[Secure-testing-commits] r3405 - data/CVE

Wed, 01 Feb 2006 02:05:17 -0800 

Author: jmm-guest
Date: 2006-02-01 10:04:35 +0000 (Wed, 01 Feb 2006)
New Revision: 3405

Modified:
   data/CVE/list
Log:
checked some issues, they all don't affect us


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2006-02-01 09:39:31 UTC (rev 3404)
+++ data/CVE/list       2006-02-01 10:04:35 UTC (rev 3405)
@@ -147,6 +147,8 @@
        NOT-FOR-US: MyBB
 CVE-2006-0405 (The TIFFFetchShortPair function in tif_dirread.c in libtiff 
3.8.0 ...)
        - tiff <unfixed> (bug #350715)
+       [sarge] - tiff <not-affected> (Vulnerability was introduced later)
+       [woody] - tiff <not-affected> (Vulnerability was introduced later)
 CVE-2006-0404 (Note-A-Day Weblog 2.2 stores sensitive data under the web 
document ...)
        NOT-FOR-US: Note-A-Day Weblog
 CVE-2006-0403 (Multiple SQL injection vulnerabilities in e-moBLOG 1.3 allow 
remote ...)
@@ -866,8 +868,8 @@
 CVE-2006-0098 (The dupfdopen function in sys/kern/kern_descrip.c in OpenBSD 
3.7 and ...)
        NOT-FOR-US: OpenBSD
 CVE-2006-0097 (Stack-based buffer overflow in the create_named_pipe function 
in ...)
-       NOTE: This is probably not-affected as it's Windows-specific
-       TODO: double-check, if this is really Windows-specific
+       - php4 <not-affected> (Windows specific)
+       - php5 <not-affected> (Windows specific)
 CVE-2006-0096 (wan/sdla.c in Linux kernel 2.6.x before 2.6.11 and 2.4.x before 
2.4.29 ...)
        - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11)
        - kernel-source-2.4.27 2.4.27-8
@@ -1287,7 +1289,8 @@
 CVE-2005-4505 (Unquoted Windows search path vulnerability in McAfee VirusScan 
...)
        NOT-FOR-US: McAfee
 CVE-2005-4504 (The khtml::RenderTableSection::ensureRows function in 
KHTMLParser in ...)
-       TODO: check, whether this affects konqueror
+       - kdelibs <not-affected>
+       NOTE: Konqueror from sid doesn't crash, will test an older version later
 CVE-2005-4503 (httprint v202, and possibly other versions before v301, allows 
remote ...)
        NOT-FOR-US: httprint
 CVE-2005-4502 (Cross-site scripting (XSS) vulnerability in httprint v202, and 
...)
@@ -1663,7 +1666,6 @@
        NOTE: both util-vserver and the kernel-patch-vserver need to be 
upgraded to fix this vulnerability
 CVE-2005-4346 (Invalid SQL syntax error in blog.php in phpBB Blog 2.2.2 and 
earlier ...)
        NOT-FOR-US: phpBB Blog
-       TODO: Double-check please, this doesn't seem to be included in stock 
phpbb
 CVE-2005-4345 (Adobe (formerly Macromedia) ColdFusion MX 7.0 exposes the 
password ...)
        NOT-FOR-US: ColdFusion MX
 CVE-2005-4344 (Adobe (formerly Macromedia) ColdFusion MX 7.0 does not honor 
when the ...)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

Reply via email to