[Secure-testing-commits] r3170 - data/CVE

Moritz Muehlenhoff Tue, 27 Dec 2005 16:33:11 -0800

Author: jmm-guest
Date: 2005-12-28 00:32:39 +0000 (Wed, 28 Dec 2005)
New Revision: 3170


Modified:
   data/CVE/list
Log:
record the fixes of upcoming pound dsa
webmin issue is sarge-specific
ntop issue is a non-issue


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2005-12-27 23:17:49 UTC (rev 3169)
+++ data/CVE/list       2005-12-28 00:32:39 UTC (rev 3170)
@@ -264,7 +264,7 @@
 CVE-2005-4358 (admin/admin_disallow.php in phpBB 2.0.18 allows remote 
attackers to ...)
        - phpbb2 <unfixed> (unimportant)
 CVE-2005-4357 (Cross-site scripting (XSS) vulnerability in phpBB 2.0.18, when 
...)
-       - phpbb2 <unfixed> (bug filed)
+       - phpbb2 <unfixed> (bug #344674)
 CVE-2005-4356 (SQL injection vulnerability in UStore allows remote attackers 
to ...)
        NOT-FOR-US: UStore
 CVE-2005-4355 (Multiple cross-site scripting (XSS) vulnerabilities in UStore 
allow ...)
@@ -1324,7 +1324,8 @@
 CVE-2005-3913 (Unspecified vulnerability in the domain alias management in 
Virtual ...)
        NOT-FOR-US: Virtual Hosting Control System 
 CVE-2005-3912 (Format string vulnerability in miniserv.pl Perl web server in 
Webmin ...)
-       - webmin <unfixed> (bug #341394; medium)
+       [sarge] - webmin 1.180-3sarge0 (bug #341394; medium)
+       NOTE: Later versions not affected, as the use proper format string 
passing
 CVE-2005-3911 (Multiple SQL injection vulnerabilities in calendar.php in 
BosDates 4.0 ...)
        NOT-FOR-US: BosDates
 CVE-2005-3910 (merchants/index.php in Post Affiliate Pro 2.0.4 and earlier, 
with ...)
@@ -3051,8 +3052,8 @@
 CVE-2002-2124 (The recvn and sendn functions in nylon 0.2 do not check when 
the recv ...)
        NOT-FOR-US: nylon
 CVE-2005-XXXX [ntop format string vulnerability]
-       - ntop <unfixed> (bug #335996; low)
-       NOTE: Possibly not exploitable
+       - ntop <unfixed> (bug #335996; unimportant)
+       NOTE: Not exploitable
 CVE-2005-XXXX [Firefox IFRAME DoS]
        - mozilla-firefox <unfixed> (bug #336171; low)
        - firefox 1.4.99+1.5rc3.dfsg-2 (bug #336171; low)
@@ -3344,6 +3345,7 @@
        - pavuk 0.9.33-1 (bug #264684; high)
        NOTE: second hole mentioned in bug report
 CVE-2005-3751 (HTTP request smuggling vulnerability in Pound before 1.9.4 
allows ...)
+       [sarge] - pound 1.8.2-1sarge1
        - pound 1.9.4-1 (low)
        NOTE: see 
http://www.apsis.ch/pound/pound_list/archive/2005/2005-10/1129827166000/index_html?fullMode=1#1129827166000
 CVE-2005-3276 (The sys_get_thread_area function in process.c in Linux 2.6 
before ...)
@@ -10760,6 +10762,7 @@
 CVE-2005-1392 (The SQL install script in phpMyAdmin 2.6.2 is created with ...)
        - phpmyadmin <not-affected> (Only part of examples that an admin would 
need to modify anyway)
 CVE-2005-1391 (Buffer overflow in the add_port function in APSIS Pound 1.8.2 
and ...)
+       [sarge] - pound 1.8.2-1sarge1
        - pound 1.8.2-1.1 (bug #307852; bug #311548; medium)
 CVE-2005-1390
        REJECTED


_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r3170 - data/CVE

Reply via email to