[Secure-testing-commits] r3865 - in data: CVE DSA
Moritz Muehlenhoff
jmm-guest at costa.debian.org
Mon Apr 24 07:19:37 UTC 2006
Author: jmm-guest
Date: 2006-04-24 07:19:28 +0000 (Mon, 24 Apr 2006)
New Revision: 3865
Modified:
data/CVE/list
data/DSA/list
Log:
blender DSA
some no-dsa
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-04-23 21:14:58 UTC (rev 3864)
+++ data/CVE/list 2006-04-24 07:19:28 UTC (rev 3865)
@@ -5069,7 +5069,6 @@
CVE-2005-4470 (Heap-based buffer overflow in the get_bhead function in readfile.c in ...)
- blender 2.40-1 (bug #344398; medium)
[woody] - blender <no-dsa> (Woody has it in non-free and it is binary-only)
- NOTE: Sarge is vulnerable
CVE-2005-4469 (Multiple direct static code injection vulnerabilities in PHPGedView ...)
NOT-FOR-US: PHPGedView
CVE-2005-4468 (PHP remote file include vulnerability in help_text_vars.php in ...)
@@ -9998,6 +9997,7 @@
TODO: When was this fixed in sid for 2.4?
CVE-2005-2873 (The ipt_recent kernel module (ipt_recent.c) in Linux kernel 2.6.12 and ...)
[sarge] - kernel-source-2.4.27 <no-dsa> (Unfixable design issues)
+ [sarge] - kernel-source-2.6.8 <no-dsa> (Unfixable design issues)
- kernel-source-2.6.8 <unfixed> (bug #332231; low)
- linux-2.6 <unfixed> (bug #332381; low)
NOTE: Dave Miller didn't like the proposed fix and considers a complete rewrite
@@ -13664,6 +13664,7 @@
NOT-FOR-US: Alcatel hardware issue
CVE-2001-1483 (One-Time Passwords In Everything (a.k.a OPIE) 2.32 and 2.4 allows ...)
- libpam-opie <unfixed> (bug #112279; low)
+ [sarge] - libpam-opie <no-dsa> (Documented shortcoming, minor impact)
CVE-2001-1482 (SQL injection vulnerability in bb_memberlist.php for phpBB 1.4.2 ...)
NOTE: phpbb was initially uploaded as version 2 or phpbb has been removed now
CVE-2001-1481 (Xitami 2.4 through 2.5 b4 stores the Administrator password in ...)
Modified: data/DSA/list
===================================================================
--- data/DSA/list 2006-04-23 21:14:58 UTC (rev 3864)
+++ data/DSA/list 2006-04-24 07:19:28 UTC (rev 3865)
@@ -1,3 +1,6 @@
+[24 Apr 2006] DSA-1039-1 blender - several
+ {CVE-2005-3302 CVE-2005-4470}
+ [sarge] - blender 2.36-1sarge1
[21 Apr 2006] DSA-1038-1 xzgv - programming error
{CVE-2006-1060}
[woody] - xzgv 0.7-6woody3
More information about the Secure-testing-commits
mailing list