[Secure-testing-commits] r3716 - data/CVE

Thu, 30 Mar 2006 05:32:07 -0800 

Author: jmm-guest
Date: 2006-03-30 13:31:25 +0000 (Thu, 30 Mar 2006)
New Revision: 3716

Modified:
   data/CVE/list
Log:
more checks of Sarge versions


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2006-03-30 09:28:36 UTC (rev 3715)
+++ data/CVE/list       2006-03-30 13:31:25 UTC (rev 3716)
@@ -3463,6 +3463,7 @@
        [sarge] - bogofilter <not-affected> (Only some 0.96 CVS versions were 
affected)
 CVE-2005-4591 (Heap-based buffer overflow in bogofilter 0.96.2, 0.95.2, 
0.94.14, ...)
        - bogofilter 0.96.3
+       [sarge] - bogofilter <not-affected> (Sarge version doesn't include 
Unicode)
 CVE-2005-4590 (Spb Kiosk Engine 1.0.0.1 allows local users to bypass 
restrictions on ...)
        NOT-FOR-US: Spb Kiosk Engine
 CVE-2005-4589 (Spb Kiosk Engine 1.0.0.1 stores the administrator's passcode in 
the ...)
@@ -7706,6 +7707,8 @@
        NOTE: kmail was once part of kdenetwork.
 CVE-2002-XXXX [sanitizer bypassal through quoted file names]
        - sanitizer 1.76-1 (bug #149799; medium)
+       [sarge] - sanitizer <not-affected> (Sarge version already fixed)
+       NOTE: This was fixed earlier in fact, but it's unknown when
 CVE-2005-XXXX [Heap overflow in libosip URI parsing]
        - libosip2 2.0.9-1 (bug #308737)
 CVE-2005-XXXX [rkhunter: Insecure temporary file]
@@ -11369,7 +11372,8 @@
        - libphysfs 1.0.0-5 (bug #318091; medium)
        - oops <unfixed> (bug #318097; medium)
        [woody] - rpm <not-affected> (Woody contains zlib 1.1, which is not 
affected)
-       - rpm 4.0.4-31.1 (bug #318099; medium)
+       - rpm 4.0.4-31.1 (bug #318099; unimportant)
+       NOTE: You need to trust rpms anyway, when installing them
        - rageircd 2.0.0-3sid1 (bug #309196; medium)
        - systemimager-ssh <unfixed> (bug #318101; unimportant)
        [woody] - texmacs <not-affected> (Woody contains zlib 1.1, which is not 
affected)
@@ -14455,6 +14459,7 @@
        - syslog-ng 1.6.5-2.1
 CVE-2005-XXXX [trackballs: Follows symlinks as gid games]
        - trackballs 1.1.1-1 (bug #302454; medium)
+       [sarge] - trackballs <no-dsa> (Hardly exploitable)
        NOTE: CVE request sent to mitre (who sent this? any response?)
        NOTE: Trackballs doesn't run as gid games anymore, high-score files are
        NOTE: stored in user's home directories instead.


_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

Reply via email to