diff options
| author | Moritz Muehlenhoff <jmm@debian.org> | 2006-07-26 20:33:48 +0000 |
|---|---|---|
| committer | Moritz Muehlenhoff <jmm@debian.org> | 2006-07-26 20:33:48 +0000 |
| commit | 61a12db2d9645e1113b65af1a2b9721ca11fa244 (patch) | |
| tree | a7930db82dd3c0b3e8fc944d3327ae85545880d6 | |
| parent | d55a3fad8f5da544ab8708bd5a6a0f65280aaf63 (diff) | |
removed amanda issue: according to Bdale the code doesn't work, so
it's not exploitable
removed metar issue: checked the diff; this is not exploitable
crypt++el is actually fixed since long
some no-dsa for minor issues
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@4457 e39458fd-73e7-0310-bf30-c45bca0a0e42
| -rw-r--r-- | data/CVE/2001.list | 3 | ||||
| -rw-r--r-- | data/CVE/2004.list | 6 | ||||
| -rw-r--r-- | data/CVE/2005.list | 5 | ||||
| -rw-r--r-- | data/CVE/2006.list | 2 |
4 files changed, 7 insertions, 9 deletions
diff --git a/data/CVE/2001.list b/data/CVE/2001.list index 13a4cfc9ec..0b95421b24 100644 --- a/data/CVE/2001.list +++ b/data/CVE/2001.list @@ -1,6 +1,5 @@ CVE-2001-XXXX [crypt++ passes passwords through the command line] - - crypt++el <unfixed> (bug #105562; low) - NOTE: Sarge and Woody are affected + - crypt++el 2.91-2.1 (bug #105562; low) CVE-2001-XXXX [gnupg: inproper flagging of signatures as being local] - gnupg 1.0.7-1 (bug #107374) CVE-2001-1580 (Directory traversal vulnerability in ScriptEase viewcode.jse for ...) diff --git a/data/CVE/2004.list b/data/CVE/2004.list index 3b6f87452b..4214b7252d 100644 --- a/data/CVE/2004.list +++ b/data/CVE/2004.list @@ -377,9 +377,6 @@ CVE-2004-XXXX [Unspecified buffer overflow in libmng] - libmng 1.0.8-1 (bug #250106) CVE-2004-XXXX [Multiple buffer overflows in isoqlog] - isoqlog 2.2-0.1 (bug #254101; bug #202634) -CVE-2004-XXXX [Insecure temp files in amanda's chg-manual] - - amanda 1:2.4.5p1-1 (bug #226139; low) - NOTE: Woody and Sarge affected CVE-2004-XXXX [asciijump: /var/games/asciijump world writable] - asciijump 0.0.6-1.2 (bug #269186) CVE-2004-XXXX [Barrendero spool world-readable] @@ -839,7 +836,8 @@ CVE-2004-2267 (Cross-site scripting (XSS) vulnerability in Ansel 2.1 and earlier CVE-2004-2266 (SQL injection vulnerability in Ansel 2.1 and earlier allows remote ...) NOT-FOR-US: Ansel CVE-2004-2265 (UUDeview 0.5.20 and earlier handles temporary files insecurely during ...) - - uudeview 0.5.20-2.1 (bug #320541; medium) + - uudeview 0.5.20-2.1 (bug #320541; low) + [sarge] - uudeview <no-dsa> (Hardly exploitable) NOTE: dnprogs apparetly not vulnerable, unsafe code is not called (#358500) CVE-2004-2264 (** DISPUTED ** ...) - less <not-affected> (less is not suid, explotability unlikely) diff --git a/data/CVE/2005.list b/data/CVE/2005.list index 5ba52061a3..80206ebb14 100644 --- a/data/CVE/2005.list +++ b/data/CVE/2005.list @@ -4691,7 +4691,8 @@ CVE-2005-2800 (Memory leak in the seq_file implemenetation in the SCSI procfs .. CVE-2005-2799 (Buffer overflow in apply.cgi in Linksys WRT54G 3.01.03, 3.03.6, and ...) NOT-FOR-US: Linksys routers CVE-2005-2798 (sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, ...) - - openssh 1:4.2p1-1 (bug #326065; medium) + - openssh 1:4.2p1-1 (bug #326065; unimportant) + NOTE: Not enabled in the binary build, see #326065 - openssh-krb5 <unfixed> (bug #327233; medium) CVE-2005-2797 (OpenSSH 4.0, and other versions before 4.2, does not properly handle ...) - openssh 1:4.2p1-1 (bug #326065; medium) @@ -5469,8 +5470,6 @@ CVE-2005-2548 (vlan_dev.c in the VLAN code for Linux kernel 2.6.8 allows remote - kernel-source-2.6.8 2.6.8-16sarge1 (bug #309308; low) NOTE: 2.6.12-1 contained a partially broken fix - linux-2.6 2.6.12-6 (bug #309308; low) -CVE-2005-XXXX [Unspecified buffer overflow in metar] - - metar 20050807.1-1 (unknown) CVE-2005-2489 (Web Content Management News System allows remote attackers to create ...) NOT-FOR-US: Web Content Management News System CVE-2005-2488 (Cross-site scripting (XSS) vulnerability in Web Content Management ...) diff --git a/data/CVE/2006.list b/data/CVE/2006.list index 316a0c4a91..b1bc3313c9 100644 --- a/data/CVE/2006.list +++ b/data/CVE/2006.list @@ -2893,6 +2893,7 @@ CVE-2006-2481 RESERVED CVE-2006-2480 (Format string vulnerability in Dia 0.94 allows user-complicit ...) - dia 0.95.0-4 (bug #368202; low) + [sarge] - dia <no-dsa> (Hardly exploitable, would require obviously malformed file names) CVE-2006-2479 (The Update functionality in Bitrix Site Manager 4.1.x does not verify ...) NOT-FOR-US: Bitrix CVE-2006-2478 (Bitrix Site Manager 4.1.x allows remote attackers to redirect users to ...) @@ -2949,6 +2950,7 @@ CVE-2006-2454 RESERVED CVE-2006-2453 (Multiple unspecified format string vulnerabilities in Dia have ...) - dia 0.95.0-4 (bug #368202; medium) + [sarge] - dia <no-dsa> (Hardly exploitable, would require obviously malformed file names) CVE-2006-2452 (GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the "face browser" feature ...) - gdm <unfixed> (bug #375281; medium) [sarge] - gdm <not-affected> (Vulnerable code has only been introduced with 2.8) |