Author: fw
Date: 2009-05-18 18:50:49 +0000 (Mon, 18 May 2009)
New Revision: 11916
Modified:
data/CVE/list
Log:
fix minor syntax issues, and remove a few duplicate package annotations
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-05-18 15:45:13 UTC (rev 11915)
+++ data/CVE/list 2009-05-18 18:50:49 UTC (rev 11916)
@@ -24,7 +24,7 @@
CVE-2009-1630 (The nfs_permission function in fs/nfs/dir.c in the NFS client
...)
TODO: check
CVE-2009-1629 (ajaxterm.js in AjaxTerm 0.10 and earlier generates session IDs
with ...)
- - ajaxterm (medium; bug #528938)
+ - ajaxterm <unfixed> (medium; bug #528938)
CVE-2009-XXXX [eggdrop buffer overflow]
- eggdrop 1.6.19-1.2 (medium; bug #528778)
NOTE: CVE id request on oss-sec
@@ -8099,9 +8099,8 @@
CVE-2008-5031 (Multiple integer overflows in Python 2.2.3 through 2.5.1, and
2.6, ...)
- python2.5 2.5.2-11.1
[etch] - python2.5 <no-dsa> (Minor issue)
- - python2.4 2.4.6-1 (bug #507317)
[etch] - python2.4 <no-dsa> (Minor issue)
- - python2.4 2.4.5-6 (low; bug #504620)
+ - python2.4 2.4.5-6 (low; bug #507317; bug #504620)
NOTE: definitely fixed in 2.5.2-11.1 for lenny/unstable
(svn-updates.dpatch)
NOTE: maybe fixed earlier, doko is not able to tell the exact version
atm
CVE-2008-5030 (Heap-based buffer overflow in the cddb_read_disc_data function
in ...)
@@ -21331,7 +21330,6 @@
NOT-FOR-US: Neocrome Seditio CMS
CVE-2007-6211 (Send ICMP Nasty Garbage (sing) on Debian GNU/Linux allows local
users ...)
- sing 1.1-16 (low; bug #454167)
- [etch] - sing <no-dsa> (Only exploitable in inherently broken setups)
[etch] - sing 1.1-13etch1
[sarge] - sing 1.1-9sarge1
CVE-2007-6209 (Util/difflog.pl in zsh 4.3.4 allows local users to overwrite
arbitrary ...)
@@ -22774,7 +22772,6 @@
CVE-2007-5689 (The Java Virtual Machine (JVM) in Sun Java Runtime Environment
(JRE) ...)
- sun-java6 6-03-1 (medium)
- sun-java5 1.5.0-13-1 (medium)
- [etch] - sun-java5 <no-dsa> (Non-free not supported)
[etch] - sun-java5 1.5.0-14-1etch1
CVE-2007-5688 (Multiple SQL injection vulnerabilities in directory.php in the
...)
NOT-FOR-US: Multi Host Forum Pro
@@ -23987,14 +23984,12 @@
- kdegraphics 4:3.5.8-2 (medium; bug #450630)
- xpdf 3.02-1.3 (medium; bug #450629)
- koffice 1:1.6.3-4 (medium; bug #450631)
- - libextractor 0.5.9-1
- cups 1.1.22-7
- gpdf <removed>
- pdftohtml <removed>
[etch] - pdftohtml 0.36-13etch1
- tetex-bin 3.0-12
NOTE: pdftex links to poppler since 3.0-12, thus marking as fixed
- - cups <not-affected> (we use xpdf-utils in sarge and poppler-utils
since etch to not embedd this code)
- cupsys <not-affected> (we use xpdf-utils in sarge and poppler-utils
since etch to not embedd this code)
NOTE: cups uses xpdf-utils and poppler-utils
- libextractor 0.5.12-1
@@ -24007,15 +24002,12 @@
[etch] - kdegraphics <not-affected> (Vulnerable code not used)
- xpdf 3.02-1.3 (medium; bug #450629)
- koffice 1:1.6.3-4 (medium; bug #450631)
- - libextractor 0.5.9-1
- - cupsys <removed>
- cups 1.1.22-7
- gpdf <removed>
- pdftohtml <removed>
[etch] - pdftohtml 0.36-13etch1
- tetex-bin 3.0-12
NOTE: pdftex links to poppler since 3.0-12, thus marking as fixed
- - cups <not-affected> (we use xpdf-utils in sarge and poppler-utils
since etch to not embedd this code)
- cupsys <not-affected> (we use xpdf-utils in sarge and poppler-utils
since etch to not embedd this code)
NOTE: cups uses xpdf-utils and poppler-utils
- libextractor 0.5.12-1
@@ -24168,7 +24160,6 @@
CVE-2007-5375 (Interpretation conflict in the Sun Java Virtual Machine (JVM)
allows ...)
- sun-java6 6-03-1 (low)
- sun-java5 1.5.0-13-1 (low)
- [etch] - sun-java5 <no-dsa> (Non-free not supported)
[etch] - sun-java5 1.5.0-14-1etch1
CVE-2007-5374 (cp_memberedit.php in LightBlog 8.4.1.1 does not check for ...)
NOT-FOR-US: LightBlog
@@ -24413,12 +24404,10 @@
CVE-2007-5274 (Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2
and ...)
- sun-java6 6-03-1 (low)
- sun-java5 1.5.0-13-1 (low)
- [etch] - sun-java5 <no-dsa> (Non-free not supported)
[etch] - sun-java5 1.5.0-14-1etch1
CVE-2007-5273 (Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2
and ...)
- sun-java6 6-03-1 (low)
- sun-java5 1.5.0-13-1 (low)
- [etch] - sun-java5 <no-dsa> (Non-free not supported)
[etch] - sun-java5 1.5.0-14-1etch1
CVE-2007-5272 (SQL injection vulnerability in kategori.asp in Furkan Tastan
Blog ...)
NOT-FOR-US: Furkan Tastan Blog
@@ -24537,12 +24526,10 @@
CVE-2007-5240 (Visual truncation vulnerability in the Java Runtime Environment
in Sun ...)
- sun-java6 6-03-1 (low)
- sun-java5 1.5.0-13-1 (low)
- [etch] - sun-java5 <no-dsa> (Non-free not supported)
[etch] - sun-java5 1.5.0-14-1etch1
CVE-2007-5239 (Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK
and JRE ...)
- sun-java6 6-03-1 (low)
- sun-java5 1.5.0-13-1 (low)
- [etch] - sun-java5 <no-dsa> (Non-free not supported)
[etch] - sun-java5 1.5.0-14-1etch1
CVE-2007-5238 (Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK
and JRE ...)
- sun-java6 6-03-1 (unimportant)
@@ -24552,7 +24539,6 @@
CVE-2007-5237 (Java Web Start in Sun JDK and JRE 6 Update 2 and earlier does
not ...)
- sun-java6 6-03-1 (medium)
- sun-java5 1.5.0-13-1 (medium)
- [etch] - sun-java5 <no-dsa> (Non-free not supported)
[etch] - sun-java5 1.5.0-14-1etch1
CVE-2007-5236 (Java Web Start in Sun JDK and JRE 5.0 Update 12 and earlier,
and SDK ...)
- sun-java6 <not-affected> (Windows only)
@@ -24566,7 +24552,6 @@
CVE-2007-5232 (Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2
and ...)
- sun-java6 6-03-1 (low)
- sun-java5 1.5.0-13-1 (low)
- [etch] - sun-java5 <no-dsa> (Non-free not supported)
[etch] - sun-java5 1.5.0-14-1etch1
CVE-2007-5231 (Unrestricted file upload vulnerability in
admin/upload_files.php in ...)
NOT-FOR-US: Zomplog
@@ -26525,8 +26510,6 @@
- apache2 2.2.6-1 (bug #453783)
[sarge] - apache <no-dsa> (browser issue, low impact)
[sarge] - apache2 <no-dsa> (browser issue, low impact)
- [etch] - apache <no-dsa> (browser issue, low impact)
- [etch] - apache2 2.2.3-4+etch4
NOTE: This is really a browser bug, see CVE-2006-5152. But still
unfixed in MSIE.
NOTE: Etch's default configuration not vulnerable due to
AddDefaultCharset,
NOTE: but many users change this.
@@ -26802,7 +26785,6 @@
[etch] - kdegraphics <not-affected> (Vulnerable code not used)
- xpdf 3.02-1.3 (medium; bug #450629)
- koffice 1:1.6.3-4 (medium; bug #450631)
- - libextractor 0.5.9-1
- cupsys 1.1.22-7
- cups 1.1.22-7
- gpdf <removed>
@@ -27034,7 +27016,7 @@
CVE-2007-4252 (Absolute path traversal vulnerability in a certain ActiveX
control in ...)
NOT-FOR-US: CHILKAT ASP String
CVE-2007-4251 (OpenOffice.org (OOo) 2.2 does not properly handle files with
multiple ...)
- - openoffice.org (unimportant)
+ - openoffice.org <unfixed> (unimportant)
NOTE: Only a crasher with malformed documents
CVE-2007-4250 (The isChecked function in Toolbar.DLL in Advanced Searchbar
before ...)
NOT-FOR-US: Advanced Searchbar
@@ -27777,7 +27759,6 @@
NOT-FOR-US: Cisco
CVE-2007-3922 (Unspecified vulnerability in the Java Runtime Environment (JRE)
Applet ...)
- sun-java5 1.5.0-12-2
- [etch] - sun-java5 <no-dsa> (non-free not supported)
[etch] - sun-java5 1.5.0-14-1etch1
- sun-java6 6-02-1
CVE-2007-3921 (gforge 3.1 and 4.5.14 allows local users to truncate arbitrary
files ...)
@@ -28447,7 +28428,6 @@
NOTE: MFSA2007-24
CVE-2007-3655 (Stack-based buffer overflow in javaws.exe in Sun Java Web Start
in JRE ...)
- sun-java5 1.5.0-12-1
- [etch] - sun-java5 <no-dsa> (Non-free not supported)
[etch] - sun-java5 1.5.0-14-1etch1
- sun-java6 6-02-1
CVE-2007-3654 (The display driver allocattr functions in NetBSD 3.0 through
...)
@@ -28823,7 +28803,6 @@
- sun-java5 <not-affected>
NOTE: Sun Alert ID 102957 says issue is Windows only
CVE-2007-3503 (The Javadoc tool in Sun JDK 6 and JDK 5.0 Update 11 can
generate HTML ...)
- [etch] - sun-java5 <no-dsa> (non-free)
[etch] - sun-java5 1.5.0-14-1etch1
- sun-java5 1.5.0-12-1
[etch] - sun-java6 <no-dsa> (non-free)
@@ -31074,7 +31053,7 @@
{DSA-1413-1}
- mysql-dfsg-5.0 5.0.41-1 (low; bug #426353)
[sarge] - mysql-dfsg <not-affected> (Vulnerable functionality not
implemented)
- [sarge] - mysql-dfsg <not-affected> (Not affected, test case doesn't
crash the daemon)
+ NOTE: [sarge] Not affected, test case doesn't crash the daemon
CVE-2007-2582 (Multiple buffer overflows in the DB2 JDBC Applet Server
(DB2JDS) ...)
NOT-FOR-US: IBM DB2
CVE-2007-2581 (Multiple cross-site scripting (XSS) vulnerabilities in
Microsoft ...)
@@ -35629,7 +35608,6 @@
[sarge] - rar <no-dsa> (Non-free)
[etch] - rar <no-dsa> (Non-free)
- unrar-nonfree 1:3.7.3-1 (high; bug #410580)
- [etch] - unrar-nonfree <no-dsa> (Non-free not supported)
[sarge] - unrar-nonfree 1:3.5.2-0.2
[etch] - unrar-nonfree 1:3.5.4-1.1
NOTE: amavid-new automatically uses "rar -p-" or "unrar -p-",
@@ -76527,7 +76505,7 @@
CVE-2004-0004 (The libCheckSignature function in crypto-utils.lib for OpenCA
0.9.1.6 ...)
NOT-FOR-US: openca, not in debian
CVE-2004-0001 (Unknown vulnerability in the eflags checking in the 32-bit
ptrace ...)
- - kernel-image-2.6.8-9-amd64-generic
+ - kernel-image-2.6.8-9-amd64-generic <unfixed>
CVE-2003-1328 (The showHelp() function in Microsoft Internet Explorer 5.01,
5.5, and ...)
NOT-FOR-US: windows
CVE-2003-1326 (Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers
...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
