[Secure-testing-commits] r5128 - in data: CVE DSA

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Fri Dec 15 22:53:57 CET 2006 

Author: jmm-guest
Date: 2006-12-15 22:53:55 +0100 (Fri, 15 Dec 2006)
New Revision: 5128

Modified:
   data/CVE/list
   data/DSA/list
Log:
four DSAs
two new kernel issues
ruby already fixed
please process TODOs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-12-15 20:14:18 UTC (rev 5127)
+++ data/CVE/list	2006-12-15 21:53:55 UTC (rev 5128)
@@ -74,8 +74,9 @@
 	TODO: check
 CVE-2006-6536 (Cross-site scripting (XSS) vulnerability in hata.asp in Cilem Haber ...)
 	TODO: check
-CVE-2006-6535
+CVE-2006-6535 [dev_queue_xmit DoS]
 	RESERVED
+	- linux-2.6 <not-affected> (Fixed before upload into the archive; 2.6.10)
 CVE-2006-6534 (Multiple cross-site scripting (XSS) vulnerabilities in osCommerce ...)
 	TODO: check
 CVE-2006-6533 (Directory traversal vulnerability in admin/templates_boxes_layout.php ...)
@@ -972,8 +973,9 @@
 	NOT-FOR-US: EC-CUBE
 CVE-2006-6107 (Unspecified vulnerability in the match_rule_equal function in ...)
 	- dbus 1.0.2-1
-CVE-2006-6106
+CVE-2006-6106 [kernel bluetooth CAPI issue]
 	RESERVED
+	- linux-2.6 <unfixed>
 CVE-2006-6105 (Format string vulnerability in the host chooser window (gdmchooser) in ...)
 	- gdm <unfixed> (medium)
 	[sarge] - gdm <not-affected> (Vulnerable code not present)
@@ -2340,9 +2342,9 @@
 CVE-2006-5468 (Unspecified vulnerability in the HTTP dissector in Wireshark (formerly ...)
 	- wireshark 0.99.4-1 (bug #396258; medium)
 CVE-2006-5467 (The cgi.rb CGI library for Ruby 1.8 allows remote attackers to cause a ...)
+	- ruby1.8 1.8.5-3 (medium; bug #398457)
+	- ruby1.9 <unfixed> (medium)
 	NOTE: ruby1.9 not to be released with etch
-	- ruby1.8 <unfixed> (medium; bug #398457)
-	- ruby1.9 <unfixed> (medium)
 CVE-2006-5466 (Heap-based buffer overflow in the showQueryPackage function in librpm ...)
 	- rpm 4.4.1-11 (low; bug #397076)
 	[sarge] - rpm <no-dsa> (You need to trust the RPMs you're installing)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2006-12-15 20:14:18 UTC (rev 5127)
+++ data/DSA/list	2006-12-15 21:53:55 UTC (rev 5128)
@@ -1,3 +1,15 @@
+[13 Dec 2006] DSA-1236-1 enemies-of-carlotta
+	{CVE-2006-5875}
+	[sarge] - enemies-of-carlotta 1.0.3-1sarge1
+[13 Dec 2006] DSA-1235-1 ruby1.8
+	{CVE-2006-5467}
+	[sarge] - ruby1.8 1.8.2-7sarge5
+[13 Dec 2006] DSA-1234-1 ruby1.6
+	{CVE-2006-5467}
+	[sarge] - ruby1.6 1.6.8-12sarge3
+[10 Jul 2006] DSA-1233 kernel-source-2.6.8 - race condition
+        {CVE-2006-3741 CVE-2006-4538 CVE-2006-4813 CVE-2006-4997 CVE-2006-5174 CVE-2006-5619 CVE-2006-5649 CVE-2006-5751 CVE-2006-5871}
+        [sarge] - kernel-source-2.6.8 2.6.8-16sarge6
 [09 Dec 2006] DSA-1232-1 clamav
 	{CVE-2006-5874}
 	[sarge] - clamav 0.84-2.sarge.12

More information about the Secure-testing-commits mailing list