[Secure-testing-commits] r2649 - data/CVE

Moritz Muehlenhoff jmm-guest at costa.debian.org
Thu Nov 3 08:29:25 UTC 2005 

Author: jmm-guest
Date: 2005-11-03 08:29:20 +0000 (Thu, 03 Nov 2005)
New Revision: 2649

Modified:
   data/CVE/list
Log:
acidbase fixed, update on smail


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2005-11-03 07:43:45 UTC (rev 2648)
+++ data/CVE/list	2005-11-03 08:29:20 UTC (rev 2649)
@@ -172,7 +172,7 @@
 CVE-2005-3326 (SQL injection vulnerability in usercp.php in MyBulletinBoard (MyBB) ...)
 	NOT-FOR-US: MyBB
 CVE-2005-3325 (SQL injection vulnerability in base_qry_main.php in Basic Analysis and ...)
-	- acidbase <unfixed> (bug #335998; bug #336788; medium)
+	- acidbase 1.2.1-1 (bug #335998; bug #336788; medium)
 	NOTE: the fix from 1.2-2 did not address the problem fully
 	- acidlab 0.9.6b20-13
 CVE-2005-3324 (SQL injection vulnerability in chat.php in MWChat 6.8 allows remote ...)
@@ -9034,11 +9034,13 @@
 CVE-2005-0894 (OpenmosixCollector and OpenMosixView in OpenMosixView 1.5 allow local ...)
 	- openmosixview 1.5-7
 CVE-2005-0893 (modes.c in smail 3.2.0.120 implements signal handlers with certain ...)
-	- smail <unfixed> (bug #301428; medium)
-	NOTE: no patch known at this time.
+	- smail <unfixed> (bug #335042; low)
+	NOTE: no patch known at this time, according to upstream impossible to exploit
+	NOTE: OTOH upstream thought the same about CVE-2005-0892, but the attack vector
+	NOTE: seems in fact quite obscure
 CVE-2005-0892 (Buffer overflow in smail 3.2.0.120 allows remote attackers or local ...)
 	{DSA-722-1}
-	- smail 3.2.0.115-7
+	- smail 3.2.0.115-7 (bug #301428; high)
 CVE-2005-0891 (Double-free vulnerability in gtk 2 (gtk2) before 2.2.4 allows remote ...)
 	NOTE: The description is wrong; 2.6 is affected as well
 	- gtk+2.0 2.6.4-1
@@ -12593,7 +12595,7 @@
 	NOT-FOR-US: Netscape Directory Server on HP-UX
 CVE-2004-1235 (Race condition in the (1) load_elf_library and (2) binfmt_aout ...)
 	- linux-2.6 2.6.12-1 (bug #289202; high)
-	- kernel-source-2.4.27 2.4.27-8 (bug #289202; high)
+	- kernel-source-2.4.27 2.4.27-8 (bug #289202; bug #289708; high)
 CVE-2004-1234 (load_elf_binary in Linux before 2.4.26 allows local users to cause a ...)
 	NOTE: fixed after 2.4.25
 CVE-2004-1233 (Integer overflow in Gadu-Gadu allows remote attackers to cause a ...)

More information about the Secure-testing-commits mailing list