[Secure-testing-commits] r2921 - in data: CVE DSA

Moritz Muehlenhoff jmm-guest at costa.debian.org
Fri Dec 2 08:58:09 UTC 2005 

Author: jmm-guest
Date: 2005-12-02 08:58:04 +0000 (Fri, 02 Dec 2005)
New Revision: 2921

Modified:
   data/CVE/list
   data/DSA/list
Log:
new helix dsa


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2005-12-01 23:16:28 UTC (rev 2920)
+++ data/CVE/list	2005-12-02 08:58:04 UTC (rev 2921)
@@ -3781,9 +3781,9 @@
 CVE-2005-2631 (Cisco Clean Access (CCA) 3.3.0 to 3.3.9, 3.4.0 to 3.4.5, and 3.5.0 to ...)
 	NOT-FOR-US: Cisco
 CVE-2005-2630 (Heap-based buffer overflow in DUNZIP32.DLL for RealPlayer 8, 10, and ...)
-	- helix-player <unfixed> (bug #340270)
+	- helix-player <not-affected> (Only Windows version of Real are affected)
 CVE-2005-2629 (Integer overflow in RealNetworks RealPlayer 8, 10, and 10.5, RealOne ...)
-	- helix-player <unfixed> (bug #340270)
+	- helix-player 1.0.6-1 (bug #340270; medium)
 CVE-2005-2628 (Macromedia Flash 6 and 7 (Flash.ocx) allows remote attackers to ...)
 	- flashplugin-nonfree 7.0.61-1 (bug #339290; high)
 CVE-2005-2627 (Multiple integer underflows in Kismet before 2005-08-R1 allow remote ...)
@@ -14753,9 +14753,7 @@
 	- kernel-patch-2.4.27-mips 2.4.27-8.040815-1
 	- kernel-patch-powerpc-2.4.27 2.4.27-3
 	- kernel-image-2.4.27-sparc 2.4.27-2
-	NOTE: above should cover 2.4
 	- kernel-source-2.6.8 2.6.8-11
-	NOTE: and the binaries built from it
 CVE-2004-1055 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
 	- phpmyadmin 2:2.6.0-pl3-1
 CVE-2004-1054 (Untrusted execution path vulnerability in invscout in IBM AIX 5.1.0, ...)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2005-12-01 23:16:28 UTC (rev 2920)
+++ data/DSA/list	2005-12-02 08:58:04 UTC (rev 2921)
@@ -1,3 +1,7 @@
+[02 Dec 2005] DSA-915-1 helix-player - buffer overflow
+	{CVE-2005-2629}
+	[sarge] - helix-player 1.0.4-1sarge2
+	NOTE: fixed in testing at time of DSA (not in testing due to RC bugs)
 [01 Dec 2005] DSA-914-1 horde2 - missing input sanitising
 	{CVE-2005-3570}
 	[sarge] - horde2 2.2.8-1sarge1

More information about the Secure-testing-commits mailing list