[Secure-testing-commits] r3732 - in data: CVE DSA

Moritz Muehlenhoff jmm-guest at costa.debian.org
Mon Apr 3 07:52:23 UTC 2006


Author: jmm-guest
Date: 2006-04-03 07:52:14 +0000 (Mon, 03 Apr 2006)
New Revision: 3732

Modified:
   data/CVE/list
   data/DSA/list
Log:
three new issues in struts
new kernel dos
corrected DSA


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-04-03 07:25:35 UTC (rev 3731)
+++ data/CVE/list	2006-04-03 07:52:14 UTC (rev 3732)
@@ -1,3 +1,9 @@
+CVE-2006-1548 [struts xss]
+	- libstruts1.2-java <unfixed> (bug filed)
+CVE-2006-1547 [struts dos]
+	- libstruts1.2-java <unfixed> (bug filed)
+CVE-2006-1546 [struts validation bypass]
+	- libstruts1.2-java <unfixed> (bug filed)
 CVE-2006-1545 (Direct static code injection vulnerability in admin/config.php in ...)
 	TODO: check
 CVE-2006-1544 (Multiple cross-site scripting (XSS) vulnerabilities in news.php in ...)
@@ -1091,8 +1097,9 @@
 	RESERVED
 CVE-2006-1056
 	RESERVED
-CVE-2006-1055
+CVE-2006-1055 [local DoS in kernel's sysfs code]
 	RESERVED
+	- linux-2.6 <unfixed>
 CVE-2006-1054
 	RESERVED
 CVE-2006-1053
@@ -3899,7 +3906,7 @@
 	NOTE: nfs-utils (kernel NFS server) is not affected
 	NOTE: (it uses PATH_MAX for the buffer passed to realpath).
 CVE-2006-0042 (Unspecified vulnerability in (1) apreq_parse_headers and (2) ...)
-	{DSA-1000-1}
+	{DSA-1000-2}
 	- libapreq2 2.07-1
 CVE-2006-0041
 	RESERVED

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2006-04-03 07:25:35 UTC (rev 3731)
+++ data/DSA/list	2006-04-03 07:52:14 UTC (rev 3732)
@@ -85,10 +85,9 @@
 	[woody] - crossfire 1.1.0-1woody1
 	[sarge] - crossfire 1.6.0.dfsg.1-4sarge1
 	NOTE: not fixed in testing at the time of DSA (too young)
-[14 Mar 2006] DSA-1000-1 libapreq2-perl - design error
+[14 Mar 2006] DSA-1000-2 libapreq2-perl - design error
 	{CVE-2006-0042}
-	[sarge] - libapreq2-perl 2.04-dev-1sarge1
-	NOTE: fixed in testing at the time of DSA (removed from sid)
+	[sarge] - libapreq2-perl 2.04-dev-1sarge2
 [14 Mar 2006] DSA-999-1 lurker - several
 	{CVE-2006-1062 CVE-2006-1063 CVE-2006-1064}
 	[sarge] - lurker 1.2-5sarge1




More information about the Secure-testing-commits mailing list