.4.11-1 (bug #332408)
CVE-2005-3165 (Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki
...)
- mediawiki 1.4.9
CVE-2005-3164 (The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0
...)
@@ -68095,7 +68095,7 @@
CVE-2005-3074 (SQL injection vulnerability in rsyslogd in RSyslog before 1.0.1
and ...)
NOT-FOR-US: RSyslog
CVE-2005-3073 (Unspecified vulnerability in Interchange 5.0.1 allows attackers
4.9.3, ...)
- - interchange 5.2.1-1 (bug #329705; unknown)
+ - interchange 5.2.1-1 (bug #329705)
CVE-2005-3072 (SQL injection vulnerability in pages/forum/submit.html in
Interchange ...)
- interchange 5.2.1-1 (bug #329705; medium)
CVE-2005-3071 (Unspecified vulnerability in Unix File System (UFS) on Solaris 8
and ...)
@@ -68559,7 +68559,7 @@
- arc 5.21m-1 (bug #329053; low)
CVE-2005-2917 (Squid 2.5.STABLE10 and earlier, while performing NTLM
authentication, ...)
{DSA-828-1}
- - squid 2.5.10-7 (unknown)
+ - squid 2.5.10-7
NOTE: Patch was added to -6, but not listed in dpatch''s list of
patches
CVE-2005-XXXX [user password file created by gajim is world-redable]
- gajim 0.8.2-1 (bug #325080; low)
@@ -68593,8 +68593,8 @@
{DSA-856-1}
- py2play 0.1.8-1 (bug #326976; medium)
CVE-2005-2874 (The is_path_absolute function in scheduler/client.c for the
daemon in ...)
- - cups 1.1.23-1 (unknown)
- - cupsys 1.1.23-1 (unknown)
+ - cups 1.1.23-1
+ - cupsys 1.1.23-1
CVE-2005-2871 (Buffer overflow in the International Domain Name (IDN) support
in ...)
{DSA-868-1 DSA-866-1 DSA-837-1}
- mozilla-firefox 1.0.6-5 (bug #327452; bug #327802; bug #327366; medium)
@@ -69036,7 +69036,7 @@
- linux-2.6 2.6.12-1
CVE-2005-2761 (Cross-site scripting (XSS) vulnerability in phpGroupWare
0.9.16.000 ...)
{DSA-798-1}
- - phpgroupware 0.9.16.008-1 (unknown)
+ - phpgroupware 0.9.16.008-1
CVE-2005-2716 (The event_pin_code_request function in the btsrv daemon
(btsrv.c) in ...)
{DSA-796-1}
- affix 2.1.2-3 (bug #325444; medium)
@@ -69119,7 +69119,7 @@
- up-imapproxy 1.2.4-2 (high)
CVE-2005-2660 (apachetop 0.12.5 and earlier, when running in debug mode, allows
local ...)
{DSA-839-1}
- - apachetop 0.12.5-3 (unknown)
+ - apachetop 0.12.5-3
CVE-2005-2659 (Buffer overflow in the LZX decompression in CHM Lib (chmlib)
0.35, as ...)
{DSA-886-1}
- chmlib 0.37-2 (medium)
@@ -69175,7 +69175,7 @@
NOTE: this bug was closed as it was unreproducable in Debian
CVE-2005-2641 (Unknown vulnerability in pam_ldap before 180 does not properly
handle ...)
{DSA-785-1}
- - libpam-ldap 178-1sarge1 (bug #324899; unknown)
+ - libpam-ldap 178-1sarge1 (bug #324899)
CVE-2004-2483 (Kerio WinRoute Firewall before 6.0.9 uses information from PTR
queries ...)
NOT-FOR-US: Kerio WinRoute Firewall
CVE-2004-2482 (Microsoft Outlook 2000 and 2003, when configured to use
Microsoft Word ...)
@@ -71699,7 +71699,7 @@
- texmacs 1:1.0.5-3 (bug #318100; medium)
[sarge] - texmacs <no-dsa> (Hardly exploitable)
- zlib 1:1.2.2-7 (bug #317133; medium)
- - pvpgn 1.7.8-2 (bug #332236; unknown)
+ - pvpgn 1.7.8-2 (bug #332236)
- mysql-dfsg-4.1 4.1.13-1 (bug #319858; unimportant)
- mrtg <not-affected> (Only used for internal compression, current
versions link dynamically)
- rsync <not-affected> (Uses zlib 1.1, which is not affected)