[Secure-testing-commits] r4642 - in data: CVE DSA

Moritz Muehlenhoff jmm-guest at costa.debian.org
Sun Aug 27 20:10:50 UTC 2006 

Author: jmm-guest
Date: 2006-08-27 20:10:47 +0000 (Sun, 27 Aug 2006)
New Revision: 4642

Modified:
   data/CVE/list
   data/DSA/list
Log:
three new DSAs
no-dsa for slash and binutils as buffer overflows


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-08-27 18:53:39 UTC (rev 4641)
+++ data/CVE/list	2006-08-27 20:10:47 UTC (rev 4642)
@@ -289,8 +289,10 @@
 	NOT-FOR-US: Peoplebook Component for Mambo (com_peoplebook)
 CVE-2005-4808 (Buffer overflow in reset_vars in config/tc-crx.c in the GNU as (gas) ...)
 	- binutils 2.17-1 (low)
+	[sarge] - binutils <no-dsa> (Only a security-problems in far-fetched configurations)
 CVE-2005-4807 (Stack-based buffer overflow in messages.c in the GNU as (gas) ...)
 	- binutils 2.17-1 (low)
+	[sarge] - binutils <no-dsa> (Only a security-problems in far-fetched configurations)
 CVE-2004-2663 (The (1) SetDebugging and (2) RunEgatherer methods in IBM Access ...)
 	NOT-FOR-US: IBM
 CVE-2004-2662 (Soft3304 04WebServer before 1.41 allows remote attackers to cause a ...)
@@ -17615,6 +17617,7 @@
 	NOT-FOR-US: Autogalaxy
 CVE-2001-1535 (Slashcode 2.0 creates new accounts with an 8-character random ...)
 	- slash <unfixed> (bug #328927; low)
+	[sarge] - slash <no-dsa> (Lack of a security feature, minor security problem)
 CVE-2001-1534 (mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's ...)
 	- apache (bug #328919; unimportant)
 	- apache2 <unfixed> (unimportant)
@@ -22800,6 +22803,7 @@
 	- squirrelmail 1:1.2.3
 CVE-2002-1647 (The quick login feature in Slash Slashcode does not redirect the user ...)
 	- slash <unfixed> (bug #160579; low)
+	[sarge] - slash <no-dsa> (Minor security implications)
 CVE-2002-1646 (SSH Secure Shell for Servers 3.0.0 to 3.1.1 allows remote attackers to ...)
 	NOT-FOR-US: commercial ssh
 CVE-2002-1645 (Buffer overflow in the URL catcher feature for SSH Secure Shell for ...)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2006-08-27 18:53:39 UTC (rev 4641)
+++ data/DSA/list	2006-08-27 20:10:47 UTC (rev 4642)
@@ -1,3 +1,12 @@
+[27 Aug 2006] DSA-1158 streamripper
+        {CVE-2006-3124}
+        [sarge] - streamripper1.61.7-1sarge1
+[27 Aug 2006] DSA-1157 ruby1.8
+        {CVE-2006-3694 CVE-2006-1931}
+        [sarge] - ruby1.8 1.8.2-7sarge4
+[27 Aug 2006] DSA-1156 kdebase 
+        {CVE-2006-2449}
+        [sarge] - kdebase 3.3.2-1sarge3
 [24 Aug 2006] DSA-1155 sendmail - programming error
         {CVE-2006-1173}
         [sarge] - sendmail 8.13.4-3sarge2

More information about the Secure-testing-commits mailing list