[Secure-testing-commits] r4658 - data/CVE

Moritz Muehlenhoff jmm-guest at costa.debian.org
Thu Aug 31 18:56:26 UTC 2006 

Author: jmm-guest
Date: 2006-08-31 18:56:25 +0000 (Thu, 31 Aug 2006)
New Revision: 4658

Modified:
   data/CVE/list
Log:
capi4hylafax CVEfied
base-config/shadow fixed in latest shadow update
krusader not-affected / non-issue
remove old login entry, not much of a vulnerability


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-08-29 21:14:30 UTC (rev 4657)
+++ data/CVE/list	2006-08-31 18:56:25 UTC (rev 4658)
@@ -321,8 +321,6 @@
 	TODO: check
 CVE-2006-4282 (PHP remote file inclusion vulnerability in MamboLogin.php in the ...)
 	TODO: check
-CVE-2006-XXXX [capi4hylafax arbitrary remote command execution ]
-	- capi4hylafax 1:01.03.00.99.svn.300-3
 CVE-2006-4281 (PHP remote file inclusion vulnerability in akocomments.php in ...)
 	TODO: check
 CVE-2006-4280 (PHP remote file inclusion vulnerability in anjel.index.php in ANJEL ...)
@@ -2881,7 +2879,6 @@
 CVE-2006-3126 [unspecivied vulnerability in capi4hylafax in mgetty mode]
 	RESERVED
 	- capi4hylafax 1:01.03.00.99.svn.300-3
-	TODO: check
 CVE-2006-3125
 	RESERVED
 CVE-2006-3124 (Buffer overflow in the HTTP header parsing in Streamripper before ...)
@@ -5883,6 +5880,9 @@
 	REJECTED
 	NOT-FOR-US: exchange (Duplicate of CVE-2006-0537)
 CVE-2006-1844 (The Debian installer for the (1) shadow 4.0.14 and (2) base-config ...)
+	[sarge] - shadow 1:4.0.3-31sarge8
+	NOTE: The installer is fixed separately, but the postinst of the shadow update
+	NOTE: corrects permissions of a faulty install
 	NOTE: seems to be a duplicate of CVE-2006-1376
 	- shadow 1:4.0.14-9 (bug #358210; bug #356939)
 	- base-config 2.68 (bug #254068; low)
@@ -7163,6 +7163,9 @@
 CVE-2006-1377 (Cross-site scripting (XSS) vulnerability in img.php in (1) EasyMoblog ...)
 	NOT-FOR-US: EasyMoblog
 CVE-2006-1376 (The installation of Debian GNU/Linux 3.1r1 from the network install CD ...)
+	[sarge] - shadow 1:4.0.3-31sarge8
+	NOTE: The installer is fixed separately, but the postinst of the shadow update
+	NOTE: corrects permissions of a faulty install
 	- shadow 1:4.0.14-9 (bug #358210; bug #356939)
 	- base-config 2.68 (bug #254068; low)
 CVE-2006-1375 (AdMan 1.0.20051221 and earlier allows remote attackers to obtain the ...)
@@ -12277,6 +12280,8 @@
 	- linux-2.6 2.6.12-6
 CVE-2005-3856 (The Popular URL capability (popularurls.cpp) in Krusader 1.60.0 and ...)
 	- krusader 1.70.0-1 (bug #336169; low)
+	[sarge] - krusader <not-affected>
+	NOTE: This seems to be a dupe of CVE-2006-3816, pinged MITRE
 CVE-2005-3855 (SQL injection vulnerability in process.php in 1-2-3 music store allows ...)
 	NOT-FOR-US: 1-2-3 music store
 CVE-2005-3854 (Cross-site scripting (XSS) vulnerability in index.php in EasyPageCMS ...)
@@ -14733,8 +14738,6 @@
 CVE-2005-XXXX [smbmount doesn't honor gid/uid with kernel 2.4]
 	- kernel-source-2.4.27 <unfixed> (bug #310982; low)
 	NOTE: probably already fixed in testing, wrote for confirmation
-CVE-2003-XXXX [Incomplete reporting of failed logins in login]
-	- login 1:4.0.3-36 (bug #192849)
 CVE-2004-XXXX [Unspecified buffer overflow in libmng]
 	- libmng 1.0.8-1 (bug #250106)
 CVE-2004-XXXX [Multiple buffer overflows in isoqlog]

More information about the Secure-testing-commits mailing list