[Secure-testing-commits] r4655 - data/CVE

Stefan Fritsch stef-guest at costa.debian.org
Tue Aug 29 16:20:43 UTC 2006 

Author: stef-guest
Date: 2006-08-29 16:20:39 +0000 (Tue, 29 Aug 2006)
New Revision: 4655

Modified:
   data/CVE/list
Log:
- sendmail & asterisk CVEivied
- add some more mozilla epochs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-08-29 16:09:03 UTC (rev 4654)
+++ data/CVE/list	2006-08-29 16:20:39 UTC (rev 4655)
@@ -3,7 +3,7 @@
 CVE-2006-4435 (OpenBSD 3.8, 3.9, and possibly earlier versions allows ...)
 	TODO: check
 CVE-2006-4434 (Use-after-free vulnerability in Sendmail before 8.13.8 allows remote ...)
-	TODO: check
+	- sendmail <unfixed> (bug #385054; medium)
 CVE-2006-4433 (PHP before 4.4.3 and 5.x before 5.1.4 does not limit the character set ...)
 	TODO: check
 CVE-2006-4432 (Directory traversal vulnerability in Zend Platform 2.2.1 and earlier ...)
@@ -179,7 +179,7 @@
 CVE-2006-4347 (SQL injection vulnerability in user logon authentication request ...)
 	TODO: check
 CVE-2006-4346 (Asterisk 1.2.10 supports the use of client-controlled variables to ...)
-	TODO: check
+	- asterisk <unfixed> (medium; bug #385060)
 CVE-2006-4345 (Stack-based buffer overflow in channels/chan_mgcp.c in MGCP in ...)
 	TODO: check
 CVE-2006-4344 (CRLF injection vulnerability in CGI-Rescue Mail F/W System (formd) ...)
@@ -216,13 +216,9 @@
 CVE-2006-4330 (Unspecified vulnerability in the SCSI dissector in Wireshark (formerly ...)
 	- wireshark <unfixed> (medium; bug #384529)
 	- ethereal <not-affected> (only wireshark 0.99.2 affected)
-CVE-2006-XXXX [asterisk MGCP AUEP Response Handling Buffer Overflow]
-	- asterisk <unfixed> (medium; bug #385060)
 CVE-2006-XXXX [zope Arbitrary file inclusion]
 	TODO: check zope zope-2.7 zope2.8 zope2.9 zope3
 	- zope2.8 2.8.8-2
-CVE-2006-XXXX [sendmail remote DoS]
-	- sendmail <unfixed> (bug #385054; medium)
 CVE-2006-XXXX [segfault on corrupt gif from php bug #38112]
 	- libgd2 <unfixed> (medium; bug #384838)
 	- xloadimage <unfixed> (low; bug #384841)
@@ -3658,7 +3654,7 @@
 	- firefox 1.5.dfsg+1.5.0.4-1 (medium)
 	- thunderbird 1.5.0.4-1 (medium)
 	[sarge] - mozilla-thunderbird <unfixed> (medium)
-	- mozilla 1.7.13-0.3 (medium)
+	- mozilla 2:1.7.13-0.3 (medium)
 	- xulruner 1.8.0.4-1 (medium)
 CVE-2006-2786 (HTTP response smuggling vulnerability in Mozilla Firefox and ...)
 	{DSA-1134-1 DSA-1120 DSA-1118}
@@ -3666,13 +3662,13 @@
 	- firefox 1.5.dfsg+1.5.0.4-1 (medium)
 	- thunderbird 1.5.0.4-1 (medium)
 	[sarge] - mozilla-thunderbird <unfixed> (medium)
-	- mozilla 1.7.13-0.3 (medium)
+	- mozilla 2:1.7.13-0.3 (medium)
 	- xulruner 1.8.0.4-1 (medium)
 CVE-2006-2785 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox before ...)
 	{DSA-1134-1 DSA-1120 DSA-1118}
 	NOTE: MFSA-2006-34
 	- firefox 1.5.dfsg+1.5.0.4-1 (medium)
-	- mozilla 1.7.13-0.3 (medium)
+	- mozilla 2:1.7.13-0.3 (medium)
 	- xulruner 1.8.0.4-1 (medium)
 CVE-2006-2784 (The PLUGINSPAGE functionality in Mozilla Firefox before 1.5.0.4 allows ...)
 	{DSA-1134-1 DSA-1120 DSA-1118}
@@ -3687,21 +3683,21 @@
 	- firefox 1.5.dfsg+1.5.0.4-1 (medium)
 	- thunderbird 1.5.0.4-1 (medium)
 	[sarge] - mozilla-thunderbird <unfixed> (medium)
-	- mozilla 1.7.13-0.3 (medium)
+	- mozilla 2:1.7.13-0.3 (medium)
 	- xulruner 1.8.0.4-1 (medium)
 CVE-2006-2782 (Firefox 1.5.0.2 does not fix all test cases associated with ...)
 	{DSA-1134-1 DSA-1120 DSA-1118}
 	NOTE: MFSA-2006-41
 	- firefox 1.5.dfsg+1.5.0.4-1 (medium)
 	[sarge] - mozilla-thunderbird <unfixed> (medium)
-	- mozilla 1.7.13-0.3 (medium)
+	- mozilla 2:1.7.13-0.3 (medium)
 	- xulruner 1.8.0.4-1 (medium)
 CVE-2006-2781 (Double-free vulnerability in Mozilla Thunderbird before 1.5.0.4 and ...)
 	{DSA-1134-1 DSA-1118}
 	NOTE: MFSA-2006-40
 	- thunderbird 1.5.0.4-1 (high)
 	[sarge] - mozilla-thunderbird <unfixed> (high)
-	- mozilla 1.7.13-0.3 (high)
+	- mozilla 2:1.7.13-0.3 (high)
 	- xulruner <unfixed> (high)
 CVE-2006-2780 (Integer overflow in Mozilla Firefox and Thunderbird before 1.5.0.4 ...)
 	{DSA-1134-1 DSA-1120 DSA-1118}
@@ -3709,7 +3705,7 @@
 	- firefox 1.5.dfsg+1.5.0.4-1 (high)
 	- thunderbird 1.5.0.4-1 (high)
 	[sarge] - mozilla-thunderbird <unfixed> (high)
-	- mozilla 1.7.13-0.3 (high)
+	- mozilla 2:1.7.13-0.3 (high)
 	- xulruner 1.8.0.4-1 (high)
 CVE-2006-2779 (Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers ...)
 	{DSA-1134-1 DSA-1120 DSA-1118}
@@ -3717,7 +3713,7 @@
 	- firefox 1.5.dfsg+1.5.0.4-1 (high)
 	- thunderbird 1.5.0.4-1 (high)
 	[sarge] - mozilla-thunderbird <unfixed> (high)
-	- mozilla 1.7.13-0.3 (high)
+	- mozilla 2:1.7.13-0.3 (high)
 	- xulruner <unfixed> (high)
 CVE-2006-2778 (The crypto.signText function in Mozilla Firefox and Thunderbird before ...)
 	{DSA-1134-1 DSA-1120 DSA-1118}
@@ -3725,13 +3721,13 @@
 	- firefox 1.5.dfsg+1.5.0.4-1 (high)
 	- thunderbird 1.5.0.4-1 (high)
 	[sarge] - mozilla-thunderbird <unfixed> (high)
-	- mozilla 1.7.13-0.3 (high)
+	- mozilla 2:1.7.13-0.3 (high)
 	- xulruner 1.8.0.4-1 (high)
 CVE-2006-2777 (Unspecified vulnerability in Mozilla Firefox before 1.5.0.4 and ...)
 	{DSA-1134-1 DSA-1120 DSA-1118}
 	NOTE: MFSA-2006-43
 	- firefox 1.5.dfsg+1.5.0.4-1 (high)
-	- mozilla 1.7.13-0.3 (high)
+	- mozilla 2:1.7.13-0.3 (high)
 	- xulruner <unfixed> (high)
 CVE-2006-2776 (Certain privileged UI code in Mozilla Firefox and Thunderbird before ...)
 	{DSA-1134-1 DSA-1120 DSA-1118}
@@ -3739,7 +3735,7 @@
 	- firefox 1.5.dfsg+1.5.0.4-1 (high)
 	- thunderbird 1.5.0.4-1 (high)
 	[sarge] - mozilla-thunderbird <unfixed> (high)
-	- mozilla 1.7.13-0.3 (high)
+	- mozilla 2:1.7.13-0.3 (high)
 	- xulruner 1.8.0.4-1 (high)
 CVE-2006-2775 (Mozilla Firefox and Thunderbird before 1.5.0.4 associates XUL ...)
 	{DSA-1134-1 DSA-1120 DSA-1118}
@@ -3747,7 +3743,7 @@
 	- firefox 1.5.dfsg+1.5.0.4-1 (high)
 	- thunderbird 1.5.0.4-1 (high)
 	[sarge] - mozilla-thunderbird <unfixed> (high)
-	- mozilla 1.7.13-0.3 (high)
+	- mozilla 2:1.7.13-0.3 (high)
 	- xulruner 1.8.0.4-1 (high)
 CVE-2006-2774 (Cross-site scripting (XSS) vulnerability in search.php in QontentOne ...)
 	NOT-FOR-US: QontentOne
@@ -5637,7 +5633,7 @@
 	- firefox 1.5.dfsg+1.5.0.4-1 (low)
 	- thunderbird <unfixed> (low)
 	[sarge] - mozilla-thunderbird <unfixed> (low)
-	- mozilla 1.7.13-0.3 (low)
+	- mozilla 2:1.7.13-0.3 (low)
 	- xulruner <unfixed> (low)
 CVE-2006-1941 (Neon Responder 5.4 for LANsurveyor allows remote attackers to cause a ...)
 	NOT-FOR-US: Neon Responder

More information about the Secure-testing-commits mailing list