[Secure-testing-commits] r5099 - data/CVE

Sun Dec 10 13:07:00 CET 2006

Author: jmm-guest
Date: 2006-12-10 13:06:58 +0100 (Sun, 10 Dec 2006)
New Revision: 5099

Modified:
   data/CVE/list
Log:
no-dsas for non-free software
mark several "month of kernel bugs" issues as unimportant; these are
  robustness bugs, but labeling them as security problems is too
  far-fetched


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2006-12-09 20:14:19 UTC (rev 5098)
+++ data/CVE/list	2006-12-10 12:06:58 UTC (rev 5099)
@@ -76,6 +76,7 @@
 CVE-2006-6332 [madwifi code injection]
 	RESERVED
 	- madwifi 1:0.9.2+r1842.20061207-1 (high)
+	[etch] - madwifi <no-dsa> (Non-free not supported)
 CVE-2006-6331 (metaInfo.php in TorrentFlux 2.2, when $cfg[&quot;enable_file_priority&quot;] is ...)
 	TODO: check
 CVE-2006-6330 (index.php for TorrentFlux 2.2 allows remote registered users to ...)
@@ -517,7 +518,8 @@
 CVE-2006-6129 (Integer overflow in the fatfile_getarch2 in Apple Mac OS X allows ...)
 	NOT-FOR-US: Apple Mac OS X
 CVE-2006-6128 (The ReiserFS functionality in Linux kernel 2.6.18, and possibly other ...)
-	- linux-2.6 <unfixed> (low)
+	- linux-2.6 <unfixed> (unimportant)
+	NOTE: Mounting filesystem partitions should be limited to root
 CVE-2006-6127 (Apple Mac OS X kernel allows local users to cause a denial of service ...)
 	NOT-FOR-US: Apple Mac OS X
 CVE-2006-6126 (Apple Mac OS X allows local users to cause a denial of service (memory ...)
@@ -657,21 +659,27 @@
 CVE-2006-6061 (com.apple.AppleDiskImageController in Apple Mac OS X 10.4.8, and ...)
 	NOT-FOR-US: Apple Mac OS X
 CVE-2006-6060 (The NTFS filesystem code in Linux kernel 2.6.x up to 2.6.18, and ...)
-	- linux-2.6 <unfixed>
+	- linux-2.6 <unfixed> (unimportant)
+	NOTE: Mounting filesystem partitions should be limited to root
 CVE-2006-6059 (Buffer overflow in MA521nd5.SYS driver 5.148.724.2003 for NetGear ...)
 	NOT-FOR-US: NetGear
 CVE-2006-6058 (The minix filesystem code in Linux kernel 2.6.x up to 2.6.18, and ...)
-	- linux-2.6 <unfixed>
+	- linux-2.6 <unfixed> (unimportant)
+	NOTE: Mounting filesystem partitions should be limited to root
 CVE-2006-6057 (The Linux kernel 2.6.x up to 2.6.18, and possibly other versions, on ...)
-	- linux-2.6 <unfixed>
+	- linux-2.6 <unfixed> (unimportant)
+	NOTE: Mounting filesystem partitions should be limited to root
 CVE-2006-6056 (Linux kernel 2.6.x up to 2.6.18 and possibly other versions, when ...)
-	- linux-2.6 <unfixed>
+	- linux-2.6 <unfixed> (unimportant)
+	NOTE: Mounting filesystem partitions should be limited to root
 CVE-2006-6055 (Stack-based buffer overflow in A5AGU.SYS 1.0.1.41 for the D-Link ...)
 	NOT-FOR-US: D-Link
 CVE-2006-6054 (The ext2 file system code in Linux kernel 2.6.x allows local users to ...)
-	- linux-2.6 <unfixed>
+	- linux-2.6 <unfixed> (unimportant)
+	NOTE: Mounting filesystem partitions should be limited to root
 CVE-2006-6053 (The ext3fs_dirhash function in Linux kernel 2.6.x allows local users ...)
-	- linux-2.6 <unfixed>
+	- linux-2.6 <unfixed> (unimportant)
+	NOTE: Mounting filesystem partitions should be limited to root
 CVE-2006-6052 (NetEpi Case Manager before 0.98 generates different error messages ...)
 	NOT-FOR-US: NetEpi Case Manager
 CVE-2006-6051 (PHP remote file inclusion vulnerability in reporter.logic.php in the ...)
@@ -4435,11 +4443,13 @@
 	- gzip 1.3.5-15 (medium)
 	- lha <unfixed> (medium; bug #401301)
 	[sarge] - lha <no-dsa> (Non-free not supported)
+	[etch] - lha <no-dsa> (Non-free not supported)
 CVE-2006-4337 (Buffer overflow in the make_table function in the LHZ component in ...)
 	{DSA-1181-1}
 	- gzip 1.3.5-15 (high)
 	- lha <unfixed> (high; bug #401301)
 	[sarge] - lha <no-dsa> (Non-free not supported)
+	[etch] - lha <no-dsa> (Non-free not supported)
 CVE-2006-4336 (Buffer underflow in the build_tree function in unpack.c in gzip 1.3.5 allows ...)
 	{DSA-1181-1}
 	- gzip 1.3.5-15 (high)
@@ -4448,6 +4458,7 @@
 	- gzip 1.3.5-15 (high)
 	- lha <unfixed> (high; bug #401301)
 	[sarge] - lha <no-dsa> (Non-free not supported)
+	[etch] - lha <no-dsa> (Non-free not supported)
 CVE-2006-4334 (Unspecified vulnerability in gzip 1.3.5 allows context-dependent ...)
 	{DSA-1181-1}
 	- gzip 1.3.5-15 (high)


