Author: jmm-guest
Date: 2007-09-19 16:06:38 +0000 (Wed, 19 Sep 2007)
New Revision: 6642
Modified:
data/CVE/list
Log:
- The Sarge kernels don't need to be tracked inside CVE/list any more, this has
been
moved to the kernel-sec repo
- merge several kernel entries from this repo and reflect the TODOs accordingly
- mark basedir violation as unimportant to remain consistent with previous
entries
- QT4 not affected by recent buffer overflow
- new kernel issue, mark one issue only for 2.4
- bind 8 issue documented broken
- remove some hostoric TODOs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-09-19 15:49:11 UTC (rev 6641)
+++ data/CVE/list 2007-09-19 16:06:38 UTC (rev 6642)
@@ -171,7 +171,6 @@
RESERVED
CVE-2007-4849 (JFFS2, as used on One Laptop Per Child (OLPC) build 542 and
possibly ...)
- linux-2.6 <unfixed> (bug #442245; low)
- TODO: check 2.4 kernel
CVE-2007-4848 (Microsoft Internet Explorer 4.0 through 7 allows remote
attackers to ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-4847 (Google Picasa allows remote attackers to read image files
stored by ...)
@@ -230,9 +229,8 @@
NOTE: Upstream says that this can only be exploited by configured peers.
CVE-2007-4825 (Directory traversal vulnerability in PHP 5.2.4 and earlier
allows ...)
- php5 <unfixed> (unimportant)
- [etch] - php5 <no-dsa> (open_basedir not supported)
- php4 <not-affected> (error message "Allowed memory size of 8388608
bytes exhausted...")
- NOTE: php5 PoC can be reproduced
+ NOTE: php5 PoC can be reproduced, basedir violations not treated as
security problems
CVE-2007-4824 (Multiple cross-application scripting (XAS) vulnerabilities in
Google ...)
NOT-FOR-US: Google Picasa
CVE-2007-4823 (Multiple buffer overflows in Google Picasa have unspecified
attack ...)
@@ -682,9 +680,6 @@
NOTE: http://marc.info/?l=maradns-list&m=118842373527534&w=2
CVE-2007-XXXX [Unsafe "svn", "svnserve" passthrough in scponly]
- scponly <unfixed> (high; bug #437148)
-CVE-2007-XXXX [backup-manager discloses FTP passwords]
- - backup-manager 0.7.6-3 (bug #439392)
- NOTE: similar to CVE-2007-2766, but for FTP
CVE-2007-4630 (Cross-site scripting (XSS) vulnerability in xlaapmview.asp in
Absolute ...)
NOT-FOR-US: Absolute Poll Manager
CVE-2007-4629 (Buffer overflow in the processLine funtion in maptemplate.c in
...)
@@ -1762,13 +1757,11 @@
CVE-2007-4137 [buffer overflow in QUtf8Decoder]
RESERVED
- qt-x11-free 3:3.3.7-8 (medium; bug #442780)
- - qt4-x11 <unfixed>
- NOTE: probably not exploitable in qt4
+ - qt4-x11 <not-affected> (Not exploitable according to upstream)
CVE-2007-4136
RESERVED
CVE-2007-4135 (Unspecified vulnerability in the NFSv4 ID mapper (nfsidmap) on
SUSE ...)
- libnfsidmap <unfixed> (low; bug #442935)
- TODO: report bug
NOTE: the patch fixing this is included in
http://ftp.opensuse.org/pub/opensuse/distribution/SL-10.1/inst-source/suse/src/nfsidmap-0.12-16.src.rpm
(libnfsidmap-0.12-nouser.patch)
CVE-2007-4134 (Directory traversal vulnerability in extract.c in star before
1.5a84 ...)
- star 1.5a67-1.1 (bug #440100; low)
@@ -2698,7 +2691,7 @@
CVE-2007-3732
RESERVED
CVE-2007-3731 (The Linux kernel 2.6.20 and 2.6.21 does not properly handle an
invalid ...)
- TODO: check
+ - linux-2.6 <unfixed>
CVE-2007-3730 (The default configuration of the POP server in TCP/IP Services
5.6 for ...)
NOT-FOR-US: HP OpenVMS
CVE-2007-3729 (The default configuration of the POP server in TCP/IP Services
5.6 for ...)
@@ -2730,7 +2723,7 @@
- kfreebsd-5 <unfixed> (low)
[etch] - kfreebsd-5 <no-dsa> (kfreebsd not supported)
CVE-2007-3720 (The process scheduler in the Linux kernel 2.4 performs
scheduling ...)
- TODO: check
+ - linux-2.6 <not-affected> (There's a separate ID for 2.6, see
CVE-2007-3719)
CVE-2007-3719 (The process scheduler in the Linux kernel 2.6.16 gives
preference to ...)
- linux-2.6 <unfixed>
CVE-2007-3718 (Multiple unspecified vulnerabilities in the SVG parsing engine
in ...)
@@ -2863,7 +2856,7 @@
CVE-2007-3658 (Unspecified vulnerability in Microsoft Register Server (REGSVR)
allows ...)
NOT-FOR-US: Microsoft
CVE-2007-3657 (** DISPUTED ** ...)
- TODO: check
+ NOTE: Disputed Firefox issue, browser crashes not treated as security
problems anyway
CVE-2007-3656 (Mozilla Firefox before 1.8.0.13 and 1.8.1.x before 1.8.1.5 does
not ...)
{DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1}
- iceweasel 2.0.0.5-1 (high)
@@ -2874,7 +2867,7 @@
[etch] - sun-java5 <no-dsa> (Non-free not supported)
- sun-java6 6-02-1
CVE-2007-3654 (The display driver allocattr functions in NetBSD 3.0 through
...)
- TODO: check
+ NOT-FOR-US: NetBSD
CVE-2007-3653
RESERVED
CVE-2007-3652
@@ -3100,7 +3093,6 @@
NOT-FOR-US: Warzone
CVE-2007-3544 (Unrestricted file upload vulnerability in (1) wp-app.php and
(2) ...)
- wordpress 2.2.2-1
- TODO: check whether this is fixed in 2.2.2, file bug if not
CVE-2007-3543 (Unrestricted file upload vulnerability in WordPress before
2.2.1 and ...)
- wordpress 2.2.1-1
CVE-2007-3542 (Cross-site scripting (XSS) vulnerability in admin/auth.php in
Pluxml ...)
@@ -4618,6 +4610,8 @@
NOT-FOR-US: MSN Messenger
CVE-2007-2930 (The (1) NSID_SHUFFLE_ONLY and (2) NSID_USE_POOL PRNG algorithms
in ISC ...)
- bind <removed> (bug #442910)
+ [etch] - bind <no-dsa> (It's documented in README.Debian that Bind 8
has architectual limitations and should not be used unless you know what you're
doing)
+ [sarge] - bind <no-dsa> (It's documented in README.Debian that Bind 8
has architectual limitations and should not be used unless you know what you're
doing)
CVE-2007-2929 (The IBM Lenovo Access Support acpRunner ActiveX control, as ...)
NOT-FOR-US: IBM Lenovo Access Support
CVE-2007-2928 (Format string vulnerability in the IBM Lenovo Access Support
acpRunner ...)
@@ -4864,8 +4858,9 @@
CVE-2007-2835 (Multiple stack-based buffer overflows in (1) CCE_pinyin.c and
(2) ...)
{DSA-1328-1}
- unicon 3.0.4-12 (bug #431336)
-CVE-2007-2834
+CVE-2007-2834 [OO TIFF heap overflow]
RESERVED
+ - openoffice.org 2.2.1-9 (medium)
CVE-2007-2833 (Emacs 21 allows user-assisted attackers to cause a denial of
service ...)
{DSA-1316-1}
- emacs21 21.4a+1-5.1 (bug #408929; low)
@@ -28689,11 +28684,9 @@
- openldap2 <not-affected> (Gentoo-specific packaging flaw)
- openldap2.2 <not-affected> (Gentoo-specific packaging flaw)
CVE-2005-4441 (The PVLAN protocol allows remote attackers to bypass network
...)
- TODO: check, whether this has ramifications on the kernel's VLAN
implementation
- TODO: or whether it's a generic unfixable protocol flaw
+ NOT-FOR-US: VLAN protocol flaws, likely fixed in current kernels
CVE-2005-4440 (The 802.1q VLAN protocol allows remote attackers to bypass
network ...)
- TODO: check, whether this has ramifications on the kernel's VLAN
implementation
- TODO: or whether it's a generic unfixable protocol flaw
+ NOT-FOR-US: VLAN protocol flaws, likely fixed in current kernels
CVE-2005-4439 (Buffer overflow in ELOG elogd 2.6.0-beta4 allows remote
attackers to ...)
{DSA-967-1}
- elog 2.6.1+r1642-1 (bug #349528; high)
@@ -39835,7 +39828,7 @@
- spamassassin 3.0.4-1 (bug #314447; medium)
CVE-2005-1265 (The mmap function in the Linux Kernel 2.6.10 can be used to
create ...)
{DSA-922-1}
- TODO: check
+ - linux-2.6 2.6.12-1
CVE-2005-1264 (Raw character devices (raw.c) in the Linux kernel 2.6.x call
the wrong ...)
- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.10)
[sarge] - kernel-source-2.6.8 2.6.8-16
@@ -43579,7 +43572,6 @@
- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.8.1)
[sarge] - kernel-source-2.6.8 2.6.8-14
CVE-2005-0176 (The shmctl function in Linux 2.6.9 and earlier allows local
users to ...)
- TODO: Check 2.6.8 and 2.4 and check, when this was fixed
- linux-2.6 <not-affected> (Fixed before upload into archive)
CVE-2004-1392 (PHP 4.0 with cURL functions allows remote attackers to bypass
the ...)
- php4 4:4.3.10-3
@@ -44142,7 +44134,6 @@
CVE-2005-0001 (Race condition in the page fault handler (fault.c) for Linux
kernel ...)
{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
NOTE: i386 and smp specific
- TODO: Check, when this was fixed upstream
- linux-2.6 <not-affected> (Fixed before upload into archive)
- kernel-source-2.4.27 2.4.27-8
[sarge] - kernel-source-2.6.8 2.6.8-13
@@ -44151,9 +44142,8 @@
CVE-2004-1338 (The triggers in Oracle 9i and 10g allow local users to gain
privileges ...)
NOT-FOR-US: oracle
CVE-2004-1337 (The POSIX Capability Linux Security Module (LSM) for Linux
kernel 2.6 ...)
- - linux-2.6 <not-affected> (Fixed before upload into archive)
+ - linux-2.6 <not-affected> (Fixed before upload into archive, 2.6.11)
[sarge] - kernel-source-2.6.8 2.6.8-14
- TODO: Check, when this was fixed
CVE-2004-1336 (The xdvizilla script in tetex-bin 2.0.2 creates temporary files
with ...)
- tetex-bin 2.0.2-25
CVE-2004-1335 (Memory leak in the ip_options_get function in the Linux kernel
before ...)
@@ -44376,7 +44366,6 @@
CVE-2004-1235 (Race condition in the (1) load_elf_library and (2) binfmt_aout
...)
{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
- linux-2.6 <not-affected> (Fixed before upload into archive)
- TODO: Check, when this was fixed
- kernel-source-2.4.27 2.4.27-8 (bug #289202; bug #289708; bug #291053;
high)
CVE-2004-1234 (load_elf_binary in Linux before 2.4.26 allows local users to
cause a ...)
{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
@@ -44614,7 +44603,6 @@
- vim 1:6.3-046+0sarge1
CVE-2004-1137 (Multiple vulnerabilities in the IGMP functionality for Linux
kernel ...)
- linux-2.6 <not-affected> (Fixed before upload into the archive)
- TODO: Check, when this was fixed
- kernel-source-2.4.27 2.4.27-7
CVE-2004-1136 (Buffer overflow in CuteFTP Professional 6.0, and possibly other
...)
NOT-FOR-US: CuteFTP
@@ -44760,33 +44748,27 @@
- zope-zwiki 0.37.0-1
CVE-2004-1074 (The binfmt functionality in the Linux kernel, when "memory
overcommit" ...)
{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
- - linux-2.6 <not-affected> (Fixed before upload into archive)
- TODO: Check, which version fixed this
+ - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.10)
[sarge] - kernel-source-2.6.8 2.6.8-11
- kernel-source-2.4.27 2.4.27-7
CVE-2004-1073 (The open_exec function in the execve functionality (exec.c) in
Linux ...)
{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
- linux-2.6 <not-affected> (Fixed before upload into archive)
- TODO: Check, which version fixed this
- kernel-source-2.4.27 2.4.27-6
CVE-2004-1072 (The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up
to ...)
{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
- linux-2.6 <not-affected> (Fixed before upload into archive)
- TODO: Check, which version fixed this
- kernel-source-2.4.27 2.4.27-6
CVE-2004-1071 (The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up
to ...)
{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
- linux-2.6 <not-affected> (Fixed before upload into archive)
- TODO: Check, which version fixed this
- kernel-source-2.4.27 2.4.27-6
CVE-2004-1070 (The load_elf_binary function in the binfmt_elf loader
(binfmt_elf.c) ...)
{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
- linux-2.6 <not-affected> (Fixed before upload into archive)
- TODO: Check, which version fixed this
- kernel-source-2.4.27 2.4.27-6
CVE-2004-1069 (Race condition in SELinux 2.6.x through 2.6.9 allows local
users to ...)
- linux-2.6 <not-affected> (Fixed before upload into archive)
- TODO: Check, which version fixed this
- kernel-source-2.4.27 <not-affected> (2.6 only issue)
[sarge] - kernel-source-2.6.8 2.6.8-11
CVE-2004-1068 (A "missing serialization" error in the
unix_dgram_recvmsg function in ...)
@@ -44818,11 +44800,9 @@
[sarge] - kernel-source-2.6.8 2.6.8-14
CVE-2004-1057 (Multiple drivers in Linux kernel 2.4.19 and earlier do not
properly ...)
- linux-2.6 <not-affected> (Fixed before upload into archive)
- TODO: previous fix in -9 has regressions
- kernel-source-2.4.27 2.4.27-10
CVE-2004-1056 (Direct Rendering Manager (DRM) driver in Linux kernel 2.6 does
not ...)
- linux-2.6 <not-affected> (Fixed before upload into archive)
- TODO: Check, which version fixed this
- kernel-source-2.4.27 2.4.27-8
[sarge] - kernel-source-2.6.8 2.6.8-11
CVE-2004-1055 (Multiple cross-site scripting (XSS) vulnerabilities in
phpMyAdmin ...)
@@ -45269,7 +45249,6 @@
REJECTED
CVE-2004-0889 (Multiple integer overflows in xpdf 3.0, and other packages that
use ...)
- xpdf 3.00-10 (medium)
- TODO: check xpdf embedders
CVE-2004-0888 (Multiple integer overflows in xpdf 2.0 and 3.0, and other
packages ...)
{DSA-599-1 DSA-581-1 DSA-573-1}
- koffice 1:1.3.4-1
@@ -45299,8 +45278,7 @@
- cyrus-sasl2 2.1.19-1.3 (bug #275431; bug #276865; bug #275432; bug
#275553)
CVE-2004-0883 (Multiple vulnerabilities in the samba filesystem (smbfs) in
Linux ...)
{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
- - linux-2.6 <not-affected> (Fixed before upload into archive)
- TODO: Check, when this was fixed
+ - linux-2.6 <not-affected> (Fixed before upload into archive, 2.6.10)
- kernel-source-2.4.27 2.4.27-6
[sarge] - kernel-source-2.6.8 2.6.8-13
CVE-2004-0882 (Buffer overflow in the QFILEPATHINFO request handler in Samba
3.0.x ...)
@@ -45333,13 +45311,11 @@
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=252342
NOTE: http://www.securitytracker.com/alerts/2004/Sep/1011331.html
NOTE: fix doesn't look likely any time soon
- TODO: followup
CVE-2004-0870 (KDE Konqueror does not prevent cookies that are sent over an
insecure ...)
NOTE: upstream knows about the problem, no fix expected
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=252342
NOTE: http://www.securitytracker.com/alerts/2004/Sep/1011331.html
NOTE: fix doesn't look likely any time soon
- TODO: followup
CVE-2004-0869 (Internet Explorer does not prevent cookies that are sent over
an ...)
NOT-FOR-US: MSIE
CVE-2004-0868
@@ -45464,14 +45440,11 @@
[sarge] - kernel-source-2.6.8 2.6.8-8
- kernel-source-2.4.27 2.4.27-7
CVE-2004-0813 (Unknown vulnerability in the SG_IO functionality in ide-cd
allows ...)
- - linux-2.6 <not-affected> (Fixed before upload into archive)
- - kernel-source-2.4.27 <not-affected> (Fixed before upload into archive)
- TODO: Check, when this was fixed in 2.4
- TODO: Check, when this was fixed in 2.6
+ - linux-2.6 <not-affected> (Fixed before upload into archive, 2.6.10)
+ - kernel-source-2.4.27 <not-affected> (Only an issue with botched
permissions)
CVE-2004-0812 (Unknown vulnerability in the Linux kernel before 2.4.23, on the
AMD ...)
- - linux-2.6 <not-affected>
- - kernel-source-2.4.27 <not-affected> (Fixed before upload into archive)
- TODO: Check, when this was fixed in 2.4
+ - linux-2.6 <not-affected> (Fixed before upload into archive,
2.6.0-test10)
+ - kernel-source-2.4.27 <not-affected> (2.4 not support for amd64)
CVE-2004-0811 (Unknown vulnerability in Apache 2.0.51 prevents "the
merging of the ...)
- apache2 2.0.52
CVE-2004-0810 (Buffer overflow in Netopia Timbuktu 7.0.3 allows remote
attackers to ...)
@@ -45621,7 +45594,6 @@
{DSA-537}
- ruby1.8 1.8.1+1.8.2pre1-4
- ruby <removed>
- TODO: is ruby1.6 vulnerable?
CVE-2004-0754 (Integer overflow in Gaim before 0.82 allows remote attackers to
cause ...)
- gaim 1:0.82.1-1
CVE-2004-0753 (The BMP image processor for (1) gdk-pixbuf before 0.22 and (2)
gtk2 ...)
@@ -45989,7 +45961,6 @@
NOT-FOR-US: Infoblox DNS One
CVE-2004-0605 (Non-registered IRC users using (1) ircd-hybrid 7.0.1 and
earlier, (2) ...)
NOTE: Dossibly fixed in ircd-hybrid 7.0.2: "fixed flood limit bug".
- TODO: Check: Does not match posted patch. Mailed Debian maintainer.
CVE-2004-0604 (The HTTP client and server in giFT-FastTrack 0.8.6 and earlier
allows ...)
NOT-FOR-US: giFT-FastTrack not in debian
CVE-2004-0603 (gzexe in gzip 1.3.3 and earlier will execute an argument when
the ...)
@@ -46014,7 +45985,6 @@
- libpng3 1.2.5.0-7
CVE-2004-0596 (The Equalizer Load-balancer for serial network interfaces
(eql.c) in ...)
- linux-2.6 <not-affected> (Fixed before upload into archive)
- TODO: Check, which version fixed this
CVE-2004-0595 (The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to
...)
{DSA-669-1 DSA-531}
- php3 3:3.0.18-27
@@ -46252,8 +46222,6 @@
- kernel-source-2.4.27 <not-affected> (Fixed before upload into
archive; 2.4.27-rc1)
CVE-2004-0494 (Multiple extfs backend scripts for GNOME virtual file system
(VFS) ...)
- gnome-vfs 1.0.1
- TODO: Fedora fixed this in a recent mc advisory, we should double-check
whether
- TODO: this applies to Debian's mc package
CVE-2004-0493 (The ap_get_mime_headers_core function in Apache httpd 2.0.49
allows ...)
- apache2 2.0.50-1
CVE-2004-0492 (Heap-based buffer overflow in proxy_util.c for mod_proxy in
Apache ...)
@@ -46289,7 +46257,6 @@
NOT-FOR-US: Microsoft
CVE-2004-0478 (Unknown versions of Mozilla allow remote attackers to cause a
denial ...)
NOTE: only a Mozilla DOS
- TODO: not even fixed upstream
CVE-2004-0477 (Unknown vulnerability in 3Com OfficeConnect Remote 812 ADSL
Router ...)
NOT-FOR-US: 3Com OfficeConnect Remote 812 ADSL Router
CVE-2004-0476 (Buffer overflow in 3Com OfficeConnect Remote 812 ADSL Router
1.1.9.4 ...)
@@ -48213,7 +48180,6 @@
NOT-FOR-US: WiTango Application Server and Tango 2000
CVE-2003-0594 (Mozilla allows remote attackers to bypass intended cookie
access ...)
NOTE: cannot find reference to it being fixed.
- TODO: check
CVE-2003-0593 (Opera allows remote attackers to bypass intended cookie access
...)
NOT-FOR-US: opera
CVE-2003-0592 (Konqueror in KDE 3.1.3 and earlier (kdelibs) allows remote
attackers ...)
@@ -48274,12 +48240,10 @@
RESERVED
CVE-2003-0565 (Multiple vulnerabilities in multiple vendor implementations of
the ...)
NOTE: affects many implementations of the X.400 protocol
- TODO: see if anything in debian uses X.400 and is vulnerable.
CVE-2003-0564 (Multiple vulnerabilities in multiple vendor implementations of
the ...)
NOTE: affects multiple S/MIME implementations
NOTE: checked current mozilla, which contains safe NSS 3.9.1
- mozilla 2:1.7.3
- TODO: see if anything else in debian uses S/MIME and is vulnerable,
mutt has S/MIME unknown if its vulnerable
CVE-2003-0563
RESERVED
CVE-2003-0562 (Buffer overflow in the CGI2PERL.NLM PERL handler in Novell
Netware 5.1 ...)
@@ -48904,9 +48868,9 @@
CVE-2003-0301 (The IMAP Client for Outlook Express 6.00.2800.1106 allows
remote ...)
NOT-FOR-US: Microsort
CVE-2003-0300 (The IMAP Client for Sylpheed 0.8.11 allows remote malicious
IMAP ...)
- TODO: sylpheed and sylpheed-claws might still be vulnerable, but it's
only a crasher
+ NOT-FOR-US: Historic Sylpheed issues, only a crasher anyway
CVE-2003-0299 (The IMAP Client, as used in mutt 1.4.1 and Balsa 2.0.10, allows
remote ...)
- TODO: mutt and balsa might still be vulnerable, but it's only a crasher
+ NOT-FOR-US: Historic mutt and Balsa issues, only a crasher anyway
CVE-2003-0298 (The IMAP Client for Mozilla 1.3 and 1.4a allows remote
malicious IMAP ...)
- mozilla 2:1.5-1
NOTE: May have been fixed in an earlier version. Not clear how
@@ -49246,7 +49210,7 @@
CVE-2003-0151 (BEA WebLogic Server and Express 6.0 through 7.0 does not
properly ...)
NOT-FOR-US: BEA WebLogic Server
CVE-2003-0150 (MySQL 3.23.55 and earlier creates world-writeable files and
allows ...)
- TODO: not sure if this is fixed
+ NOT-FOR-US: Historic MySQL issue
CVE-2003-0149 (Heap-based buffer overflow in ePO agent for McAfee ePolicy ...)
NOT-FOR-US: McAfee ePolicy Orchestrator
CVE-2003-0148 (The default installation of MSDE via McAfee ePolicy
Orchestrator 2.0 ...)
@@ -50483,7 +50447,7 @@
CVE-2002-0771 (Cross-site scripting vulnerability in viewcvs.cgi for ViewCVS
0.9.2 ...)
- viewcvs 0.9.2-5
CVE-2002-0770 (Quake 2 (Q2) server 3.20 and 3.21 allows remote attackers to
obtain ...)
- TODO: Check quake2
+ NOT-FOR-US: Historic Quake2 issue
CVE-2002-0769 (The web-based configuration interface for the Cisco ATA 186
Analog ...)
NOT-FOR-US: Cisco
CVE-2002-0767 (simpleinit on Linux systems does not close a read/write FIFO
file ...)
@@ -50792,8 +50756,6 @@
NOT-FOR-US: openca, not in debian
CVE-2004-0001 (Unknown vulnerability in the eflags checking in the 32-bit
ptrace ...)
- kernel-image-2.6.8-9-amd64-generic
- TODO: what version?
- TODO: test?
CVE-2003-1328 (The showHelp() function in Microsoft Internet Explorer 5.01,
5.5, and ...)
NOT-FOR-US: windows
CVE-2003-1326 (Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers
...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
