[Secure-testing-commits] r3865 - in data: CVE DSA

Moritz Muehlenhoff jmm-guest at costa.debian.org
Mon Apr 24 07:19:37 UTC 2006 

Author: jmm-guest
Date: 2006-04-24 07:19:28 +0000 (Mon, 24 Apr 2006)
New Revision: 3865

Modified:
   data/CVE/list
   data/DSA/list
Log:
blender DSA
some no-dsa


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-04-23 21:14:58 UTC (rev 3864)
+++ data/CVE/list	2006-04-24 07:19:28 UTC (rev 3865)
@@ -5069,7 +5069,6 @@
 CVE-2005-4470 (Heap-based buffer overflow in the get_bhead function in readfile.c in ...)
 	- blender 2.40-1 (bug #344398; medium)
 	[woody] - blender <no-dsa> (Woody has it in non-free and it is binary-only)
-	NOTE: Sarge is vulnerable
 CVE-2005-4469 (Multiple direct static code injection vulnerabilities in PHPGedView ...)
 	NOT-FOR-US: PHPGedView
 CVE-2005-4468 (PHP remote file include vulnerability in help_text_vars.php in ...)
@@ -9998,6 +9997,7 @@
 	TODO: When was this fixed in sid for 2.4?
 CVE-2005-2873 (The ipt_recent kernel module (ipt_recent.c) in Linux kernel 2.6.12 and ...)
 	[sarge] - kernel-source-2.4.27 <no-dsa> (Unfixable design issues)
+	[sarge] - kernel-source-2.6.8 <no-dsa> (Unfixable design issues)
 	- kernel-source-2.6.8 <unfixed> (bug #332231; low)
 	- linux-2.6 <unfixed> (bug #332381; low)
 	NOTE: Dave Miller didn't like the proposed fix and considers a complete rewrite
@@ -13664,6 +13664,7 @@
 	NOT-FOR-US: Alcatel hardware issue
 CVE-2001-1483 (One-Time Passwords In Everything (a.k.a OPIE) 2.32 and 2.4 allows ...)
 	- libpam-opie <unfixed> (bug #112279; low)
+	[sarge] - libpam-opie <no-dsa> (Documented shortcoming, minor impact)
 CVE-2001-1482 (SQL injection vulnerability in bb_memberlist.php for phpBB 1.4.2 ...)
 	NOTE: phpbb was initially uploaded as version 2 or phpbb has been removed now
 CVE-2001-1481 (Xitami 2.4 through 2.5 b4 stores the Administrator password in ...)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2006-04-23 21:14:58 UTC (rev 3864)
+++ data/DSA/list	2006-04-24 07:19:28 UTC (rev 3865)
@@ -1,3 +1,6 @@
+[24 Apr 2006] DSA-1039-1 blender - several
+        {CVE-2005-3302 CVE-2005-4470}
+        [sarge] - blender 2.36-1sarge1
 [21 Apr 2006] DSA-1038-1 xzgv - programming error
         {CVE-2006-1060}
         [woody] - xzgv 0.7-6woody3

More information about the Secure-testing-commits mailing list