Author: jmm-guest
Date: 2005-12-13 22:50:59 +0000 (Tue, 13 Dec 2005)
New Revision: 3028
Modified:
data/CVE/list
Log:
more syntax and kernel updates
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2005-12-13 22:20:26 UTC (rev 3027)
+++ data/CVE/list 2005-12-13 22:50:59 UTC (rev 3028)
@@ -14920,7 +14920,8 @@
NOT-FOR-US: Citadel/UX
CVE-2004-1191 (Race condition in SuSE Linux 8.1 through 9.2, when run on SMP
systems ...)
NOTE: turned out that kernel-source-2.6.8 2.6.8-14 was incompletly fixed
- - kernel-source-2.6.8 2.6.8-16
+ TODO: Check linux-2.6
+ [sarge] - kernel-source-2.6.8 2.6.8-16
- kernel-source-2.4.27 2.4.27-6
CVE-2004-1190 (SUSE Linux before 9.1 and SUSE Linux Enterprise Server before 9
do not ...)
NOTE: Response from Suse people reveals that
http://linux.bkbits.net:8080/linux-2.6/hist/drivers/block/scsi_ioctl.c
@@ -14930,7 +14931,8 @@
NOTE: Response from Marcus Meissner <[EMAIL PROTECTED]> saying the
patch was integrated in upstream 2.6.8
NOTE: on further clarification he said that further fixes to this patch
were made after 2.6.8 so only
NOTE: 2.6.10 is actually fixed, but 2.6.8 is not
- - kernel-source-2.6.8 2.6.8-14
+ - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.10)
+ [sarge] - kernel-source-2.6.8 2.6.8-14
CVE-2004-1189 (The add_to_history function in svr_principal.c in libkadm5srv
for MIT ...)
{DSA-629-1}
- krb5 1.3.6-1
@@ -14969,18 +14971,15 @@
- mailman 2.1.5-5
CVE-2004-1176 (Buffer underflow in extfs.c in Midnight Commander (mc) 4.5.55
and ...)
{DSA-639-1}
- NOTE: unstable not vulnerable according to DSA
- NOTE: DSA was wrong..
+ NOTE: unstable not vulnerable according to DSA, DSA was wrong..
- mc 1:4.6.0-4.6.1-pre3-1
CVE-2004-1175 (fish.c in midnight commander allows remote attackers execute
arbitrary ...)
{DSA-639-1}
- NOTE: unstable not vulnerable according to DSA
- NOTE: DSA was wrong..
+ NOTE: unstable not vulnerable according to DSA, DSA was wrong..
- mc 1:4.6.0-4.6.1-pre3-1
CVE-2004-1174 (direntry.c in Midnight Commander (mc) 4.5.55 and earlier allows
...)
{DSA-639-1}
- NOTE: unstable not vulnerable according to DSA
- NOTE: DSA was wrong..
+ NOTE: unstable not vulnerable according to DSA, DSA was wrong..
- mc 1:4.6.0-4.6.1-pre3-1
CVE-2004-1173 (Internet Explorer 6 allows remote attackers to bypass the popup
...)
NOT-FOR-US: MSIE
@@ -15033,9 +15032,9 @@
CVE-2004-1152 (Buffer overflow in the mailListIsPdf function in Adobe Acrobat
Reader ...)
NOT-FOR-US: Adobe Acrobat Reader
CVE-2004-1151 (Multiple buffer overflows in the (1) sys32_ni_syscall and (2)
...)
- NOTE: Fixed in upstream 2.6.10
- - kernel-source-2.6.8 2.6.8-11
- - kernel-source-2.6.9 2.6.9-4
+ - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.10)
+ [sarge] - kernel-source-2.6.8 2.6.8-11
+ TODO: Check 2.4
CVE-2004-1150 (Stack-based buffer overflow in the in_cdda.dll plugin for
Winamp 5.0 ...)
NOT-FOR-US: Winamp
CVE-2004-1149 (Computer Associates eTrust EZ Antivirus 7.0.0 to 7.0.4,
including ...)
@@ -15065,7 +15064,9 @@
CVE-2004-1138 (VIM before 6.3 and gVim before 6.3 allow local users to execute
...)
- vim 1:6.3-046+0sarge1
CVE-2004-1137 (Multiple vulnerabilities in the IGMP functionality for Linux
kernel ...)
- - kernel-image-2.4.27-i386 2.4.27-7
+ - linux-2.6 <not-affected> (Fixed before upload into the archive)
+ TODO: Check, when this was fixed
+ - kernel-source-2.4.27 2.4.27-7
CVE-2004-1136 (Buffer overflow in CuteFTP Professional 6.0, and possibly other
...)
NOT-FOR-US: CuteFTP
CVE-2004-1135 (Multiple buffer overflows in WS_FTP Server 5.03 2004.10.14
allow ...)
@@ -15115,7 +15116,7 @@
CVE-2004-1116 (The init scripts in Great Internet Mersenne Prime Search
(GIMPS) 23.9 ...)
NOT-FOR-US: GIMPS
CVE-2004-1115 (The init scripts in Search for Extraterrestrial Intelligence
(SETI) ...)
- NOTE: gentoo-specific permissions problems in setaiathome
+ - setiathome <not-affected> (Gentoo-specific vulnerability)
CVE-2004-1114 (Buffer overflow in the handling of command line arguments in
Skype ...)
NOT-FOR-US: Skype
CVE-2004-1113 (SQL injection vulnerability in SQLgrey Postfix greylisting
service ...)
@@ -15153,7 +15154,7 @@
CVE-2004-1098 (MIMEDefang in MIME-tools 5.414 allows remote attackers to
bypass virus ...)
- mime-tools 5.415-1
CVE-2004-1097 (Format string vulnerability in the
cherokee_logger_ncsa_write_string ...)
- NOT-FOR-US: Cherokee
+ - cherokee <not-affected> (Fixed before upload into archive)
CVE-2004-1096 (Archive::Zip Perl module before 1.14, when used by antivirus
programs ...)
- libarchive-zip-perl 1.14-1
CVE-2004-1095 (Multiple integer overflows in (1) readbmp.c, (2) readgif.c, (3)
...)
@@ -15163,23 +15164,19 @@
NOT-FOR-US: RealPlayer
CVE-2004-1093 (Midnight commander (mc) 4.5.55 and earlier allows remote
attackers to ...)
{DSA-639-1}
- NOTE: unstable not vulnerable according to DSA
- NOTE: DSA was wrong..
+ NOTE: unstable not vulnerable according to DSA, DSA was wrong..
- mc 1:4.6.0-4.6.1-pre3-1
CVE-2004-1092 (Midnight commander (mc) 4.5.55 and earlier allows remote
attackers to ...)
{DSA-639-1}
- NOTE: unstable not vulnerable according to DSA
- NOTE: DSA was wrong..
+ NOTE: unstable not vulnerable according to DSA, DSA was wrong..
- mc 1:4.6.0-4.6.1-pre3-1
CVE-2004-1091 (Midnight commander (mc) 4.5.55 and earlier allows remote
attackers to ...)
{DSA-639-1}
- NOTE: unstable not vulnerable according to DSA
- NOTE: DSA was wrong..
+ NOTE: unstable not vulnerable according to DSA, DSA was wrong..
- mc 1:4.6.0-4.6.1-pre3-1
CVE-2004-1090 (Midnight commander (mc) 4.5.55 and earlier allows remote
attackers to ...)
{DSA-639-1}
- NOTE: unstable not vulnerable according to DSA
- NOTE: DSA was wrong..
+ NOTE: unstable not vulnerable according to DSA, DSA was wrong..
- mc 1:4.6.0-4.6.1-pre3-1
CVE-2004-1089 (Unknown vulnerability in Apple Mac OS X 10.3.6 server, when
using ...)
NOT-FOR-US: Apple MacOS
@@ -15213,28 +15210,37 @@
CVE-2004-1075 (Cross-site scripting (XSS) vulnerability in
standard_error_message.dtml ...)
- zope-zwiki 0.37.0-1
CVE-2004-1074 (The binfmt functionality in the Linux kernel, when "memory
overcommit" ...)
- - kernel-source-2.6.8 2.6.8-11
+ - linux-2.6 <not-affected> (Fixed before upload into archive)
+ TODO: Check, which version fixed this
+ [sarge] - kernel-source-2.6.8 2.6.8-11
- kernel-source-2.4.27 2.4.27-7
CVE-2004-1073 (The open_exec function in the execve functionality (exec.c) in
Linux ...)
- NOTE: fixed in 2.6.8 and 2.4.27
+ - linux-2.6 <not-affected> (Fixed before upload into archive)
+ TODO: Check, which version fixed this
+ - kernel-source-2.4.27 2.4.27-6
CVE-2004-1072 (The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up
to ...)
- NOTE: fixed in 2.6.8 and 2.4.27
+ - linux-2.6 <not-affected> (Fixed before upload into archive)
+ TODO: Check, which version fixed this
+ - kernel-source-2.4.27 2.4.27-6
CVE-2004-1071 (The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up
to ...)
- NOTE: fixed in 2.6.8 and 2.4.27
+ - linux-2.6 <not-affected> (Fixed before upload into archive)
+ TODO: Check, which version fixed this
+ - kernel-source-2.4.27 2.4.27-6
CVE-2004-1070 (The load_elf_binary function in the binfmt_elf loader
(binfmt_elf.c) ...)
- NOTE: fixed in 2.6.8 and 2.4.27
+ - linux-2.6 <not-affected> (Fixed before upload into archive)
+ TODO: Check, which version fixed this
+ - kernel-source-2.4.27 2.4.27-6
CVE-2004-1069 (Race condition in SELinux 2.6.x through 2.6.9 allows local
users to ...)
- NOTE: 2.6 only issue
- - kernel-source-2.6.8 2.6.8-11
- NOTE: and the binaries built from it
+ - linux-2.6 <not-affected> (Fixed before upload into archive)
+ TODO: Check, which version fixed this
+ - kernel-source-2.4.27 <not-affected> (2.6 only issue)
+ [sarge] - kernel-source-2.6.8 2.6.8-11
CVE-2004-1068 (A "missing serialization" error in the
unix_dgram_recvmsg function in ...)
+ - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.9)
- kernel-source-2.4.27 2.4.27-7
- - kernel-source-2.6.8 2.6.8-11
- NOTE: and the binary packages built from them
+ [sarge] - kernel-source-2.6.8 2.6.8-11
CVE-2004-1067 (Off-by-one error in the mysasl_canon_user function in Cyrus
IMAP ...)
- NOTE: verified cyrus21-imapd 2.1.17-3 is not vulnerable, seems
- NOTE: to only affect 2.2 series.
- NOTE: 1.5.19 also seems ok
+ - cyrus21-imapd <not-affected> (Only affected 2.2 series)
CVE-2004-1066 (The cmdline pseudofiles in (1) procfs on FreeBSD 4.8 through
5.3, and ...)
NOT-FOR-US: FreeBSD
CVE-2004-1065 (Buffer overflow in the exif_read_data function in PHP before
4.3.10 ...)
@@ -15252,22 +15258,17 @@
CVE-2004-1059 (Multiple cross-site scripting (XSS) vulnerabilities in
mnoGoSearch ...)
- mnogosearch 3.2.18-2.2
CVE-2004-1058 (Race condition in Linux kernel 2.6 allows local users to read
the ...)
- NOTE: Fixed in 2.6.10 upstream
- - kernel-source-2.6.8 2.6.8-14
- - kernel-source-2.6.9 2.6.9-14
+ - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.10)
+ [sarge] - kernel-source-2.6.8 2.6.8-14
CVE-2004-1057 (Multiple drivers in Linux kernel 2.4.19 and earlier do not
properly ...)
- TODO: check back with dilinger about 2.6, previous fix in -9 has
regressions
+ TODO: check back with dilinger about 2.6
+ TOOD: previous fix in -9 has regressions
- kernel-source-2.4.27 2.4.27-10
CVE-2004-1056 (Direct Rendering Manager (DRM) driver in Linux kernel 2.6 does
not ...)
+ - linux-2.6 <not-affected> (Fixed before upload into archive)
+ TODO: Check, which version fixed this
- kernel-source-2.4.27 2.4.27-8
- - kernel-image-2.4.27-i386 2.4.27-8
- - kernel-image-2.4.27-alpha 2.4.27-6
- - kernel-image-2.4.27-hppa 2.4.27-3
- - kernel-image-2.4.27-ia64 2.4.27-6
- - kernel-patch-2.4.27-mips 2.4.27-8.040815-1
- - kernel-patch-powerpc-2.4.27 2.4.27-3
- - kernel-image-2.4.27-sparc 2.4.27-2
- - kernel-source-2.6.8 2.6.8-11
+ [sarge] - kernel-source-2.6.8 2.6.8-11
CVE-2004-1055 (Multiple cross-site scripting (XSS) vulnerabilities in
phpMyAdmin ...)
- phpmyadmin 2:2.6.0-pl3-1
CVE-2004-1054 (Untrusted execution path vulnerability in invscout in IBM AIX
5.1.0, ...)
@@ -15329,7 +15330,7 @@
NOT-FOR-US: AIX
CVE-2004-1027 (Directory traversal vulnerability in the -x (extract) command
line ...)
{DSA-652-1}
- NOTE: sarge's unarj is from a different code base, probably not
vulnerable
+ - unarj <not-affected> (sarge's unarj is from a different code base,
probably not vulnerable)
CVE-2004-1026 (Multiple integer overflows in the image handler for imlib
1.9.14 and ...)
{DSA-628-1 DSA-618-1}
- imlib 1.9.14-17.1 (bug #284925)
@@ -15355,12 +15356,15 @@
- php4 4:4.3.10-1
- php3 3:3.0.18-29
CVE-2004-1017 (Multiple "overflows" in the io_edgeport driver for
Linux kernel 2.4.x ...)
+ - linux-2.6 <not-affected> (2.4 specific vulnerability)
- kernel-source-2.4.27 2.4.27-9
CVE-2004-1016 (The scm_send function in the scm layer for Linux kernel 2.4.x
up to ...)
- - kernel-image-2.4.27-i386 2.4.27-7
+ - linux-2.6 <not-affected> (Fixed before upload into archive)
+ TODO: Check which version fixed this
+ - kernel-source-2.4.27 <unfixed>
CVE-2004-1015 (Buffer overflow in proxyd for Cyrus IMAP Server 2.2.9 and
earlier, ...)
- NOTE: cyrus-imapd not vulnerable
- NOTE: cyrus21-imapd not vulnerable
+ - cyrus-imapd <not-affected> (cyrus-imapd not vulnerable)
+ - cyrus21-imapd <not-affected> (cyrus21-imapd not vulnerable)
CVE-2004-1014 (statd in nfs-utils 1.257 and earlier does not ignore the
SIGPIPE ...)
{DSA-606-1}
- nfs-utils 1:1.0.6-3.1
@@ -15373,15 +15377,14 @@
- cyrus-imapd 1.5.19-20
- cyrus21-imapd 2.1.17-1
CVE-2004-1011 (Stack-based buffer overflow in Cyrus IMAP Server 2.2.4 through
2.2.8, ...)
- NOTE: cyrus-imapd not vulnerable
- NOTE: cyrus21-imapd not vulnetale
+ - cyrus-imapd <not-affected> (cyrus-imapd not vulnerable)
+ - cyrus21-imapd <not-affected> (cyrus21-imapd not vulnerable)
CVE-2004-1010 (Buffer overflow in Info-Zip 2.3 and possibly earlier versions,
when ...)
{DSA-624-1}
- zip 2.30-8
CVE-2004-1009 (Midnight commander (mc) 4.5.55 and earlier allows remote
attackers to ...)
{DSA-639-1}
- NOTE: unstable not vulnerable according to DSA
- NOTE: DSA was wrong..
+ NOTE: unstable not vulnerable according to DSA, DSA was wrong..
- mc 1:4.6.0-4.6.1-pre3-1
CVE-2004-1008 (Integer signedness error in the ssh2_rdpkt function in PuTTY
before ...)
- putty 0.56-1
@@ -15392,13 +15395,11 @@
- dhcp 2.0pl5-19.1
CVE-2004-1005 (Multiple buffer overflows in Midnight Commander (mc) 4.5.55 and
...)
{DSA-639-1}
- NOTE: unstable not vulnerable according to DSA
- NOTE: DSA was wrong..
+ NOTE: unstable not vulnerable according to DSA, DSA was wrong..
- mc 1:4.6.0-4.6.1-pre3-1
CVE-2004-1004 (Multiple format string vulnerabilities in Midnight Commander
(mc) ...)
{DSA-639-1}
- NOTE: unstable not vulnerable according to DSA
- NOTE: DSA was wrong..
+ NOTE: unstable not vulnerable according to DSA, DSA was wrong..
- mc 1:4.6.0-4.6.1-pre3-1
CVE-2004-1003 (Trend ScanMail allows remote attackers to obtain potentially
sensitive ...)
NOT-FOR-US: Trend ScanMail
@@ -15408,7 +15409,7 @@
{DSA-585-1}
- shadow 1:4.0.3-30.3
NOTE: apparently the fix was lost from sarge somehow, see #309587
- - shadow 1:4.0.3-31sarge5
+ [sarge] - shadow 1:4.0.3-31sarge5
CVE-2004-1000 (lintian 1.23 and earlier removes the working directory even if
it was ...)
{DSA-630-1}
- lintian 1.23.6 (bug #286379; low)
@@ -15489,18 +15490,15 @@
- openssl 0.9.7e-3
NOTE: -1 claimed to include it, but it was missing
CVE-2004-0974 (The netatalk package in Trustix Secure Linux 1.5 through 2.1,
and ...)
- NOTE: local; low
- - netatalk 1.6.4a-1
+ - netatalk 1.6.4a-1 (low)
CVE-2004-0973
REJECTED
CVE-2004-0972 (The lvmcreate_initrd script in the lvm package in Trustix
Secure Linux ...)
{DSA-583-1}
- NOTE: lvmcreate_initrd not in debian
- NOTE: It's fixed in the changelog, so above note is possibly wrong
- lvm10 1:1.0.8-8
CVE-2004-0971 (The krb5-send-pr script in the kerberos5 (krb5) package in
Trustix ...)
- NOTE: not shipped in deb
- - krb5 <unfixed> (bug #278271; low)
+ NOTE: Not shipped in the krb5 binary package
+ - krb5 <unfixed> (bug #278271; unimportant)
- arla 0.36.2-11
CVE-2004-0970 (The (1) gzexe, (2) zdiff, and (3) znew scripts in the gzip
package, as ...)
{DSA-588-1}
@@ -15512,7 +15510,7 @@
- glibc 2.3.2.ds1-19
CVE-2004-0967 (The (1) pj-gs.sh, (2) ps2epsi , (3) pv.sh, and (4) sysvlp.sh
scripts ...)
- gs-common 0.3.6-0.1
- - gs-gpl <unfixed> (bug #291373; low)
+ - gs-gpl <unfixed> (bug #291373; unimportant)
NOTE: ps2epsi hole present in gs-gpl, but not shipped in binary
CVE-2004-0966 (The (1) autopoint and (2) gettextize scripts in the GNU gettext
...)
- gettext 0.14.1-6
@@ -15522,7 +15520,7 @@
{DSA-587-1}
- zinf <not-affected> (According to DSA-587 not affected, as module was
rewritten)
- freeamp <removed>
- NOTE: Changelog claims a possibly related fix in 2.2.5?
+ TODO: Changelog claims a possibly related fix in 2.2.5?
CVE-2004-0963 (Buffer overflow in Microsoft Word 2002 (10.6612.6714) SP3, and
...)
NOT-FOR-US: windows
CVE-2004-0962 (Apple Remote Desktop Client 1.2.4 executes a GUI application as
root ...)
@@ -15540,13 +15538,13 @@
- mysql-dfsg-4.1 4.1.10a-6
- mysql-dfsg 4.0.24-5
CVE-2004-0956 (MySQL before 4.0.20 allows remote attackers to cause a denial
of ...)
- NOTE: not vulnerable according to
http://www.debian.org/security/nonvulns-sarge
+ - mysql-dfsg <not-affected> (Not vulnerable,
http://www.debian.org/security/nonvulns-sarge)
CVE-2004-0955
REJECTED
CVE-2004-0954
REJECTED
CVE-2004-0953 (Buffer overflow in the C2S module in the open source Jabber 2.x
server ...)
- NOTE: jabber version 2 is vulnerable, we have an older version that
seems not
+ - jabber <not-affected> (Jabber version 2 is vulnerable, we have an
older version that seems not)
CVE-2004-0952 (HP-UX B.11.00 through B.11.23, when running Ignite-UX and using
the ...)
NOT-FOR-US: HP-UX
CVE-2004-0951 (The make_recovery command for the TFTP server in HP Ignite-UX
before ...)
@@ -15554,16 +15552,16 @@
CVE-2004-0950 (NetOp Host before 7.65 build 2004278 allows remote attackers to
obtain ...)
NOT-FOR-US: NetOp Host
CVE-2004-0949 (The smb_recv_trans2 function call in the samba filesystem
(smbfs) in ...)
- NOTE: fixed in 2.4.28, 2.6.9
- TODO: check with kernel people re 2.4.27
+ - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.9)
+ - kernel-source-2.4.27 <unfixed>
CVE-2004-0948
REJECTED
CVE-2004-0947 (Buffer overflow in unarj before 2.63a-r2 allows remote
attackers to ...)
{DSA-652-1}
NOTE: see http://lwn.net/Alerts/110733/
- NOTE: sarge's unarj is from a different code base, probably not
vulnerable
+ - unarj <not-affected> (sarge's unarj is from a different code base,
probably not vulnerable)
CVE-2004-0946 (rquotad in nfs-utils (rquota_server.c) before 1.0.6-r6 on
64-bit ...)
- NOTE: does not apply per maintainer
+ - nfs-utils <not-affected> (does not apply per maintainer)
CVE-2004-0945 (The web management interface for Mitel 3300 Integrated
Communications ...)
NOT-FOR-US: Mitel 3300 Integrated Communications Platform
CVE-2004-0944 (The web management interface for Mitel 3300 Integrated
Communications ...)
@@ -15591,7 +15589,6 @@
NOT-FOR-US: Eset anti-virus
CVE-2004-0934 (Kaspersky 3.x to 4.x allows remote attackers to bypass
antivirus ...)
NOT-FOR-US: Kaspersky antivirus
- NOTE: Kaspersky engine is supported by amavas-ng
CVE-2004-0933 (Computer Associates (CA) InoculateIT 6.0, eTrust Antivirus r6.0
...)
NOT-FOR-US: Computer Associates (CA) InoculateIT 6.0, eTrust Antivirus
CVE-2004-0932 (McAfee Anti-Virus Engine DATS drivers before 4398 released on
Oct 13th ...)
@@ -15601,7 +15598,7 @@
CVE-2004-0930 (The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly
other ...)
- samba 3.0.8-1
CVE-2004-0929 (Heap-based buffer overflow in the OJPEGVSetField function in
...)
- NOTE: tiff3g was removed from debian
+ - tiff3g <removed>
CVE-2004-0928 (The Microsoft IIS Connector in JRun 4.0 and Macromedia
ColdFusion MX ...)
NOT-FOR-US: Macromedia
CVE-2004-0927 (ServerAdmin in Mac OS X 10.2.8 through 10.3.5 uses the same
example ...)
@@ -15642,7 +15639,6 @@
- lesstif1 1:0.93.94-11.3 (bug #294099)
NOTE: but lesstif2 did get fixed for this hole..
- lesstif2 1:0.93.94-11.2
- NOTE: openmotif is non-free
- openmotif 2.2.3-1.1 (bug #309819; medium)
CVE-2004-0913 (Unknown vulnerability in ecartis 0.x before ...)
{DSA-572-1}
@@ -15664,7 +15660,7 @@
- mozilla 2:1.7.3
- mozilla-thunderbird 0.8
CVE-2004-0907 (The Linux install .tar.gz archives for Mozilla Firefox before
the ...)
- NOT-FOR-US: non-debian package issue
+ - mozilla-firefox <not-affected> (non-Debian packaging issue)
CVE-2004-0906 (The XPInstall installer in Mozilla Firefox before the Preview
Release, ...)
- mozilla-firefox 0.10.1+1.0PR
- mozilla 2:1.7.3
@@ -15738,10 +15734,10 @@
- cyrus-sasl <removed>
- cyrus-sasl2 2.1.19-1.3 (bug #275431; bug #276865; bug #275432; bug
#275553)
CVE-2004-0883 (Multiple vulnerabilities in the samba filesystem (smbfs) in
Linux ...)
+ - linux-2.6 <not-affected> (Fixed before upload into archive)
+ TODO: Check, when this was fixed
- kernel-source-2.4.27 2.4.27-6
- - kernel-source-2.6.8 2.6.8-13
- - kernel-source-2.6.9 2.6.9-3
- - kernel-source-2.6.10 2.6.10-4
+ [sarge] - kernel-source-2.6.8 2.6.8-13
CVE-2004-0882 (Buffer overflow in the QFILEPATHINFO request handler in Samba
3.0.x ...)
NOTE: details http://security.e-matters.de/advisories/132004.html
- samba 3.0.7
@@ -15889,20 +15885,20 @@
NOT-FOR-US: openbsd
CVE-2004-0818
RESERVED
- NOTE: not vulnerable according to
http://www.debian.org/security/nonvulns-sarge
CVE-2004-0817 (Multiple heap-based buffer overflows in the imlib BMP image
handler ...)
{DSA-548-2}
- imlib+png2 1.9.14-16.2
- imlib 1.9.14-17 (bug #285025)
CVE-2004-0816 (Integer underflow in the firewall logging rules for iptables in
Linux ...)
- NOTE: fixed in 2.6.8, does not affect 2.4 per dannf's notes
+ - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.8)
+ - kernel-source-2.4.27 <not-affected> (2.6 specific issue)
CVE-2004-0815 (The unix_clean_name function in Samba 2.2.x through 2.2.11, and
3.0.x ...)
{DSA-600-1}
- samba 3.0.6-1 (bug #274342)
CVE-2004-0814 (Multiple race conditions in the terminal layer in Linux 2.4.x,
and ...)
- - kernel-source-2.6.8 2.6.8-8
+ - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.9)
+ [sarge] - kernel-source-2.6.8 2.6.8-8
- kernel-source-2.4.27 2.4.27-7
- NOTE: and all kernels build from it:
CVE-2004-0813 (Unknown vulnerability in the SG_IO functionality in ide-cd
allows ...)
NOTE: ide-cd SG_IO vulnerability
NOTE: fixed in recent 2.6 and 2.4 kernels
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
