[Secure-testing-commits] r5099 - data/CVE
Moritz Muehlenhoff
jmm-guest at alioth.debian.org
Sun Dec 10 13:07:00 CET 2006
Author: jmm-guest
Date: 2006-12-10 13:06:58 +0100 (Sun, 10 Dec 2006)
New Revision: 5099
Modified:
data/CVE/list
Log:
no-dsas for non-free software
mark several "month of kernel bugs" issues as unimportant; these are
robustness bugs, but labeling them as security problems is too
far-fetched
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-12-09 20:14:19 UTC (rev 5098)
+++ data/CVE/list 2006-12-10 12:06:58 UTC (rev 5099)
@@ -76,6 +76,7 @@
CVE-2006-6332 [madwifi code injection]
RESERVED
- madwifi 1:0.9.2+r1842.20061207-1 (high)
+ [etch] - madwifi <no-dsa> (Non-free not supported)
CVE-2006-6331 (metaInfo.php in TorrentFlux 2.2, when $cfg["enable_file_priority"] is ...)
TODO: check
CVE-2006-6330 (index.php for TorrentFlux 2.2 allows remote registered users to ...)
@@ -517,7 +518,8 @@
CVE-2006-6129 (Integer overflow in the fatfile_getarch2 in Apple Mac OS X allows ...)
NOT-FOR-US: Apple Mac OS X
CVE-2006-6128 (The ReiserFS functionality in Linux kernel 2.6.18, and possibly other ...)
- - linux-2.6 <unfixed> (low)
+ - linux-2.6 <unfixed> (unimportant)
+ NOTE: Mounting filesystem partitions should be limited to root
CVE-2006-6127 (Apple Mac OS X kernel allows local users to cause a denial of service ...)
NOT-FOR-US: Apple Mac OS X
CVE-2006-6126 (Apple Mac OS X allows local users to cause a denial of service (memory ...)
@@ -657,21 +659,27 @@
CVE-2006-6061 (com.apple.AppleDiskImageController in Apple Mac OS X 10.4.8, and ...)
NOT-FOR-US: Apple Mac OS X
CVE-2006-6060 (The NTFS filesystem code in Linux kernel 2.6.x up to 2.6.18, and ...)
- - linux-2.6 <unfixed>
+ - linux-2.6 <unfixed> (unimportant)
+ NOTE: Mounting filesystem partitions should be limited to root
CVE-2006-6059 (Buffer overflow in MA521nd5.SYS driver 5.148.724.2003 for NetGear ...)
NOT-FOR-US: NetGear
CVE-2006-6058 (The minix filesystem code in Linux kernel 2.6.x up to 2.6.18, and ...)
- - linux-2.6 <unfixed>
+ - linux-2.6 <unfixed> (unimportant)
+ NOTE: Mounting filesystem partitions should be limited to root
CVE-2006-6057 (The Linux kernel 2.6.x up to 2.6.18, and possibly other versions, on ...)
- - linux-2.6 <unfixed>
+ - linux-2.6 <unfixed> (unimportant)
+ NOTE: Mounting filesystem partitions should be limited to root
CVE-2006-6056 (Linux kernel 2.6.x up to 2.6.18 and possibly other versions, when ...)
- - linux-2.6 <unfixed>
+ - linux-2.6 <unfixed> (unimportant)
+ NOTE: Mounting filesystem partitions should be limited to root
CVE-2006-6055 (Stack-based buffer overflow in A5AGU.SYS 1.0.1.41 for the D-Link ...)
NOT-FOR-US: D-Link
CVE-2006-6054 (The ext2 file system code in Linux kernel 2.6.x allows local users to ...)
- - linux-2.6 <unfixed>
+ - linux-2.6 <unfixed> (unimportant)
+ NOTE: Mounting filesystem partitions should be limited to root
CVE-2006-6053 (The ext3fs_dirhash function in Linux kernel 2.6.x allows local users ...)
- - linux-2.6 <unfixed>
+ - linux-2.6 <unfixed> (unimportant)
+ NOTE: Mounting filesystem partitions should be limited to root
CVE-2006-6052 (NetEpi Case Manager before 0.98 generates different error messages ...)
NOT-FOR-US: NetEpi Case Manager
CVE-2006-6051 (PHP remote file inclusion vulnerability in reporter.logic.php in the ...)
@@ -4435,11 +4443,13 @@
- gzip 1.3.5-15 (medium)
- lha <unfixed> (medium; bug #401301)
[sarge] - lha <no-dsa> (Non-free not supported)
+ [etch] - lha <no-dsa> (Non-free not supported)
CVE-2006-4337 (Buffer overflow in the make_table function in the LHZ component in ...)
{DSA-1181-1}
- gzip 1.3.5-15 (high)
- lha <unfixed> (high; bug #401301)
[sarge] - lha <no-dsa> (Non-free not supported)
+ [etch] - lha <no-dsa> (Non-free not supported)
CVE-2006-4336 (Buffer underflow in the build_tree function in unpack.c in gzip 1.3.5 allows ...)
{DSA-1181-1}
- gzip 1.3.5-15 (high)
@@ -4448,6 +4458,7 @@
- gzip 1.3.5-15 (high)
- lha <unfixed> (high; bug #401301)
[sarge] - lha <no-dsa> (Non-free not supported)
+ [etch] - lha <no-dsa> (Non-free not supported)
CVE-2006-4334 (Unspecified vulnerability in gzip 1.3.5 allows context-dependent ...)
{DSA-1181-1}
- gzip 1.3.5-15 (high)
More information about the Secure-testing-commits
mailing list