diff options
author | Florian Weimer <fw@deneb.enyo.de> | 2007-01-10 20:37:50 +0000 |
---|---|---|
committer | Florian Weimer <fw@deneb.enyo.de> | 2007-01-10 20:37:50 +0000 |
commit | a536f2fbe115f14d3868ab3b9ad6f8b0cf9dddca (patch) | |
tree | 0fbdc83b1435b2af0ba0767958d3e6383f5eb6fb | |
parent | 07bbfffc558717b6c0a449e760503c4811101b4b (diff) |
some whitespace fixes
a few fixed versions for unimportant bugs
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@5234 e39458fd-73e7-0310-bf30-c45bca0a0e42
-rw-r--r-- | data/CVE/2001.list | 2 | ||||
-rw-r--r-- | data/CVE/2002.list | 2 | ||||
-rw-r--r-- | data/CVE/2005.list | 18 | ||||
-rw-r--r-- | data/CVE/2006.list | 8 |
4 files changed, 16 insertions, 14 deletions
diff --git a/data/CVE/2001.list b/data/CVE/2001.list index 76db32fbd7..5ae2ea1d7c 100644 --- a/data/CVE/2001.list +++ b/data/CVE/2001.list @@ -104,7 +104,7 @@ CVE-2001-1535 (Slashcode 2.0 creates new accounts with an 8-character random ... - slash 2.2.6-8 (bug #328927; low) [sarge] - slash <no-dsa> (Lack of a security feature, minor security problem) CVE-2001-1534 (mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's ...) - - apache (bug #328919; unimportant) + - apache <unfixed> (bug #328919; unimportant) - apache2 <unfixed> (unimportant) NOTE: Cookies are only used for invading user privacy, NOTE: not for authentication, so apache and apache2 should be fine. diff --git a/data/CVE/2002.list b/data/CVE/2002.list index 95775ecdae..4d16cec1c6 100644 --- a/data/CVE/2002.list +++ b/data/CVE/2002.list @@ -3314,7 +3314,7 @@ CVE-2002-0710 (Directory traversal vulnerability in sendform.cgi 1.44 and earlie CVE-2002-0704 (The Network Address Translation (NAT) capability for Netfilter ...) NOTE: kernel netfilter bug, not in user space NOTE: this is fixed in kernel 2.4.20 - - kernel-image-2.4.18-i386 (bug #152152; unimportant) + - kernel-image-2.4.18-i386 <unfixed> (bug #152152; unimportant) CVE-2002-0703 (An interaction between the Perl MD5 module (perl-Digest-MD5) and Perl ...) - perl 5.8.0-7 (bug #282527) CVE-2002-0701 (ktrace in BSD-based operating systems allows the owner of a process ...) diff --git a/data/CVE/2005.list b/data/CVE/2005.list index d5811ee34d..eafa1d20ec 100644 --- a/data/CVE/2005.list +++ b/data/CVE/2005.list @@ -876,8 +876,8 @@ CVE-2005-4444 (Stack-based buffer overflow in the trace message functionality in CVE-2005-4443 (Untrusted search path vulnerability in Gauche before 0.8.6-r1 on ...) - gauche <not-affected> (Gentoo-specific packaging flaw) CVE-2005-4442 (Untrusted search path vulnerability in OpenLDAP before 2.2.28-r3 on ...) - - openldap2 <not-affected> (Gentoo-specific packaging flaw) - - openldap2.2 <not-affected> (Gentoo-specific packaging flaw) + - openldap2 <not-affected> (Gentoo-specific packaging flaw) + - openldap2.2 <not-affected> (Gentoo-specific packaging flaw) CVE-2005-4441 (The PVLAN protocol allows remote attackers to bypass network ...) TODO: check, whether this has ramifications on the kernel's VLAN implementation TODO: or whether it's a generic unfixable protocol flaw @@ -4441,7 +4441,7 @@ CVE-2005-2948 (KillProcess 2.20 and earlier allows local users to bypass kill li CVE-2005-2947 (Buffer overflow in KillProcess 2.20 and earlier allows user-assisted ...) NOT-FOR-US: KillProcess CVE-2005-2946 (The default configuration on OpenSSL before 0.9.8 uses MD5 for ...) - - openssl (bug #314465; unimportant) + - openssl 0.9.8-1 (bug #314465; unimportant) NOTE: MD5 is still good enough for most applications, second preimage attacks NOTE: haven't been presented yet CVE-2005-2944 (The perform_file_save function in GNOME Workstation Command Center ...) @@ -5710,8 +5710,9 @@ CVE-2005-2433 (PhpList allows remote attackers to obtain sensitive information v CVE-2005-2432 (SQL injection vulnerability in PhpList allows remote attackers to ...) NOT-FOR-US: PhpList CVE-2005-2431 (The (1) lost password and (2) account pending features in GForge 4.5 ...) - - gforge (bug #328224; unimportant) + - gforge 4.5.14-2 (bug #328224; unimportant) NOTE: Direct flooding is possible as well in most circumstances. + NOTE: (Upstream fix was in gforge 4.5.0.1.) CVE-2005-2430 (Multiple cross-site scripting (XSS) vulnerabilities in GForge 4.5 ...) {DSA-1094-1} - gforge 4.5.14-9 (bug #328224; medium) @@ -5747,8 +5748,10 @@ CVE-2005-2416 (Multiple cross-site scripting (XSS) vulnerabilities in Contrexx b CVE-2005-2415 (Multiple SQL injection vulnerabilities in Contrexx before 1.0.5 allow ...) NOT-FOR-US: Contrexx CVE-2005-2414 (Race condition in the xpcom library, as used by web browsers such as ...) - - mozilla-firefox (bug #327549; unimportant) - - mozilla (bug #327550; unimportant) + - firefox 1.5.dfsg-1 (unimportant) + - mozilla-firefox <unfixed> (bug #327549; unimportant) + - mozilla <unfixed> (bug #327550; unimportant) + - iceweasel <not-affected> NOTE: The turned out to be non-exploitable CVE-2005-2413 (PHP remote file inclusion vulnerability in apa_phpinclude.inc.php in ...) NOT-FOR-US: Atomic Photo Album @@ -6548,8 +6551,7 @@ CVE-2005-2096 (zlib 1.2 and later versions allows remote attackers to cause a de [sarge] - texmacs <no-dsa> (Hardly exploitable) - zlib 1:1.2.2-7 (bug #317133; medium) - pvpgn 1.7.8-2 (bug #332236; unknown) - - mysql-dfsg-4.1 (bug #319858; unimportant) - NOTE: fixed in experimental in 1:1.0.5.6-1, not yet in sid + - mysql-dfsg-4.1 4.1.13-1 (bug #319858; unimportant) - mrtg <not-affected> (Only used for internal compression, current versions link dynamically) - rsync <not-affected> (Uses zlib 1.1, which is not affected) NOTE: rsync upstream updated the internal zlib copy in 2.6.6 without real need, diff --git a/data/CVE/2006.list b/data/CVE/2006.list index aabf100ca7..fd510af339 100644 --- a/data/CVE/2006.list +++ b/data/CVE/2006.list @@ -13164,7 +13164,7 @@ CVE-2006-1054 CVE-2006-1053 RESERVED CVE-2006-1052 (The selinux_ptrace logic in hooks.c in SELinux for Linux 2.6.6 allows ...) - - linux-2.6 2.6.15+2.6.16-rc5-0experimental.1 (low) + - linux-2.6 2.6.15+2.6.16-rc5-0experimental.1 (low) CVE-2006-1051 (SQL injection vulnerability in Akarru Social BookMarking Engine before ...) NOT-FOR-US: Akurru Social BookMarking Engine CVE-2006-1050 (Kwik-Pay Payroll 4.2.20, and possibly other versions, stores the ...) @@ -15381,8 +15381,7 @@ CVE-2006-0083 (Format string vulnerability in the logging code of SMS Server Too {DSA-930-2 DSA-930-1} - smstools 1.16-1.1 (bug #347221; medium) CVE-2006-0106 (gdi/driver.c and gdi/printdrv.c in Wine 20050930, and other versions, ...) - {DSA-954-1} - {CVE-2005-4560} + {DSA-954-1 CVE-2005-4560} - wine 0.9.2-1 (bug #346197; medium) CVE-2006-0082 (Format string vulnerability in the SetImageInfo function in image.c ...) {DSA-1213} @@ -15425,10 +15424,11 @@ CVE-2006-0065 (SQL injection vulnerability in (1) functions.php, (2) ...) CVE-2006-0064 (PHP remote file include vulnerability in includes/orderSuccess.inc.php ...) NOT-FOR-US: CubeCart CVE-2006-0063 (Cross-site scripting (XSS) vulnerability in phpBB 2.0.19, when ...) - - phpbb2 (unimportant) + - phpbb2 2.0.21-1 (unimportant) [sarge] - phpbb2 <no-dsa> (Affects only an inherently unsafe option only suitable for trusted users) NOTE: According to the maintainer only affects a config option that is strongly NOTE: discouraged due to potential security problems + NOTE: (Upstream fix was in 2.0.20.) CVE-2006-0062 [Potential xlockmore bypass] RESERVED - xlockmore 1:5.13-2.1 (bug #309760) |