[Secure-testing-commits] r3792 - data/CVE

Moritz Muehlenhoff jmm-guest at costa.debian.org
Thu Apr 13 07:35:41 UTC 2006 

Author: jmm-guest
Date: 2006-04-13 07:35:31 +0000 (Thu, 13 Apr 2006)
New Revision: 3792

Modified:
   data/CVE/list
Log:
new mailman issue
remove openvpn tmp entry
note issue a non-issue
clamav-getfiles issue doesn't affect sarge


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-04-13 06:29:38 UTC (rev 3791)
+++ data/CVE/list	2006-04-13 07:35:31 UTC (rev 3792)
@@ -1,3 +1,8 @@
+CVE-2006-1712 [Mailman XSS]
+	- mailman <unfixed>
+	[sarge] - mailman <not-affected> (Only affects Mailman 2.17)
+CVE-2006-1711 [plone data manipulation]
+	- zope-cmfplone 2.1.2-2
 CVE-2006-1709 (Cross-site scripting (XSS) vulnerability in shop_main.cgi in ...)
 	TODO: check
 CVE-2006-1708 (SQL injection vulnerability in member.php in Clansys 1.1 allows remote ...)
@@ -266,8 +271,6 @@
 	TODO: check
 CVE-2002-2210 (The installation of OpenOffice 1.0.1 allows local users to overwrite ...)
 	TODO: check
-CVE-2006-XXXX [openvpn missing setenv sanitising]
-	- openvpn 2.0.6-1 (bug #360559; medium)
 CVE-2006-1614 (Integer overflow in the cli_scanpe function in the PE header parser ...)
 	{DSA-1024-1}
 	- clamav 0.88.1-1
@@ -7075,7 +7078,9 @@
 	{DSA-891-1}
 	- gpsdrive 2.09-2sarge1 (bug #337495; medium)
 CVE-2005-XXXX [Insecure temp files in note]
-	- note 1.3.1-3 (bug #337492; low)
+	- note 1.3.1-3 (bug #337492; unimportant)
+	NOTE: Second issue not shipped in binary, only example, first issue not sufficiently
+	NOTE: predictable for a real world attack
 CVE-2005-3500 (The tnef_attachment function in tnef.c for Clam AntiVirus (ClamAV) ...)
 	{DSA-887-1 DTSA-21-1}
 	- clamav 0.87.1-1 (medium)
@@ -10357,7 +10362,7 @@
 	- fftw3 3.0.1-12 (low; bug #321566)
 CVE-2005-XXXX [clamav-getfile: Insecure use of temporary files]
 	- clamav-getfiles 0.5-1 (bug #321446; medium)
-	NOTE: Sarge is affected
+	[sarge] - clamav-getfiles <not-affected> (Sarge version uses mktemp)
 CVE-2005-3254 (The CGIwrap program before 3.9 on Debian GNU/Linux uses an incorrect ...)
 	{DTSA-6-1}
 	- cgiwrap 3.9-3.1 (bug #316881; low)

More information about the Secure-testing-commits mailing list