[Secure-testing-commits] r4492 - data/CVE
Moritz Muehlenhoff
jmm-guest at costa.debian.org
Wed Aug 2 22:22:50 UTC 2006
Author: jmm-guest
Date: 2006-08-02 22:22:48 +0000 (Wed, 02 Aug 2006)
New Revision: 4492
Modified:
data/CVE/list
Log:
Let's begin systematic security bug triage for Etch release:
ruby safe level priv escalation fixes
wordpress non-issue
tetex-bin links against poppler
mailscanner fixed
krb non-issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-08-02 20:02:20 UTC (rev 4491)
+++ data/CVE/list 2006-08-02 22:22:48 UTC (rev 4492)
@@ -393,7 +393,8 @@
CVE-2006-3695 (Unspecified vulnerability in Trac before 0.9.6 allows remote attackers ...)
- trac 0.9.6-1 (medium)
CVE-2006-3694 (Multiple unspecified vulnerabilities in Ruby before 1.8.5 allow remote ...)
- - ruby1.8 <unfixed> (bug #378029; low)
+ - ruby1.8 1.8.4-3 (bug #378029; medium)
+ - ruby1.9 1.9.0+20060609-1 (medium)
CVE-2006-3693 (Rocks Clusters 4.1 and earlier allows local users to gain privileges ...)
NOT-FOR-US: Rocks Clusters
CVE-2006-3692 (PHP remote file inclusion vulnerability in enduser/listmessenger.php ...)
@@ -7278,8 +7279,7 @@
CVE-2006-0734 (Unspecified vulnerability in Valve Software Half-Life CSTRIKE ...)
NOT-FOR-US: Half-Life
CVE-2006-0733 (** DISPUTED ** Cross-site scripting (XSS) vulnerability in WordPress ...)
- - wordpress <unfixed>
- NOTE: This may very well be a non-issue
+ - wordpress <unfixed> (unimportant)
CVE-2006-0732 (Directory traversal vulnerability in SAP Business Connector (BC) 4.6 ...)
NOT-FOR-US: SAP Business Connector
CVE-2006-0731 (Unspecified vulnerability in SAP Business Connector Core Fix 7 and ...)
@@ -17031,7 +17031,8 @@
- kdegraphics 4:3.4.2-1 (bug #322458; low)
- xpdf 3.00-15 (bug #322462; low)
[woody] - tetex-bin <not-affected> (pdftex doesn't include or use the vulnerable code)
- - tetex-bin <unfixed>
+ - tetex-bin 3.0-12
+ NOTE: tetex links to poppler since 3.0-12
TODO: Check, when sid was fixed for this
- gpdf 2.10.0-4 (bug #334454; low)
NOTE: Cups switched to xpdf-utils
@@ -18818,7 +18819,7 @@
CVE-2005-1707 (The fn_show_postinst function in Gentoo webapp-config before 1.10-r14 ...)
NOT-FOR-US: Gentoo
CVE-2005-1706 (Unknown vulnerability in MailScanner 4.41.3 and earlier, related to ...)
- - mailscanner <unfixed> (bug #310774; low)
+ - mailscanner 4.42.9 (bug #310774; low)
CVE-2005-1705 (gdb before 6.3 searches the current working directory to load the ...)
- gdb 6.3-6
CVE-2005-1704 (Integer overflow in the Binary File Descriptor (BFD) library for gdb ...)
@@ -23075,10 +23076,10 @@
NOT-FOR-US: Thomson cable modem
CVE-2005-0488 (Certain BSD-based Telnet clients, including those used on Solaris and ...)
TODO: check heimdal, netkit-telnet-ssl
- - krb4 <unfixed> (low)
+ - krb4 <unfixed> (unimportant)
[woody] - krb4 <no-dsa> (Documented behaviour in MIT Kerberos)
[sarge] - krb4 <no-dsa> (Documented behaviour in MIT Kerberos)
- - krb5 <unfixed> (low)
+ - krb5 <unfixed> (unimportant)
[woody] - krb5 <no-dsa> (Documented behaviour in MIT Kerberos)
[sarge] - krb5 <no-dsa> (Documented behaviour in MIT Kerberos)
- netkit-telnet <not-affected> (netkit-telnet is not affected)
More information about the Secure-testing-commits
mailing list