[Secure-testing-commits] r3533 - data/CVE

Moritz Muehlenhoff Thu, 23 Feb 2006 14:21:50 -0800

Author: jmm-guest
Date: 2006-02-23 22:21:17 +0000 (Thu, 23 Feb 2006)
New Revision: 3533


Modified:
   data/CVE/list
Log:
some no-dsa and severity corrections


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2006-02-23 20:43:58 UTC (rev 3532)
+++ data/CVE/list       2006-02-23 22:21:17 UTC (rev 3533)
@@ -989,9 +989,7 @@
 CVE-2006-0419 (BEA WebLogic Server and WebLogic Express 9.0, 8.1 through SP5, 
and 7.0 ...)
        NOT-FOR-US: BEA WebLogic
 CVE-2005-4667 (Buffer overflow in UnZip 5.50 and earlier allows user-complicit 
...)
-       - unzip <unfixed> (medium; bug #349794)
-       NOTE: The scope of this issue is currently unclear, medium for now, but 
might be
-       NOTE: less severe
+       - unzip <unfixed> (low; bug #349794)
 CVE-2006-0418 (Eval injection vulnerability in 123 Flash Chat Server 5.0 and 
5.1 ...)
        NOT-FOR-US: 123 Flash Chat Server
 CVE-2006-0417 (SQL injection vulnerability in login.php in miniBloggie 1.0 and 
...)
@@ -2002,6 +2000,8 @@
        - phpbb2 <not-affected> (Fixed through a more complete fix in previous 
2.0.13+1-6sarge1 update)
 CVE-2005-XXXX [snort: DoS in verbose mode]
        - snort 2.3.3-2 (bug #328134; low)
+       [woody] - snort <no-dsa> (Only exploitable in obscure setups not used 
in production environments, see #328134)
+       [sarge] - snort <no-dsa> (Only exploitable in obscure setups not used 
in production environments, see #328134)
 CVE-2005-4601 (The delegate code in ImageMagick 6.2.4.5-0.3 allows remote 
attackers ...)
        {DSA-957-2}
        - imagemagick 6:6.2.4.5-0.6 (bug #345238; medium)
@@ -8327,6 +8327,8 @@
        - metamail 2.7-48 (bug #321473; low)
 CVE-2005-XXXX [Insecure usage of temporary files in x11perfcomp and other 
security issues]
        - xfree86 <unfixed> (bug #321447; low)
+       [woody] - xfree86 <no-dsa> (Hardly exploitable)
+       [sarge] - xfree86 <no-dsa> (Hardly exploitable)
        - xorg-x11 <unfixed> (bug #321447; low)
 CVE-2005-XXXX [gs-esp: Insecure usage of /tmp in source code]
        - gs-esp <unfixed> (bug #291452; unimportant)
@@ -13950,7 +13952,8 @@
 CVE-2005-1120 (Multiple cross-site scripting (XSS) vulnerabilities in 
IlohaMail ...)
        - ilohamail <unfixed> (bug #304525; medium)
 CVE-2005-1119 (Sudo VISudo 1.6.8 and earlier allows local users to corrupt 
arbitrary ...)
-       - sudo <unfixed> (bug #283161; low)
+       - sudo <unfixed> (bug #283161; unimportant)
+       NOTE: That's a policy violation, but not a security problem
 CVE-2005-1118 (Cross-site scripting (XSS) vulnerability in IISWebAgentIF.dll 
in the ...)
        NOT-FOR-US: RSA authentication agent
 CVE-2005-1117 (PHP remote code injection vulnerability in index.php in ...)


_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r3533 - data/CVE

Reply via email to