diff options
| author | Moritz Muehlenhoff <jmm@debian.org> | 2006-08-09 20:29:58 +0000 |
|---|---|---|
| committer | Moritz Muehlenhoff <jmm@debian.org> | 2006-08-09 20:29:58 +0000 |
| commit | 8d2191912a04bf7d787f073f43b32db181429849 (patch) | |
| tree | 4f0f9e403a0d50a7a92122c63ce251e721913e67 /data/CVE | |
| parent | 2083c06f60ef0a53707860d4d0ee2acec1a9f0aa (diff) | |
dnsmasq issue not in sarge
fix libimager-perl version
old ssh issues don't affect sarge
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@4545 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'data/CVE')
| -rw-r--r-- | data/CVE/2000.list | 2 | ||||
| -rw-r--r-- | data/CVE/2004.list | 3 | ||||
| -rw-r--r-- | data/CVE/2005.list | 6 | ||||
| -rw-r--r-- | data/CVE/2006.list | 3 |
4 files changed, 7 insertions, 7 deletions
diff --git a/data/CVE/2000.list b/data/CVE/2000.list index 8da916da2e..8a5fd49bd4 100644 --- a/data/CVE/2000.list +++ b/data/CVE/2000.list @@ -288,7 +288,7 @@ CVE-2000-0993 (Format string vulnerability in pw_error function in BSD libutil . TODO: check CVE-2000-0992 (Directory traversal vulnerability in scp in sshd 1.2.xx allows a ...) {CVE-2004-0175} - - openssh <unfixed> (low; bug #270770) + - openssh 1:3.9p1-1 (low; bug #270770) NOTE: Rediscoved as CVE-2004-0175, see there. CVE-2000-0991 (Buffer overflow in Hilgraeve, Inc. HyperTerminal client on Windows 98, ...) NOT-FOR-US: Microsoft diff --git a/data/CVE/2004.list b/data/CVE/2004.list index ed0434e460..0a17b61b50 100644 --- a/data/CVE/2004.list +++ b/data/CVE/2004.list @@ -5515,10 +5515,11 @@ CVE-2004-0176 (Multiple buffer overflows in Ethereal 0.8.13 to 0.10.2 allow remo - ethereal 0.10.3-1 (bug #239576) CVE-2004-0175 (Directory traversal vulnerability in scp for OpenSSH before 3.4p1 ...) {CVE-2000-0992} - - openssh <unfixed> (low; bug #270770) + - openssh 1:3.9p1-1 (low; bug #270770) NOTE: The directory traversal part has been fixed in OpenSSH 3.9p1. NOTE: The "SUID/SGID across trust boundaries" issue remains, but is NOTE: largely theoretic. This is a rediscovery of CVE-2000-0992. + NOTE: jmm: 3.9p1 thus marked as fixed version CVE-2004-0174 (Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using ...) - apache 1.3.29.0.2-5 CVE-2004-0172 (Heap-based buffer overflow in the search_for_command function of ...) diff --git a/data/CVE/2005.list b/data/CVE/2005.list index d4966c353b..243bfbea28 100644 --- a/data/CVE/2005.list +++ b/data/CVE/2005.list @@ -4701,7 +4701,8 @@ CVE-2005-2798 (sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is ena - openssh-krb5 <unfixed> (bug #327233; medium) [sarge] - openssh-krb5 <no-dsa> (Intended bahaviour, see #327233) CVE-2005-2797 (OpenSSH 4.0, and other versions before 4.2, does not properly handle ...) - - openssh 1:4.2p1-1 (bug #326065; medium) + - openssh 1:4.2p1-1 (bug #326065; unimportant) + NOTE: GSSAPI features not activated in binary builds CVE-2005-2796 (The sslConnectTimeout function in ssl.c for Squid 2.5.STABLE10 and ...) {DSA-809-1} - squid 2.5.10-5 (medium) @@ -5468,9 +5469,6 @@ CVE-2005-XXXX [Should include "UNRESTRICTED access to your computer" warning som NOTE: package (currently in experimental) CVE-2005-XXXX [Inconsistent escaping of user supplied data in dbauthpgsql.c] - dbmail-pgsql <unfixed> (bug #290833; medium) -CVE-2005-XXXX [time delay of password check proves account existence to attackers] - NOTE: unknown if really a bug; if it is it's different than the previous ssh delay bugs - - ssh <unfixed> (bug #314645; low) CVE-2005-2548 (vlan_dev.c in the VLAN code for Linux kernel 2.6.8 allows remote ...) {DSA-922-1 DTSA-16-1} NOTE: Will appear in next kernel DSA, fixed in 2.6 since 2.6.9-rc2 diff --git a/data/CVE/2006.list b/data/CVE/2006.list index a46598b895..7ccc08fa7c 100644 --- a/data/CVE/2006.list +++ b/data/CVE/2006.list @@ -4457,6 +4457,7 @@ CVE-2006-2018 (** DISPUTED ** ...) NOT-FOR-US: vBulletin CVE-2006-2017 (Dnsmasq 2.29 allows remote attackers to cause a denial of service ...) - dnsmasq 2.30-1 (medium) + [sarge] - dnsmasq <not-affected> (Vulnerability was introduced in 2.28) CVE-2006-2016 (Multiple cross-site scripting (XSS) vulnerabilities in phpLDAPadmin ...) {DSA-1057-1} - phpldapadmin 0.9.8.3-1 (bug #365313; low) @@ -8999,7 +9000,7 @@ CVE-2006-0054 (The ipfw firewall in FreeBSD 6.0-RELEASE allows remote attackers NOT-FOR-US: FreeBSD CVE-2006-0053 (Unspecified vulnerability in Imager (libimager-perl) before 5.0-1 ...) {DSA-1028-1} - - libimager-perl 5.0-1 (bug #359661) + - libimager-perl 0.50-1 (bug #359661) CVE-2006-0052 (The attachment scrubber (Scrubber.py) in Mailman 2.1.5 and earlier, ...) {DSA-1027-1} - mailman 2.1.6-1 (bug #358892) |