[Secure-testing-commits] r3754 - data/CVE

Moritz Muehlenhoff jmm-guest at costa.debian.org
Wed Apr 5 14:37:45 UTC 2006 

Author: jmm-guest
Date: 2006-04-05 14:37:37 +0000 (Wed, 05 Apr 2006)
New Revision: 3754

Modified:
   data/CVE/list
Log:
merge recent shadow/base-config issue, remove mysterious
   reference to reserved old CVE ID
no-dsa for minor honeyd leak
kaffeine fixed in experimental


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-04-05 10:19:28 UTC (rev 3753)
+++ data/CVE/list	2006-04-05 14:37:37 UTC (rev 3754)
@@ -1,3 +1,5 @@
+CVE-2006-XXXX [openvpn missing setenv sanitising]
+	- openvpn <unfixed> (bug #360559; medium)
 CVE-2006-1614 [clamav 0.88.1 integer overflow]
 	- clamav 0.88.1-1
 CVE-2006-XXXX [clamav 0.88.1 fix possible crash in cli_bitset_test()]
@@ -506,7 +508,8 @@
 CVE-2006-1377 (Cross-site scripting (XSS) vulnerability in img.php in (1) EasyMoblog ...)
 	NOT-FOR-US: EasyMoblog
 CVE-2006-1376 (The installation of Debian GNU/Linux 3.1r1 from the network install CD ...)
-	- passwd 1:4.0.14-9 (bug #358210; bug #356939)
+	- shadow 1:4.0.14-9 (bug #358210; bug #356939)
+	- base-config 2.68 (bug #254068; low)
 CVE-2006-1375 (AdMan 1.0.20051221 and earlier allows remote attackers to obtain the ...)
 	NOT-FOR-US: AdMan
 CVE-2006-1374 (SQL injection vulnerability in viewStatement.php in AdMan 1.0.20051221 ...)
@@ -1858,6 +1861,7 @@
 	NOT-FOR-US: Microsoft
 CVE-2006-0752 (Niels Provos Honeyd before 1.5 replies to certain illegal IP packet ...)
 	- honeyd <unfixed> (bug #353064; low)
+	[sarge] - honeyd <no-dsa> (Too insignificant)
 CVE-2006-0751 (Multiple unspecified vulnerabilities in the (1) Filesystem in ...)
 	TODO: check
 CVE-2006-0750 (SQL injection vulnerability in index.php in supersmashbrothers (SSB) ...)
@@ -3749,8 +3753,9 @@
 	- libimager-perl <unfixed> (bug #359661)
 CVE-2006-0052 (The attachment scrubber (Scrubber.py) in Mailman 2.1.5 and earlier, ...)
 	- mailman <unfixed> (bug #358892)
-CVE-2006-0051
+CVE-2006-0051 [kaffeine ram buffer overflow]
 	RESERVED
+	- kaffeine 0.8-1
 CVE-2006-0050 (snmptrapfmt in Debian 3.0 allows local users to overwrite arbitrary ...)
 	{DSA-1013-1}
 	- snmptrapfmt 1.10
@@ -11431,10 +11436,8 @@
 	NOT-FOR-US: Online Recruitment Agency
 CVE-2004-2155 (Online-bookmarks before 0.4.6 allows remote attackers to bypass its ...)
 	NOT-FOR-US: Online-bookmarks
-CVE-2005-2348 [base-config log should not be world readable]
+CVE-2005-2348
 	RESERVED
-	- base-config 2.68 (bug #254068; low)
-	NOTE: Sarge and Woody affected
 CVE-2005-2169 (Directory traversal vulnerability in source.php in Quick &amp; Dirty ...)
 	NOT-FOR-US: PHPSource Printer
 CVE-2005-2168 (delete.php in Plague News System 0.6 and earlier allows remote ...)

More information about the Secure-testing-commits mailing list