[Secure-testing-commits] r5091 - data/CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Sat Dec 9 00:37:26 CET 2006 

Author: jmm-guest
Date: 2006-12-09 00:37:24 +0100 (Sat, 09 Dec 2006)
New Revision: 5091

Modified:
   data/CVE/list
Log:
new severe madwifi issue (thank god we're not Ubuntu having such crap
  in the default kernel)
  new 2.6.19-only kernel issue
  new issues in fail2ban and denyhosts
  new evince issue
  bugnums


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-12-08 20:14:15 UTC (rev 5090)
+++ data/CVE/list	2006-12-08 23:37:24 UTC (rev 5091)
@@ -69,9 +69,11 @@
 CVE-2006-6334
 	RESERVED
 CVE-2006-6333 (The tr_rx function in ibmtr.c for Linux kernel 2.6.19 assigns the ...)
-	TODO: check
-CVE-2006-6332
+	- linux-2.6 <unfixed>
+	[etch] - linux-2.6 <not-affected> (Only affects 2.6.19, introduced after 2.6.18)
+CVE-2006-6332 [madwifi code injection]
 	RESERVED
+	- madwifi 1:0.9.2+r1842.20061207-1 (high)
 CVE-2006-6331 (metaInfo.php in TorrentFlux 2.2, when $cfg[&quot;enable_file_priority&quot;] is ...)
 	TODO: check
 CVE-2006-6330 (index.php for TorrentFlux 2.2 allows remote registered users to ...)
@@ -185,9 +187,9 @@
 CVE-2006-6274 (SQL injection vulnerability in articles.asp in Expinion.net iNews (1) ...)
 	TODO: check
 CVE-2006-6302 (fail2ban 0.7.4 and earlier does not properly parse sshd logs file, which ...)
-	- fail2ban <unfixed> (medium; bug filed)
+	- fail2ban <unfixed> (medium; bug #401793)
 CVE-2006-6301 (DenyHosts 2.5 does not properly parse sshd logs file, which allows remote ...)
-	- denyhosts <unfixed> (medium; bug filed)
+	- denyhosts <unfixed> (medium; bug #401795)
 CVE-2006-5873 [l2tpns Heartbeat Packets Buffer Overflow Vulnerability]
 	RESERVED
 	NOTE: http://secunia.com/advisories/23230/
@@ -404,10 +406,10 @@
 CVE-2006-6176 (Cross-site scripting (XSS) vulnerability in admin.php in Blogn before ...)
 	NOT-FOR-US: Blogn
 CVE-2006-6175 (Directory traversal vulnerability in lib/FBView.php in Horde Kronolith ...)
-	- kronolith2 2.1.4-1 (bug #400899)
+	- kronolith2 2.1.4-1 (bug #400899; bug #401061)
 	TODO: check kronolith 1.x
 CVE-2006-6174 (Cross-site scripting (XSS) vulnerability in tDiary before 2.0.3 and ...)
-	- tdiary 2.1.4-5 (bug #400447)
+	- tdiary 2.1.4-5 (bug #400447; bug #400650)
 CVE-2006-6173 (Buffer overflow in the shared_region_make_private_np function in ...)
 	NOT-FOR-US: Mac OS X 
 CVE-2006-6172 (Buffer overflow in the asmrp_eval function for Real Media input plugin ...)
@@ -800,7 +802,7 @@
 CVE-2006-5990 (VMWare VirtualCenter client 2.x before 2.0.1 Patch 1 (Build 33643) and ...)
 	NOT-FOR-US: VMWare
 CVE-2006-5989 (Off-by-one error in the der_get_oid function in mod_auth_kerb 5.0 ...)
-	- libapache-mod-auth-kerb 5.3-1 (low)
+	- libapache-mod-auth-kerb 5.3-1 (low; bug #400589)
 CVE-2006-5988 (Unspecified vulnerability in Windows 2000 Advanced Server SP4 running ...)
 	NOT-FOR-US: Windows
 CVE-2006-5987 (SQL injection vulnerability in default.asp in ASPintranet, possibly ...)
@@ -905,7 +907,7 @@
 CVE-2006-5942 (Cross-site scripting (XSS) vulnerability in ...)
 	NOT-FOR-US: Less Inventory Manager
 CVE-2006-5941 (snmpd in (1) the SUNWsmagt package in Solaris 10 before 20061122 and ...)
-	NOT-FOR-US: Solaris
+	NOT-FOR-US: Solaris, see #400557
 CVE-2006-5940 (Unspecified vulnerability in Grisoft AVG Anti-Virus before 7.1.407 has ...)
 	NOT-FOR-US: Grisoft AVG Anti-Virus
 CVE-2006-5939 (Grisoft AVG Anti-Virus before 7.1.407 allows remote attackers to cause ...)
@@ -940,7 +942,7 @@
 	{DSA-1228-1 DSA-1226-1}
 	- links 0.99+1.00pre12-1.1 (medium; bug #399188)
 	- elinks 0.11.1-1.2 (medium; bug #399187)
-	- links2 2.1pre25-2
+	- links2 2.1pre25-2 (medium; bug #400718)
 CVE-2006-5924 (Cross-site scripting (XSS) vulnerability in index.php in Efficient IP ...)
 	NOT-FOR-US: Efficient IP iPmanager (IPm)
 CVE-2006-5923 (PHP remote file inclusion vulnerability in index.php in Chris Mac ...)
@@ -1163,6 +1165,7 @@
 CVE-2006-5864 (Stack-based buffer overflow in the ps_gettext function in ps.c for GNU ...)
 	{DSA-1214}
 	- gv 1:3.6.2-2 (medium; bug #398292)
+	- evince 0.4.0-3 (medium; bug #400904)
 CVE-2006-5818 (Multiple buffer overflows in tunekrnl in IBM Lotus Domino 6.x before ...)
 	NOT-FOR-US: Lotus Domino 
 CVE-2006-5817 (prl_dhcpd in Parallels Desktop for Mac Build 1940 uses insecure ...)
@@ -2687,7 +2690,7 @@
 	NOTE: Only path disclosure
 CVE-2006-5116 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
 	{DSA-1207-1}
-	- phpmyadmin 4:2.9.0.2-0.1 (bug #391090; low)
+	- phpmyadmin 4:2.9.0.2-0.1 (bug #391090; bug #400553; low)
 	[sarge] - phpmyadmin <not-affected> (Vulnerable code not present)
 CVE-2006-5115 (Directory traversal vulnerability in kgcall.php in KGB 1.87 allows ...)
 	NOT-FOR-US: KGB
@@ -4638,7 +4641,7 @@
 	- man-db 2.4.3-5
 CVE-2006-4249 [plone group creation privilege escalation]
 	RESERVED
-	- zope-cmfplone <unfixed>
+	- zope-cmfplone <unfixed> (bug #401796)
 	[sarge] - zope-cmfplone <not-affected> (Vulnerable code not present)
 CVE-2006-4248 (thttpd on Debian GNU/Linux, and possibly other distributions, allows ...)
 	{DSA-1205-1}

More information about the Secure-testing-commits mailing list