diff options
author | Florian Weimer <fw@deneb.enyo.de> | 2006-01-23 16:03:22 +0000 |
---|---|---|
committer | Florian Weimer <fw@deneb.enyo.de> | 2006-01-23 16:03:22 +0000 |
commit | 5b4cfd04e39d84ff2a647de99bfd0863d333f2d3 (patch) | |
tree | 6d512ad354d6d7aa3ecc7a2f2c2fa5b2e23381fa | |
parent | 28c6abfd55f7b5da38712c8291bd52a036add10e (diff) |
CVE-2004-0175, CVE-2002-0992: adjust urgency
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@3350 e39458fd-73e7-0310-bf30-c45bca0a0e42
-rw-r--r-- | data/CVE/2000.list | 4 | ||||
-rw-r--r-- | data/CVE/2004.list | 9 |
2 files changed, 8 insertions, 5 deletions
diff --git a/data/CVE/2000.list b/data/CVE/2000.list index 5208599865..f2f6bf01ae 100644 --- a/data/CVE/2000.list +++ b/data/CVE/2000.list @@ -283,7 +283,9 @@ CVE-2000-0994 (Format string vulnerability in OpenBSD fstat program (and possibl CVE-2000-0993 (Format string vulnerability in pw_error function in BSD libutil ...) TODO: check CVE-2000-0992 (Directory traversal vulnerability in scp in sshd 1.2.xx allows a ...) - TODO: check + {CVE-2004-0175} + - openssh <unfixed> (low; bug #270770) + NOTE: Rediscoved as CVE-2004-0175, see there. CVE-2000-0991 (Buffer overflow in Hilgraeve, Inc. HyperTerminal client on Windows 98, ...) TODO: check CVE-2000-0990 (cmd5checkpw 0.21 and earlier allows remote attackers to cause a denial ...) diff --git a/data/CVE/2004.list b/data/CVE/2004.list index 2adafb94e6..a57188545b 100644 --- a/data/CVE/2004.list +++ b/data/CVE/2004.list @@ -5479,10 +5479,11 @@ CVE-2004-0176 (Multiple buffer overflows in Ethereal 0.8.13 to 0.10.2 allow remo {DSA-511} - ethereal 0.10.3-1 (bug #239576) CVE-2004-0175 (Directory traversal vulnerability in scp for OpenSSH before 3.4p1 ...) - - openssh <unfixed> (bug #270770) - NOTE: this bug is old and known; see the bug discussion for further information. - NOTE: apparently the security team thinks this is a minor issue; nevertheless, - NOTE: the bug is still open, so they should close it if it really is neglectible. + {CVE-2000-0992} + - openssh <unfixed> (low; bug #270770) + NOTE: The directory traversal part has been fixed in OpenSSH 3.9p1. + NOTE: The "SUID/SGID across trust boundaries" issue remains, but is + NOTE: largely theoretic. This is a rediscovery of CVE-2000-0992. CVE-2004-0174 (Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using ...) - apache 1.3.29.0.2-5 CVE-2004-0172 (Heap-based buffer overflow in the search_for_command function of ...) |