[Secure-testing-commits] r4481 - in data: CVE DSA

Moritz Muehlenhoff jmm-guest at costa.debian.org
Tue Aug 1 20:25:04 UTC 2006 

Author: jmm-guest
Date: 2006-08-01 20:25:00 +0000 (Tue, 01 Aug 2006)
New Revision: 4481

Modified:
   data/CVE/list
   data/DSA/list
Log:
- Sarge is not affected by livehttpheaders dos and kde lockout
- new mantis DSA - many thanks to Thijs for wading through all this
- older mantis issue was already fixed in previous DSA


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-08-01 14:26:28 UTC (rev 4480)
+++ data/CVE/list	2006-08-01 20:25:00 UTC (rev 4481)
@@ -305,6 +305,7 @@
 	NOTE: PoC: http://www.sfritsch.de/~stf/CVE-2006-3731.html
 	NOTE: might still be a firefox issue
 	- mozilla-livehttpheaders <unfixed> (bug #379050; low)
+	[sarge] - mozilla-livehttpheaders <not-affected>
 CVE-2006-3730 (Microsoft Internet Explorer 6 on Windows XP SP2 allows remote ...)
 	NOT-FOR-US: MSIE
 CVE-2006-3729 (DataSourceControl in Internet Explorer 6 on Windows XP SP2 with Office ...)
@@ -1987,8 +1988,9 @@
 CVE-2006-2934 (SCTP conntrack (ip_conntrack_proto_sctp.c) in netfilter for Linux ...)
 	- linux-2.6 2.6.17-3
 	- linux-2.6.16 2.6.16-17
-CVE-2006-2933
+CVE-2006-2933 [kdm dos]
 	RESERVED
+	[sarge] - kdebase <not-affected> (Only KDE < 3.2 vulnerable)
 CVE-2006-2932
 	RESERVED
 CVE-2006-2931 (CMS Mundo before 1.0 build 008 does not properly verify uploaded image files, ...)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2006-08-01 14:26:28 UTC (rev 4480)
+++ data/DSA/list	2006-08-01 20:25:00 UTC (rev 4481)
@@ -1,3 +1,6 @@
+[01 Aug 2006] DSA-1133-1 mantis - cross site scripting
+        {CVE-2006-0664 CVE-2006-0665 CVE-2006-0841 CVE-2006-1577}
+        [sarge] - mantis 0.19.2-5sarge4.1
 [01 Aug 2006] DSA-1132-1 apache2 - buffer overflow
         {CVE-2006-3747}
         [sarge] - apache2 2.0.54-5sarge1
@@ -704,7 +707,7 @@
 	NOTE: sarge is also affected, but the uploaded version is greater
 	NOTE: than the fixed sid version.
 [17 Jan 2006] DSA-944-1 mantis - several
-	{CVE-2005-4238 CVE-2005-4518 CVE-2005-4519 CVE-2005-4520 CVE-2005-4521 CVE-2005-4522 CVE-2005-4523 CVE-2005-4524}
+	{CVE-2005-4238 CVE-2005-4518 CVE-2005-4519 CVE-2005-4520 CVE-2005-4521 CVE-2005-4522 CVE-2005-4523 CVE-2005-4524 CVE-2006-0840}
 	[woody] - mantis <not-affected> (Vulnerable code not present)
 	[sarge] - mantis 0.19.2-5sarge1
 	NOTE: fixed in testing at time of DSA

More information about the Secure-testing-commits mailing list