[Secure-testing-commits] r5048 - in data: . CVE

Stefan Fritsch stef-guest at alioth.debian.org
Sat Dec 2 14:22:24 CET 2006 

Author: stef-guest
Date: 2006-12-02 14:22:21 +0100 (Sat, 02 Dec 2006)
New Revision: 5048

Modified:
   data/CVE/list
   data/embedded-code-copies
Log:
- CVE-2006-433[5-7]: gzip issues affect lha as well (high)
- CVE-2006-4800 gst-ffmpeg and gstreamer0.10-ffmpeg contain ffmpeg (medium)
- CVE-2006-5751: new linux issue (medium)
- CVE-2006-6071: new twiki issue


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-12-02 09:14:04 UTC (rev 5047)
+++ data/CVE/list	2006-12-02 13:22:21 UTC (rev 5048)
@@ -231,8 +231,9 @@
 	NOT-FOR-US: Enthrallweb eShopping Cart
 CVE-2006-6072 (SQL injection vulnerability in bpg/publications_list.asp in ...)
 	NOT-FOR-US: BPG-InfoTech Easy Publisher
-CVE-2006-6071
+CVE-2006-6071 [TWiki Authentication Bypass Vulnerability]
 	RESERVED
+	- twiki <unfixed> (bug #401303)
 CVE-2006-6070 (SQL injection vulnerability in module/account/register/register.asp in ...)
 	NOT-FOR-US: ASP Nuke
 CVE-2006-6069 (index.php in mAlbum 0.3 and earlier allows remote attackers to obtain ...)
@@ -901,8 +902,9 @@
 	RESERVED
 CVE-2006-5752
 	RESERVED
-CVE-2006-5751
+CVE-2006-5751 [Linux Kernel "get_fdb_entries()" Integer Overflow Vulnerability]
 	RESERVED
+	- linux-2.6 <unfixed> (medium)
 CVE-2006-5750 (Directory traversal vulnerability in JBoss Application Server ...)
 	NOT-FOR-US: JBoss
 CVE-2006-5749
@@ -2954,6 +2956,9 @@
 	{DSA-1215}
 	- ffmpeg 0.cvs20060329-1
 	- xine-lib 1.1.2-1
+	- gst-ffmpeg <unfixed> (medium; bug #401304)
+	- gstreamer0.10-ffmpeg <unfixed> (medium; bug filed)
+	- mplayer 1.0~rc1-1
 	NOTE: according to the changelog, libxine (starting from 1.1.2-4) links dynamically against ffmpeg
 CVE-2006-4799 (Buffer overflow in ffmpeg for xine-lib before 1.1.2 might allow ...)
 	{DSA-1215}
@@ -4018,15 +4023,18 @@
 CVE-2006-4338 (unlzh.c in the LHZ component in gzip 1.3.5 allows context-dependent ...)
 	{DSA-1181-1}
 	- gzip 1.3.5-15 (medium)
+	- lha <unfixed> (medium; bug #401301)
 CVE-2006-4337 (Buffer overflow in the make_table function in the LHZ component in ...)
 	{DSA-1181-1}
 	- gzip 1.3.5-15 (high)
+	- lha <unfixed> (high; bug #401301)
 CVE-2006-4336 (Buffer underflow in the build_tree function in unpack.c in gzip 1.3.5 allows ...)
 	{DSA-1181-1}
 	- gzip 1.3.5-15 (high)
 CVE-2006-4335 (Array index error in the make_table function in unlzh.c in the LZH ...)
 	{DSA-1181-1}
 	- gzip 1.3.5-15 (high)
+	- lha <unfixed> (high; bug #401301)
 CVE-2006-4334 (Unspecified vulnerability in gzip 1.3.5 allows context-dependent ...)
 	{DSA-1181-1}
 	- gzip 1.3.5-15 (high)

Modified: data/embedded-code-copies
===================================================================
--- data/embedded-code-copies	2006-12-02 09:14:04 UTC (rev 5047)
+++ data/embedded-code-copies	2006-12-02 13:22:21 UTC (rev 5048)
@@ -122,8 +122,8 @@
 smilutils (links statically, does not include code)
 motion (links statically, does not include code)
 gst-ffmpeg
-xmovie (currently in NEW)
-gst-ffmpeg
+gstreamer0.10-ffmpeg
+xmovie
 
 mad MPEG decoding lib:
 mad

More information about the Secure-testing-commits mailing list