[Secure-testing-commits] r5135 - in data: CVE DSA

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Sun Dec 17 16:41:06 CET 2006 

Author: jmm-guest
Date: 2006-12-17 16:41:04 +0100 (Sun, 17 Dec 2006)
New Revision: 5135

Modified:
   data/CVE/list
   data/DSA/list
Log:
new DSAs
smail and php basedir/safemode unimportant


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-12-17 14:31:32 UTC (rev 5134)
+++ data/CVE/list	2006-12-17 15:41:04 UTC (rev 5135)
@@ -379,7 +379,9 @@
 CVE-2006-6384 (Absolute path traversal vulnerability in abitwhizzy.php before ...)
 	TODO: check
 CVE-2006-6383 (PHP 5.2.0 and 4.4 allows local users to bypass safe_mode and ...)
-	TODO: check
+	- php5 <unfixed> (unimportant)
+	- php4 <unfixed> (unimportant)
+	NOTE: safe-mode and basedir violations not treated as security issues
 CVE-2006-6382 (The control panel for Positive Software H-Sphere before 2.5.0 RC3 ...)
 	TODO: check
 CVE-2006-6381 (Directory traversal vulnerability in getfile.asp in Ultimate HelpDesk ...)
@@ -661,7 +663,7 @@
 CVE-2006-6249 (Cross-site scripting (XSS) vulnerability in Chama Cargo 4.36 and ...)
 	NOT-FOR-US: Chama Cargo
 CVE-2006-6248 (index.php in GPhotos 1.5 allows remote attackers to obtain sensitive ...)
-	TODO: check
+	NOT-FOR-US: GPhotos
 CVE-2006-6247 (Multiple SQL injection vulnerabilities in Uapplication UPhotoGallery ...)
 	NOT-FOR-US: UPhotoGallery
 CVE-2006-6246 (Photo Organizer 2.32b and earlier does not properly check the ...)
@@ -27776,10 +27778,8 @@
 CVE-2005-0894 (OpenmosixCollector and OpenMosixView in OpenMosixView 1.5 allow local ...)
 	- openmosixview 1.5-7
 CVE-2005-0893 (modes.c in smail 3.2.0.120 implements signal handlers with certain ...)
-	- smail <unfixed> (bug #335042; low)
-	NOTE: no patch known at this time, according to upstream impossible to exploit
-	NOTE: OTOH upstream thought the same about CVE-2005-0892, but the attack vector
-	NOTE: seems in fact quite obscure
+	- smail <unfixed> (bug #335042; unimportant)
+	NOTE: cording to upstream impossible to exploit
 CVE-2005-0892 (Buffer overflow in smail 3.2.0.120 allows remote attackers or local ...)
 	{DSA-722-1}
 	- smail 3.2.0.115-7 (bug #301428; high)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2006-12-17 14:31:32 UTC (rev 5134)
+++ data/DSA/list	2006-12-17 15:41:04 UTC (rev 5135)
@@ -1,3 +1,9 @@
+[17 Dec 2006] DSA-1239-1 sql-ledger
+	{CVE-2006-4244 CVE-2006-4731 CVE-2006-5872}
+	[sarge] - sql-ledger 2.4.7-2sarge1
+[17 Dec 2006] DSA-1238-1 clamav
+	{CVE-2006-6406 CVE-2006-6481}
+	[sarge] - clamav 0.84-2.sarge.13
 [17 Dec 2006] DSA-1237 kernel-source-2.4.27 - several
         {CVE-2006-4093 CVE-2006-4538 CVE-2006-4997 CVE-2006-5174 CVE-2006-5649 CVE-2006-5871}
         [sarge] - kernel-source-2.6.8 2.6.8-16sarge6

More information about the Secure-testing-commits mailing list