[Secure-testing-commits] r5111 - data/CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Wed Dec 13 00:27:37 CET 2006 

Author: jmm-guest
Date: 2006-12-13 00:27:34 +0100 (Wed, 13 Dec 2006)
New Revision: 5111

Modified:
   data/CVE/list
Log:
 mutt denyhosts ruby and kfreebsd fixed, ruby CVEfied


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-12-12 08:14:17 UTC (rev 5110)
+++ data/CVE/list	2006-12-12 23:27:34 UTC (rev 5111)
@@ -358,7 +358,9 @@
 CVE-2006-6304
 	RESERVED
 CVE-2006-6303 (The read_multipart function in cgi.rb in Ruby before 1.8.5-p2 does not ...)
-	TODO: check
+	NOTE: http://www.ruby-lang.org/en/news/2006/12/04/another-dos-vulnerability-in-cgi-library/
+	- ruby1.8 1.8.5-4 (low)
+	TODO: check other ruby versions
 CVE-2006-6300 (Cross-site scripting (XSS) vulnerability in CuteNews 1.3.6 allows ...)
 	TODO: check
 CVE-2006-6299 (Integer overflow in Msg.dll in Novell ZENworks 7 Asset Management ...)
@@ -416,11 +418,7 @@
 CVE-2006-6302 (fail2ban 0.7.4 and earlier does not properly parse sshd logs file, which ...)
 	- fail2ban <not-affected> (looks fixed in 0.6)
 CVE-2006-6301 (DenyHosts 2.5 does not properly parse sshd logs file, which allows remote ...)
-	- denyhosts <unfixed> (medium; bug #401795)
-CVE-2006-XXXX [DoS in ruby cgi.rb]
-	NOTE: http://www.ruby-lang.org/en/news/2006/12/04/another-dos-vulnerability-in-cgi-library/
-	- ruby1.8 1.8.5-4 (low)
-	TODO: check other ruby versions
+	- denyhosts 2.6-1 (medium; bug #401795)
 CVE-2006-6273 (sp_index.php in Simple PHP Gallery 1.1 allows remote attackers to ...)
 	NOT-FOR-US: Simple PHP Gallery
 CVE-2006-6272 (Cross-site scripting (XSS) vulnerability in sp_index.php in Simple PHP ...)
@@ -984,7 +982,7 @@
 CVE-2006-6014 (The NetBSD-current kernel before 20061028 does not properly perform ...)
 	NOT-FOR-US: NetBSD
 CVE-2006-6013 (Integer signedness error in the fw_ioctl (FW_IOCTL) function in the ...)
-	- kfreebsd-5 <unfixed>
+	- kfreebsd-5 5.4-21
 	[etch] - kfreebsd-5 <no-dsa> (no security support)
 CVE-2006-6012 (Cross-site scripting (XSS) vulnerability in csm/asp/listings.asp in ...)
 	NOT-FOR-US: Car Site Manager
@@ -2537,10 +2535,10 @@
 CVE-2006-5299 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
 	NOT-FOR-US: Gcontact
 CVE-2006-5298 (The mutt_adv_mktemp function in the Mutt mail client 1.5.12 and ...)
-	- mutt <unfixed> (bug #396104; low)
+	- mutt 1.5.13-1.1 (bug #396104; low)
 	[sarge] - mutt <no-dsa> (Minor issue, tmp dirs on NFS cause problems in many scenarios)
 CVE-2006-5297 (Race condition in the safe_open function in the Mutt mail client ...)
-	- mutt <unfixed> (bug #396104; low)
+	- mutt 1.5.13-1.1 (bug #396104; low)
 	[sarge] - mutt <no-dsa> (Minor issue, tmp dirs on NFS cause problems in many scenarios)
 CVE-2006-5296 (PowerPoint in Microsoft Office 2003 does not properly handle a ...)
 	NOT-FOR-US: Microsoft

More information about the Secure-testing-commits mailing list