[Secure-testing-commits] r2686 - in data: CVE DSA

Moritz Muehlenhoff jmm-guest at costa.debian.org
Mon Nov 7 17:30:17 UTC 2005 

Author: jmm-guest
Date: 2005-11-07 17:30:10 +0000 (Mon, 07 Nov 2005)
New Revision: 2686

Modified:
   data/CVE/list
   data/DSA/list
Log:
new chmlib dsa, bugnums


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2005-11-07 12:59:27 UTC (rev 2685)
+++ data/CVE/list	2005-11-07 17:30:10 UTC (rev 2686)
@@ -11,7 +11,7 @@
 	{DTSA-21-1}
 	- clamav 0.87.1-1 (medium)
 CVE-2005-XXXX [Multiple security issues in Scorched 3D]
-	- scorched3d <unfixed> (bug filed; medium)
+	- scorched3d <unfixed> (bug #337403; medium)
 CVE-2005-3482 (Cisco 1200, 1131, and 1240 series Access Points, when operating in ...)
 	NOT-FOR-US: Cisco hardware
 CVE-2005-3481 (Cisco IOS 12.0 to 12.4 might allow remote attackers to execute ...)
@@ -368,8 +368,8 @@
 CVE-2005-3324 (SQL injection vulnerability in chat.php in MWChat 6.8 allows remote ...)
 	NOT-FOR-US: MWChat
 CVE-2005-3323 (docutils in Zope 2.6, 2.7 before 2.7.8, and 2.8 before 2.8.2 allows ...)
-	- zope2.8 2.8.1-7 (bug #334055; high)
-	- zope2.7 2.7.8-1 (bug #334055; high)
+	- zope2.8 2.8.1-7 (bug #334055; bug #334054; high)
+	- zope2.7 2.7.8-1 (bug #334055; bug #334054; high)
 CVE-2005-3322 (Unspecified vulnerability in Squid on SUSE Linux 9.0 allows remote ...)
 	TODO: check
 CVE-2005-3321 (chkstat in SuSE Linux 9.0 through 10.0 allows local users to modify ...)
@@ -1630,7 +1630,7 @@
 	- wine 0.0.20050830-1 (bug #327261; bug #327262; high)
 CVE-2005-2920 (Buffer overflow in libclamav/upx.c in Clam AntiVirus (ClamAV) before ...)
 	{DSA-824-1 DTSA-19-1}
-	- clamav 0.87-1 (bug #328660; medium)
+	- clamav 0.87-1 (bug #328660; bug #329280; medium)
 CVE-2005-2919 (libclamav/fsg.c in Clam AntiVirus (ClamAV) before 0.87 allows remote ...)
 	{DSA-824-1 DTSA-19-1}
 	- clamav 0.87-1 (bug #328660; medium)
@@ -1665,7 +1665,6 @@
 	- chmlib 0.36-1 (bug #327431)
 CVE-2005-2802
 	REJECTED
-	NOTE: rejected, initially ipt_recent related
 CVE-2005-2878 (Format string vulnerability in search.c in the imap4d server in GNU ...)
 	{DSA-841-1 DTSA-20-1}
 	- mailutils 1:0.6.90-3 (bug #327424; high)
@@ -2156,8 +2155,9 @@
 CVE-2005-2660 (apachetop 0.12.5 and earlier, when running in debug mode, allows local ...)
 	{DSA-839-1}
 	- apachetop 0.12.5-3 (unknown)
-CVE-2005-2659
+CVE-2005-2659 [Buffer overflow in chmlib's LZX decompressor]
 	RESERVED
+	- chmlib 0.37-2 (unknown)
 CVE-2005-2658 (Buffer overflow in utility.cpp in Turquoise SuperStat (turqstat) 2.2.4 ...)
 	{DSA-812-1}
 	- turqstat 2.2.4-1 (medium)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2005-11-07 12:59:27 UTC (rev 2685)
+++ data/DSA/list	2005-11-07 17:30:10 UTC (rev 2686)
@@ -1,3 +1,7 @@
+[07 Nov 2005] DSA-886-1 chmlib - several
+	{CVE-2005-2659 CVE-2005-2930 CVE-2005-3318}
+	[sarge] - chmlib 0.35-6sarge1
+	NOTE: not fixed in testing at time of DSA (not built on all archs)
 [07 Nov 2005] DSA-885-1 openvpn - several
 	{CVE-2005-3393 CVE-2005-3409}
 	[sarge] - openvpn 2.0-1sarge2

More information about the Secure-testing-commits mailing list