Author: jmm-guest
Date: 2006-03-08 09:46:42 +0000 (Wed, 08 Mar 2006)
New Revision: 3566
Modified:
data/CVE/list
Log:
openssh issue fixed long ago
cleaned up list for 2.6.8 DSA
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-03-07 21:14:24 UTC (rev 3565)
+++ data/CVE/list 2006-03-08 09:46:42 UTC (rev 3566)
@@ -357,7 +357,8 @@
CVE-2003-1294 (Xscreensaver before 4.15 creates temporary files insecurely in
(1) ...)
TODO: check
CVE-2006-0883 (OpenSSH on FreeBSD 5.3 and 5.4, when used with OpenPAM, does
not ...)
- TODO: check
+ - openssh 3.8.1p1-4
+ [woody] - openssh <not-affected>
CVE-2006-0882 (Directory traversal vulnerability in include.php in Noah's
Classifieds ...)
NOT-FOR-US: Noah's Classifieds
CVE-2006-0881 (Multiple PHP remote file include vulnerabilities in
gorum/gorumlib.php ...)
@@ -2290,11 +2291,9 @@
CVE-2006-0096 (wan/sdla.c in Linux kernel 2.6.x before 2.6.11 and 2.4.x before
2.4.29 ...)
- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11)
- kernel-source-2.4.27 2.4.27-8
- NOTE: sarge 2.6.8 and 2.4.27 are affected, woody is unclear
CVE-2006-0095 (dm-crypt in Linux kernel 2.6.15 and earlier does not clear a
structure ...)
- linux-2.6 <unfixed>
- kernel-source-2.4.27 <not-affected> (2.4 doesn't have dm-crypt)
- NOTE: 2.6.8 sarge affected, 2.4 kernels not affected
CVE-2006-0094 (PHP remote file include vulnerability in forum.php in oaBoard
1.0 ...)
NOT-FOR-US: oaBoard
CVE-2006-0093 (Cross-site scripting (XSS) vulnerability in index.php in @Card
ME PHP ...)
@@ -2352,8 +2351,7 @@
CVE-2005-4619 (SQL injection vulnerability in index.php in phpoutsourcing
Zorum Forum ...)
NOT-FOR-US: phpoutsourcing Zorum Forum
CVE-2005-4618 (Buffer overflow in sysctl in the Linux Kernel 2.6 before 2.6.15
allows ...)
- - linux-2.6 <unfixed>
- NOTE: Added patch tracker template
+ - linux-2.6 2.6.15-1
CVE-2006-0083 (Format string vulnerability in the logging code of SMS Server
Tools ...)
{DSA-930-2 DSA-930-1}
[woody] - smstools 1.5.0-2woody0
@@ -2437,7 +2435,6 @@
CVE-2005-4605 (The procfs code (proc_misc.c) in Linux 2.6.14.3 and other
versions ...)
- linux-2.6 2.6.15-1
- kernel-source-2.4.27 <not-affected> (2.4's proc_file_lseek contains a
sanity check)
- NOTE: Sarge 2.6.8 status yet unclear
CVE-2005-XXXX [xshisen follows symlinks for shared gid games files]
- xshisen 1.51-1-1.2 (bug #291613)
CVE-2006-0062 [Potential xlockmore bypass]
@@ -4460,10 +4457,10 @@
CVE-2004-2573 (PHP remote file inclusion vulnerability in
tables_update.inc.php in ...)
- phpgroupware 0.9.14.007
CVE-2005-3848 (Memory leak in the icmp_push_reply function in Linux 2.6 before
...)
+ - linux-2.6 2.6.13-1
- kernel-source-2.4.27 2.4.27-12 (bug #351645)
- [sarge] - kernel-source-2.6.8 2.6.8-16sarge2
CVE-2005-3847 (The handle_stop_signal function in signal.c in Linux kernel
2.6.11 up ...)
- [sarge] - kernel-source-2.6.8 2.6.8-16sarge2
+ - linux-2.6 2.6.13-1
CVE-2005-3849 (Cross-site scripting (XSS) vulnerability in the Search module
in ...)
- pmwiki <itp> (bug #330117)
CVE-2003-XXXX [Insecure tempfile in x-face-el]
@@ -6887,13 +6884,11 @@
CVE-2005-3055 (Linux kernel 2.6.8 to 2.6.14-rc2 allows local users to cause a
denial ...)
- linux-2.6 <unfixed> (bug #330287; bug #332587; medium)
- kernel-source-2.4.27 <not-affected>
- [sarge] - kernel-source-2.6.8 <unfixed> (bug #332596)
CVE-2005-3054 (fopen_wrappers.c in PHP 4.4.0, and possibly other versions,
does not ...)
- php4 4:4.4.0-3 (bug #353585; bug #354685; medium)
- php5 5.0.5-2 (bug #353585; medium)
CVE-2005-3053 (The sys_set_mempolicy function in mempolicy.c in Linux kernel
2.6.x ...)
- linux-2.6 2.6.12-3 (bug #330343; bug #330353; medium)
- - kernel-source-2.6.8 2.6.8-16sarge2 (medium)
CVE-2005-3052 (SQL injection vulnerability in module/down.inc.php in jportal
2.3.1 ...)
NOT-FOR-US: jportal
CVE-2005-3051 (Stack-based buffer overflow in 7-Zip 3.13, 4.23, and 4.26 BETA
allows ...)
@@ -7087,7 +7082,6 @@
CVE-2005-2973 (The udp_v6_get_port function in udp.c in Linux 2.6 before
2.6.14-rc5, ...)
- linux-2.6 2.6.13+2.6.14-rc4-0experimental.1 (low)
- kernel-source-2.4.27 2.4.27-12
- [sarge] - kernel-source-2.6.8 2.6.8-16sarge2
[sarge] - kernel-source-2.4.27 2.4.27-10sarge2
CVE-2005-2972 (Multiple stack-based buffer overflows in the RTF import feature
in ...)
{DSA-894-1}
@@ -7319,7 +7313,6 @@
CVE-2005-3044 (Multiple vulnerabilities in Linux kernel before 2.6.13.2 allow
local ...)
- linux-2.6 2.6.12-7 (medium)
- kernel-source-2.4.27 <not-affected> (code is vulnerable but there is
no amd64 for 2.4 in Sarge)
- [sarge] - kernel-source-2.6.8 2.6.8-16sarge2 (medium)
CVE-2005-2877 (The history (revision control) function in TWiki 02-Sep-2004
and ...)
NOTE: proactively fixed by the robustness patch
- twiki 20040902-2
@@ -7687,7 +7680,6 @@
- helix-player 1.0.6-1 (bug #330364; high)
CVE-2005-2709 (The sysctl functionality (sysctl.c) in Linux kernel before
2.6.14.1 ...)
- linux-2.6 2.6.14-3
- NOTE: Send to Horms as usual
CVE-2005-2708 (The search_binary_handler function in exec.c in Linux 2.4
kernel on ...)
- kernel-source-2.4.27 <not-affected> (amd64/2.4 not supported)
CVE-2005-2707 (Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows
remote ...)
@@ -8650,7 +8642,6 @@
- python2.3 2.3.5-8 (medium)
CVE-2005-2490 (Stack-based buffer overflow in the sendmsg function call in the
Linux ...)
- linux-2.6 2.6.12-7 (bug #327416; medium)
- - kernel-source-2.6.8 2.6.8-16sarge2
CVE-2004-2302 (Race condition in the sysfs_read_file and sysfs_write_file
functions ...)
{DSA-922-1 DTSA-16-1}
- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.10)
@@ -8879,7 +8870,6 @@
{DTSA-16-1}
- linux-2.6 2.6.12-3 (medium)
- kernel-source-2.4.27 2.4.27-12 (medium)
- [sarge] - kernel-source-2.6.8 2.6.8-16sarge2 (medium)
[sarge] - kernel-source-2.4.27 2.4.27-10sarge2 (medium)
CVE-2005-2456 (Array index overflow in the xfrm_sk_policy_insert function in
...)
{DSA-922-1 DSA-921-1 DTSA-16-1}
@@ -16830,7 +16820,6 @@
CVE-2005-0450 (Directory traversal vulnerability in Sami HTTP Server 1.0.5
allows ...)
NOT-FOR-US: Sami HTTP Server
CVE-2005-0449 (The netfilter/iptables module in Linux before 2.6.8.1 allows
remote ...)
- - kernel-source-2.6.8 2.6.8-14 (bug #295949; high)
- linux-2.6 <not-affected> (Vulnerable code was removed betwen 2.6.11
and 2.6.12)
- kernel-source-2.4.27 <not-affected> (Per Herbet Xu:
http://oss.sgi.com/archives/netdev/2005-01/msg01107.html)
CVE-2005-0448 (Race condition in the rmtree function in File::Path.pm in Perl
before ...)
@@ -17900,7 +17889,6 @@
NOT-FOR-US: MacOS
CVE-2005-0124 (The coda_pioctl function in the coda functionality (pioctl.c)
for ...)
TODO: Check, when this was fixed upstream
- - kernel-source-2.4.27 2.4.27-8
CVE-2005-0123
RESERVED
CVE-2005-0122
@@ -19067,7 +19055,6 @@
- php3 3:3.0.18-29
CVE-2004-1017 (Multiple "overflows" in the io_edgeport driver for
Linux kernel 2.4.x ...)
- linux-2.6 <not-affected> (2.4 specific vulnerability)
- - kernel-source-2.4.27 2.4.27-9
CVE-2004-1016 (The scm_send function in the scm layer for Linux kernel 2.4.x
up to ...)
- linux-2.6 <not-affected> (Fixed before upload into archive)
TODO: Check which version fixed this
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
