[Secure-testing-commits] r3752 - in data: . CVE DSA

Moritz Muehlenhoff jmm-guest at costa.debian.org
Wed Apr 5 08:20:33 UTC 2006


Author: jmm-guest
Date: 2006-04-05 08:20:25 +0000 (Wed, 05 Apr 2006)
New Revision: 3752

Modified:
   data/CVE/list
   data/DSA/list
   data/ID_pending
Log:
record kernel DSA update
clamav partially CVEfied and fully fixed
bugnum
remove non-issue


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-04-04 21:07:42 UTC (rev 3751)
+++ data/CVE/list	2006-04-05 08:20:25 UTC (rev 3752)
@@ -1,7 +1,9 @@
-CVE-2006-XXXX [clamav 0.88.1 integer overflow]
-	- clamav <unfixed>
+CVE-2006-1614 [clamav 0.88.1 integer overflow]
+	- clamav 0.88.1-1
 CVE-2006-XXXX [clamav 0.88.1 fix possible crash in cli_bitset_test()]
-	- clamav <unfixed>
+	- clamav 0.88.1-1
+CVE-2006-1615 [clamav 0.88.1 format string flaws]
+	- clamav 0.88.1-1
 CVE-2006-1586 (SQL injection vulnerability in admin_login.asp in ISP of Egypt SiteMan ...)
 	NOT-FOR-US: Egypt SiteMan
 CVE-2006-1585 (Multiple SQL injection vulnerabilities in MonAlbum 0.8.7 allow remote ...)
@@ -5607,7 +5609,7 @@
 CVE-2005-3788 (Race condition in Cisco Adaptive Security Appliance (ASA) 7.0(0), ...)
 	NOT-FOR-US: Cisco appliance
 CVE-2005-3787 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
-	- phpmyadmin 4:2.6.4-pl4-1
+	- phpmyadmin 4:2.6.4-pl4-1 (bug #360726)
 CVE-2005-3786 (Novell ZENworks for Desktops 4.0.1, ZENworks for Servers 3.0.2, and ...)
 	NOT-FOR-US: Novell ZENworks
 CVE-2005-3785 (Second-order symlink vulnerability in eix-sync.in in Ebuild IndeX ...)
@@ -14731,8 +14733,6 @@
 	NOTE: stored in user's home directories instead.
 	TODO: check possibility of exploitation via scripting language,
 	TODO: as mentioned in the bug report as a separate issue
-CVE-2005-XXXX [Insecure handling of gpg passphrases in gabber]
-	- gabber <unfixed> (bug #177776; low)
 CVE-2005-1470 (Multiple unknown vulnerabilities in the (1) TZSP, (2) MGCP, (3) ISUP, ...)
 	- ethereal 0.10.10-2sarge2
 CVE-2005-1469 (Unknown vulnerability in the GSM dissector in Ethereal before 0.10.11 ...)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2006-04-04 21:07:42 UTC (rev 3751)
+++ data/DSA/list	2006-04-05 08:20:25 UTC (rev 3752)
@@ -14,6 +14,7 @@
 [24 Mar 2006] DSA-1018-1 kernel-source-2.4.27 - several
 	{CVE-2004-0887 CVE-2004-1058 CVE-2004-2607 CVE-2005-0449 CVE-2005-1761 CVE-2005-2457 CVE-2005-2555 CVE-2005-2709 CVE-2005-2973 CVE-2005-3257 CVE-2005-3783 CVE-2005-3806 CVE-2005-3848 CVE-2005-3857 CVE-2005-3858 CVE-2005-4618}
 	[sarge] - kernel-source-2.4.27 2.4.27-10sarge2
+	NOTE: An update 1018-2 was issued later, but it doesn't contain noteworthy data
 [23 Mar 2006] DSA-1017-1 kernel-source-2.6.8 - several
 	{CVE-2004-1017 CVE-2005-0124 CVE-2005-0449 CVE-2005-2457 CVE-2005-2490 CVE-2005-2555 CVE-2005-2709 CVE-2005-2800 CVE-2005-2973 CVE-2005-3044 CVE-2005-3053 CVE-2005-3055 CVE-2005-3180 CVE-2005-3181 CVE-2005-3257 CVE-2005-3356 CVE-2005-3358 CVE-2005-3783 CVE-2005-3784 CVE-2005-3806 CVE-2005-3847 CVE-2005-3848 CVE-2005-3857 CVE-2005-3858 CVE-2005-4605 CVE-2005-4618 CVE-2006-0095 CVE-2006-0096 CVE-2006-0482 CVE-2006-1066}
 	[sarge] - kernel-source-2.6.8 2.6.8-16sarge2

Modified: data/ID_pending
===================================================================
--- data/ID_pending	2006-04-04 21:07:42 UTC (rev 3751)
+++ data/ID_pending	2006-04-05 08:20:25 UTC (rev 3752)
@@ -333,8 +333,6 @@
 	TODO: as mentioned in the bug report as a separate issue
 CVE-2005-XXXX [Less secure default setting in pwgen or the lack documentation about it]
 	- pwgen 2.04-1
-CVE-2005-XXXX [Insecure handling of gpg passphrases in gabber]
-	- gabber <unfixed> (bug #177776; low)
 CVE-2005-XXXX [Missing input validation in xtradius]
 	- xtradius 1.2.1-beta2-2 (bug #307796; unimportant)
 CVE-2005-XXXX [fai tempfile vulnerability]




More information about the Secure-testing-commits mailing list