[Secure-testing-commits] r3767 - in data: CVE DSA
Moritz Muehlenhoff
jmm-guest at costa.debian.org
Fri Apr 7 07:48:28 UTC 2006
Author: jmm-guest
Date: 2006-04-07 07:48:08 +0000 (Fri, 07 Apr 2006)
New Revision: 3767
Modified:
data/CVE/list
data/DSA/list
Log:
added missing CVE IDs to latest koffice DSA
openvpn fixed
horde fixed
older freeradius issues already fixed
checked some older sarge issues
bugnums
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-04-06 23:15:45 UTC (rev 3766)
+++ data/CVE/list 2006-04-07 07:48:08 UTC (rev 3767)
@@ -86,7 +86,7 @@
CVE-2002-2210 (The installation of OpenOffice 1.0.1 allows local users to overwrite ...)
TODO: check
CVE-2006-XXXX [openvpn missing setenv sanitising]
- - openvpn <unfixed> (bug #360559; medium)
+ - openvpn 2.0.6-1 (bug #360559; medium)
CVE-2006-1614 [clamav 0.88.1 integer overflow]
RESERVED
{DSA-1024-1}
@@ -117,7 +117,7 @@
CVE-2006-1578 (Multiple SQL injection vulnerabilities in Keystone Digital Library ...)
NOT-FOR-US: Keystone Digital Library Suite
CVE-2006-1577 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- - mantis <unfixed>
+ - mantis <unfixed> (bug #361138)
CVE-2006-1576 (Direct static code injection vulnerability in QLnews 1.2 allows remote ...)
NOT-FOR-US: QLnews
CVE-2006-1575 (Multiple cross-site scripting (XSS) vulnerabilities in news.php in ...)
@@ -300,7 +300,7 @@
CVE-2006-1506 (Unspecified vulnerability in rsh in Sun Microsystems Sun Grid Engine ...)
NOT-FOR-US: Sun Microsystems Sun Grid Engine 5.3
CVE-2006-1505 (base_maintenance.php in Basic Analysis and Security Engine (BASE) ...)
- - acidbase <unfixed>
+ - acidbase <unfixed> (bug #361139)
CVE-2006-1504 (Multiple cross-site scripting (XSS) vulnerabilities in Arab Portal 2.0 ...)
NOT-FOR-US: Arab Portal
CVE-2006-1503 (PHP remote file inclusion vulnerability in ...)
@@ -352,7 +352,7 @@
- mediawiki 1.4.15-1
- mediawiki1.5 1.5.8-1
CVE-2006-1491 (Eval injection vulnerability in Horde Application Framework versions ...)
- - horde3 <unfixed>
+ - horde3 3.1.1-1
CVE-2006-1490 (PHP before 5.1.3-RC1 might allow remote attackers to obtain portions ...)
- php5 <unfixed> (bug #359904; low)
- php4 <unfixed> (bug #359907; low)
@@ -547,11 +547,11 @@
CVE-2005-4747 (Cross-site scripting (XSS) vulnerability in WebHost Automation Ltd ...)
TODO: check
CVE-2005-4746 (Multiple buffer overflows in FreeRADIUS 1.0.3 and 1.0.4 allow remote ...)
- TODO: check
+ - freeradius 1.0.5-1
CVE-2005-4745 (SQL injection vulnerability in the rlm_sqlcounter module in FreeRADIUS ...)
- TODO: check
+ - freeradius 1.0.5-1
CVE-2005-4744 (Off-by-one error in the sql_error function in sql_unixodbc.c in ...)
- TODO: check
+ - freeradius 1.0.5-1
CVE-1999-1587 (/usr/ucb/ps in Sun Microsystems Solaris 8 and 9, and certain earlier ...)
TODO: check
CVE-2006-1396 (Multiple cross-site scripting (XSS) vulnerabilities in Cholod MySQL ...)
@@ -6474,6 +6474,8 @@
NOTE: First patch had regressions
CVE-2005-3538 (hfaxd in HylaFAX 4.2.3, when PAM support is disabled, accepts ...)
- hylafax 2:4.2.4-1
+ [sarge] - hylagax <not-affected> (Affected only 4.2.3)
+ [woody] - hylagax <not-affected> (Affected only 4.2.3)
CVE-2005-3537 (A "missing request validation" error in phpBB 2 before 2.0.18 allows ...)
{DSA-925-1}
- phpbb2 2.0.18-1 (bug #336582; medium)
@@ -8047,6 +8049,8 @@
- fuzz 0.6-7.1 (bug #183047)
CVE-2005-XXXX [DoS triggering endless loops in findutils -follow option]
- findutils 4.2.22-1 (bug #313081)
+ [woody] - findutils <not-affected> (Only code between 4.2.18 and 4.2.22 affected)
+ [sarge] - findutils <not-affected> (Only code between 4.2.18 and 4.2.22 affected)
CVE-2005-3138 (Bugzilla 2.18rc1 through 2.18.3, 2.19 through 2.20rc2, and 2.21 allows ...)
[woody] - bugzilla <not-affected> (Only Bugzilla >= 2.18 is affected)
[sarge] - bugzilla <not-affected> (Only Bugzilla >= 2.18 is affected)
@@ -8158,7 +8162,8 @@
CVE-2005-3071 (Unspecified vulnerability in Unix File System (UFS) on Solaris 8 and ...)
NOT-FOR-US: Solaris
CVE-2005-3070 (HylaFax 4.2.1 and earlier does not create or verify ownership of the ...)
- - hylafax 1:4.2.2+rc1 (bug #329384; low)
+ - hylafax 1:4.2.2+rc1 (bug #329384; unimportant)
+ NOTE: This was judged non-exploitable
CVE-2005-3069 (xferfaxstats in HylaFax 4.2.1 and earlier allows local users to ...)
{DSA-865-1}
- hylafax 1:4.2.2+rc1 (bug #329384; low)
Modified: data/DSA/list
===================================================================
--- data/DSA/list 2006-04-06 23:15:45 UTC (rev 3766)
+++ data/DSA/list 2006-04-07 07:48:08 UTC (rev 3767)
@@ -27,7 +27,7 @@
{CVE-2006-0459}
[sarge] - flex 2.5.31-31sarge1
[24 Mar 2006] DSA-1019-1 koffice - several
- {CVE-2006-1244}
+ {CVE-2006-1244 CVE-2006-3192 CVE-2006-0301}
[sarge] - koffice 1.3.5-4.sarge.3
[24 Mar 2006] DSA-1018-1 kernel-source-2.4.27 - several
{CVE-2004-0887 CVE-2004-1058 CVE-2004-2607 CVE-2005-0449 CVE-2005-1761 CVE-2005-2457 CVE-2005-2555 CVE-2005-2709 CVE-2005-2973 CVE-2005-3257 CVE-2005-3783 CVE-2005-3806 CVE-2005-3848 CVE-2005-3857 CVE-2005-3858 CVE-2005-4618}
More information about the Secure-testing-commits
mailing list