some whitespace fixes

a few fixed versions for unimportant bugs


git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@5234 e39458fd-73e7-0310-bf30-c45bca0a0e42

4 files changed, 16 insertions, 14 deletions

diff --git a/data/CVE/2001.list b/data/CVE/2001.list
index 76db32fbd7..5ae2ea1d7c 100644
--- a/data/CVE/2001.list
+++ b/data/CVE/2001.list
@@ -104,7 +104,7 @@ CVE-2001-1535 (Slashcode 2.0 creates new accounts with an 8-character random ...
 	- slash 2.2.6-8 (bug #328927; low)
 	[sarge] - slash <no-dsa> (Lack of a security feature, minor security problem)
 CVE-2001-1534 (mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's ...)
-	- apache (bug #328919; unimportant)
+	- apache <unfixed> (bug #328919; unimportant)
 	- apache2 <unfixed> (unimportant)
 	NOTE: Cookies are only used for invading user privacy,
 	NOTE: not for authentication, so apache and apache2 should be fine.
diff --git a/data/CVE/2002.list b/data/CVE/2002.list
index 95775ecdae..4d16cec1c6 100644
--- a/data/CVE/2002.list
+++ b/data/CVE/2002.list
@@ -3314,7 +3314,7 @@ CVE-2002-0710 (Directory traversal vulnerability in sendform.cgi 1.44 and earlie
 CVE-2002-0704 (The Network Address Translation (NAT) capability for Netfilter ...)
 	NOTE: kernel netfilter bug, not in user space
 	NOTE: this is fixed in kernel 2.4.20
-	- kernel-image-2.4.18-i386 (bug #152152; unimportant)
+	- kernel-image-2.4.18-i386 <unfixed> (bug #152152; unimportant)
 CVE-2002-0703 (An interaction between the Perl MD5 module (perl-Digest-MD5) and Perl ...)
 	- perl 5.8.0-7 (bug #282527)
 CVE-2002-0701 (ktrace in BSD-based operating systems allows the owner of a process ...)
diff --git a/data/CVE/2005.list b/data/CVE/2005.list
index d5811ee34d..eafa1d20ec 100644
--- a/data/CVE/2005.list
+++ b/data/CVE/2005.list
@@ -876,8 +876,8 @@ CVE-2005-4444 (Stack-based buffer overflow in the trace message functionality in
 CVE-2005-4443 (Untrusted search path vulnerability in Gauche before 0.8.6-r1 on ...)
 	- gauche <not-affected> (Gentoo-specific packaging flaw)
 CVE-2005-4442 (Untrusted search path vulnerability in OpenLDAP before 2.2.28-r3 on ...)
-	- openldap2 <not-affected>  (Gentoo-specific packaging flaw)
-	- openldap2.2 <not-affected>  (Gentoo-specific packaging flaw)
+	- openldap2 <not-affected> (Gentoo-specific packaging flaw)
+	- openldap2.2 <not-affected> (Gentoo-specific packaging flaw)
 CVE-2005-4441 (The PVLAN protocol allows remote attackers to bypass network ...)
 	TODO: check, whether this has ramifications on the kernel's VLAN implementation
 	TODO: or whether it's a generic unfixable protocol flaw
@@ -4441,7 +4441,7 @@ CVE-2005-2948 (KillProcess 2.20 and earlier allows local users to bypass kill li
 CVE-2005-2947 (Buffer overflow in KillProcess 2.20 and earlier allows user-assisted ...)
 	NOT-FOR-US: KillProcess
 CVE-2005-2946 (The default configuration on OpenSSL before 0.9.8 uses MD5 for ...)
-	- openssl (bug #314465; unimportant)
+	- openssl 0.9.8-1 (bug #314465; unimportant)
 	NOTE: MD5 is still good enough for most applications, second preimage attacks
 	NOTE: haven't been presented yet
 CVE-2005-2944 (The perform_file_save function in GNOME Workstation Command Center ...)
@@ -5710,8 +5710,9 @@ CVE-2005-2433 (PhpList allows remote attackers to obtain sensitive information v
 CVE-2005-2432 (SQL injection vulnerability in PhpList allows remote attackers to ...)
 	NOT-FOR-US: PhpList
 CVE-2005-2431 (The (1) lost password and (2) account pending features in GForge 4.5 ...)
-	- gforge (bug #328224; unimportant)
+	- gforge 4.5.14-2 (bug #328224; unimportant)
 	NOTE: Direct flooding is possible as well in most circumstances.
+	NOTE: (Upstream fix was in gforge 4.5.0.1.)
 CVE-2005-2430 (Multiple cross-site scripting (XSS) vulnerabilities in GForge 4.5 ...)
 	{DSA-1094-1}
 	- gforge 4.5.14-9 (bug #328224; medium)
@@ -5747,8 +5748,10 @@ CVE-2005-2416 (Multiple cross-site scripting (XSS) vulnerabilities in Contrexx b
 CVE-2005-2415 (Multiple SQL injection vulnerabilities in Contrexx before 1.0.5 allow ...)
 	NOT-FOR-US: Contrexx
 CVE-2005-2414 (Race condition in the xpcom library, as used by web browsers such as ...)
-	- mozilla-firefox (bug #327549; unimportant)
-	- mozilla (bug #327550; unimportant)
+	- firefox 1.5.dfsg-1 (unimportant)
+	- mozilla-firefox <unfixed> (bug #327549; unimportant)
+	- mozilla <unfixed> (bug #327550; unimportant)
+	- iceweasel <not-affected>
 	NOTE: The turned out to be non-exploitable
 CVE-2005-2413 (PHP remote file inclusion vulnerability in apa_phpinclude.inc.php in ...)
 	NOT-FOR-US: Atomic Photo Album
@@ -6548,8 +6551,7 @@ CVE-2005-2096 (zlib 1.2 and later versions allows remote attackers to cause a de
 	[sarge] - texmacs <no-dsa> (Hardly exploitable)
 	- zlib 1:1.2.2-7 (bug #317133; medium)
 	- pvpgn 1.7.8-2 (bug #332236; unknown)
-	- mysql-dfsg-4.1 (bug #319858; unimportant)
-	NOTE: fixed in experimental in 1:1.0.5.6-1, not yet in sid
+	- mysql-dfsg-4.1 4.1.13-1 (bug #319858; unimportant)
 	- mrtg <not-affected> (Only used for internal compression, current versions link dynamically)
 	- rsync <not-affected> (Uses zlib 1.1, which is not affected)
 	NOTE: rsync upstream updated the internal zlib copy in 2.6.6 without real need,
diff --git a/data/CVE/2006.list b/data/CVE/2006.list
index aabf100ca7..fd510af339 100644
--- a/data/CVE/2006.list
+++ b/data/CVE/2006.list
@@ -13164,7 +13164,7 @@ CVE-2006-1054
 CVE-2006-1053
 	RESERVED
 CVE-2006-1052 (The selinux_ptrace logic in hooks.c in SELinux for Linux 2.6.6 allows ...)
-	- linux-2.6 2.6.15+2.6.16-rc5-0experimental.1  (low)
+	- linux-2.6 2.6.15+2.6.16-rc5-0experimental.1 (low)
 CVE-2006-1051 (SQL injection vulnerability in Akarru Social BookMarking Engine before ...)
 	NOT-FOR-US: Akurru Social BookMarking Engine
 CVE-2006-1050 (Kwik-Pay Payroll 4.2.20, and possibly other versions, stores the ...)
@@ -15381,8 +15381,7 @@ CVE-2006-0083 (Format string vulnerability in the logging code of SMS Server Too
 	{DSA-930-2 DSA-930-1}
 	- smstools 1.16-1.1 (bug #347221; medium)
 CVE-2006-0106 (gdi/driver.c and gdi/printdrv.c in Wine 20050930, and other versions, ...)
-	{DSA-954-1}
-	{CVE-2005-4560}
+	{DSA-954-1 CVE-2005-4560}
 	- wine 0.9.2-1 (bug #346197; medium)
 CVE-2006-0082 (Format string vulnerability in the SetImageInfo function in image.c ...)
 	{DSA-1213}
@@ -15425,10 +15424,11 @@ CVE-2006-0065 (SQL injection vulnerability in (1) functions.php, (2) ...)
 CVE-2006-0064 (PHP remote file include vulnerability in includes/orderSuccess.inc.php ...)
 	NOT-FOR-US: CubeCart
 CVE-2006-0063 (Cross-site scripting (XSS) vulnerability in phpBB 2.0.19, when ...)
-	- phpbb2 (unimportant)
+	- phpbb2 2.0.21-1 (unimportant)
 	[sarge] - phpbb2 <no-dsa> (Affects only an inherently unsafe option only suitable for trusted users)
 	NOTE: According to the maintainer only affects a config option that is strongly
 	NOTE: discouraged due to potential security problems
+	NOTE: (Upstream fix was in 2.0.20.)
 CVE-2006-0062 [Potential xlockmore bypass]
 	RESERVED
 	- xlockmore 1:5.13-2.1 (bug #309760)