potential new kernel issue

NFUs git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@3635 e39458fd-73e7-0310-bf30-c45bca0a0e42
author: Moritz Muehlenhoff <jmm@debian.org> 2006-03-17 10:55:24 +0000
committer: Moritz Muehlenhoff <jmm@debian.org> 2006-03-17 10:55:24 +0000
commit: a43882751c3bb5aaf6b1255a74d92819679ca330 (patch)
tree: ecc63ee98a5f86c015f00a6172f0483328c5ea1f /data/CVE
parent: ba82b8e2b1bbc973635658e39b183f87279a72f5 (diff)
3 files changed, 16 insertions, 13 deletions
diff --git a/data/CVE/2000.list b/data/CVE/2000.list
index 8fcba951f4..9d3356370b 100644
--- a/data/CVE/2000.list
+++ b/data/CVE/2000.list
@@ -1,5 +1,5 @@
 CVE-2000-1239 (The HTTP interface of Tivoli Lightweight Client Framework (LCF) in IBM ...)
-	TODO: check
+	NOT-FOR-US: Tivoli
 CVE-2000-1238 (BEA Systems WebLogic Express and WebLogic Server 5.1 SP1-SP6 allows ...)
 	NOT-FOR-US: BEA Weblogic
 CVE-2000-1237 (The POP3 server in FTGate returns an -ERR code after receiving an ...)
diff --git a/data/CVE/2005.list b/data/CVE/2005.list
index 4c257e3f92..756e34ea62 100644
--- a/data/CVE/2005.list
+++ b/data/CVE/2005.list
@@ -1,7 +1,7 @@
 CVE-2005-XXXX [xsupplicant information leak]
 	- xsupplicant 1.0.1-5 (bug #317703; low)
 CVE-2005-4731 (The Next action in PEAR HTML_QuickForm_Controller 1.0.4 includes the ...)
-	TODO: check
+	NOT-FOR-US: PEAR HTML_QuickForm_Controller
 CVE-2005-4730 (Unspecified vulnerability in PEAR Text_Password 1.0 has unknown impact ...)
 	TODO: check
 CVE-2005-4729 (SQL injection vulnerabilitiy in show.php in VBZooM Forum allows remote ...)
@@ -130,8 +130,7 @@ CVE-2005-4669 (SQL injection vulnerability in RT Internet Solutions (RTIS) WebAd
 CVE-2005-4668 (The embedded HSQLDB in ParosProxy before 3.2.7, when running with JDK ...)
 	NOT-FOR-US: ParoxProxy
 CVE-2005-4667 (Buffer overflow in UnZip 5.50 and earlier allows user-complicit ...)
-	- unzip 5.52-7 (unimportant; bug #349794)
-	NOTE: Overflow can only be triggered, not setuid
+	- unzip 5.52-7 (low; bug #349794)
 CVE-2005-4666 (Cross-site scripting (XSS) vulnerability in PHlyMail before 3.3 Beta1 ...)
 	NOT-FOR-US: PHlyMail
 CVE-2005-4665 (Cross-site scripting (XSS) vulnerability in PunBB 1.2.6 and earlier ...)
diff --git a/data/CVE/2006.list b/data/CVE/2006.list
index 768a95fae4..b6b88dd472 100644
--- a/data/CVE/2006.list
+++ b/data/CVE/2006.list
@@ -1,29 +1,32 @@
 CVE-2006-XXXX [Multiple issues in libcgi-session-perl]
 	- libcgi-session-perl 4.07-1
 CVE-2006-1244 (Unspecified vulnerability in certain versions of xpdf after 3.00, as ...)
-	TODO: check
+	- xpdf <not-affected> (All issues previously fixed)
+	NOTE: Discussion has shown that the revamp patch doesn't fix new vulnerabilities
 CVE-2006-1243 (Directory traversal vulnerability in install05.php in Simple PHP Blog ...)
-	TODO: check
+	NOT-FOR-US: Simple PHP Blog 
 CVE-2006-1242 (Certain Linux 2.4 and 2.6 kernels increment the IP ID field after ...)
-	TODO: check
+	- linux-2.6 <unfixed>
+	NOTE: Possibly junk
 CVE-2006-1241 (Firebird 1.5.2.4731 installs (1) fb_lock_mgr, (2) gds_drop, and (3) ...)
 	- firebird2 <not-affected> (Not setuid in Debian)
 CVE-2006-1240 (Buffer overflow in inet_server.cpp in (1) fb_inet_server and (2) ...)
 	- firebird2 <not-affected> (Not setuid in Debian)
 CVE-2006-1239 (Cross-site scripting (XSS) vulnerability in issue/createissue.aspx in ...)
-	TODO: check
+	NOT-FOR-US: Gemini 
 CVE-2006-1238 (SQL injection vulnerability in DSLogin 1.0, with magic_quotes_gpc ...)
-	TODO: check
+	NOT-FOR-US: DSLogin 
 CVE-2006-1237 (Multiple SQL injection vulnerabilities in DSNewsletter 1.0, with ...)
-	TODO: check
+	NOT-FOR-US: DSNewsletter
 CVE-2006-1236 (Buffer overflow in the SetUp function in socket/request.c in CrossFire ...)
 	- crossfire 1.9.0-2 (medium)
 CVE-2006-1235 (Directory traversal vulnerability in admin/deleteuser.php in HitHost ...)
-	TODO: check
+	NOT-FOR-US: HitHost
 CVE-2006-1234 (SQL injection vulnerability in index.php in DSCounter 1.2, with ...)
-	TODO: check
+	NOT-FOR-US: DSCounter
 CVE-2006-1233 (Multiple cross-site scripting (XSS) vulnerabilities in WMNews allow ...)
-	TODO: check
+	NOT-FOR-US: WMNews
+begin claimed by jmm
 CVE-2006-1232 (Multiple SQL injection vulnerabilities in DSDownload 1.0, with ...)
 	TODO: check
 CVE-2006-1231 (CAPI4HylaFAX 1.3, when compiled with GENERATE_DEBUGSFFDATAFILE set, ...)
@@ -72,6 +75,7 @@ CVE-2006-1211 (IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 configures a MySQL
 	TODO: check
 CVE-2006-1210 (The web interface for IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 ...)
 	TODO: check
+end claimed by jmm
 CVE-2006-1209 (PHP Advanced Transfer Manager 1.00 through 1.30 stores sensitive ...)
 	TODO: check
 CVE-2006-1208 (Sergey Korostel PHP Upload Center allows remote attackers to execute ...)
author	Moritz Muehlenhoff <jmm@debian.org>	2006-03-17 10:55:24 +0000
committer	Moritz Muehlenhoff <jmm@debian.org>	2006-03-17 10:55:24 +0000
commit	a43882751c3bb5aaf6b1255a74d92819679ca330 (patch)
tree	ecc63ee98a5f86c015f00a6172f0483328c5ea1f /data/CVE
parent	ba82b8e2b1bbc973635658e39b183f87279a72f5 (diff)