[Secure-testing-commits] r3755 - in data: CVE DSA

Moritz Muehlenhoff jmm-guest at costa.debian.org
Wed Apr 5 20:38:47 UTC 2006 

Author: jmm-guest
Date: 2006-04-05 20:38:40 +0000 (Wed, 05 Apr 2006)
New Revision: 3755

Modified:
   data/CVE/list
   data/DSA/list
Log:
clamav fixed
two more issues marked as non-issues


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-04-05 14:37:37 UTC (rev 3754)
+++ data/CVE/list	2006-04-05 20:38:40 UTC (rev 3755)
@@ -2,7 +2,7 @@
 	- openvpn <unfixed> (bug #360559; medium)
 CVE-2006-1614 [clamav 0.88.1 integer overflow]
 	- clamav 0.88.1-1
-CVE-2006-XXXX [clamav 0.88.1 fix possible crash in cli_bitset_test()]
+CVE-2006-1630 [clamav 0.88.1 fix possible crash in cli_bitset_test()]
 	- clamav 0.88.1-1
 CVE-2006-1615 [clamav 0.88.1 format string flaws]
 	- clamav 0.88.1-1
@@ -3174,6 +3174,7 @@
 	NOT-FOR-US: freebsd kernel
 CVE-2006-0225 (scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands ...)
 	- openssh <unfixed> (low; bug #349645; bug #352254)
+	[sarge] - openssh <no-dsa> (Protocol flaws inherited from rcp)
 	- dropbear 0.48-1 (unimportant)
 	NOTE: dropbear doesn't include scp in binary package
 CVE-2006-0224 (Buffer overflow in Library of Assorted Spiffy Things (LibAST) 0.6.1 ...)
@@ -9061,7 +9062,8 @@
 CVE-2005-2667 (Unknown vulnerability in Computer Associates (CA) Message Queuing (CAM ...)
 	NOT-FOR-US: Computer Associates
 CVE-2005-2666 (SSH, as implemented in OpenSSH before 4.0 and possibly other ...)
-	- openssh 1:4.0p1-1 (low)
+	- openssh 1:4.0p1-1 (unimportant)
+	NOTE: Lack of a security feature, not a vulnerability
 CVE-2005-2665 (Stack-based buffer overflow in expires.c in Elm 2.5 PL5 through PL7, ...)
 	NOT-FOR-US: elm-me+ is no longer in unstable or testing
 CVE-2005-2664 (Whisper 32 1.16, and possibly earlier versions, stores passwords in ...)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2006-04-05 14:37:37 UTC (rev 3754)
+++ data/DSA/list	2006-04-05 20:38:40 UTC (rev 3755)
@@ -1,3 +1,6 @@
+[05 Jan 2006] DSA-947-1 clamav - heap overflow
+        {CVE-2006-1614 CVE-2006-1615 CVE-2006-1630}
+	[sarge] - clamav 0.84-2.sarge.8
 [05 Apr 2006] DSA-1023-1 kaffeine - buffer overflow
 	{CVE-2006-0051}
 	[sarge] - kaffeine 0.6-1sarge1

More information about the Secure-testing-commits mailing list