[Secure-testing-commits] r3430 - data/CVE

Moritz Muehlenhoff jmm-guest at costa.debian.org
Sun Feb 5 20:59:22 UTC 2006 

Author: jmm-guest
Date: 2006-02-05 20:59:16 +0000 (Sun, 05 Feb 2006)
New Revision: 3430

Modified:
   data/CVE/list
Log:
new png und git issues
gaim-enc CVEfied
itp for pmwiki issue
bugnums


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-02-05 19:03:49 UTC (rev 3429)
+++ data/CVE/list	2006-02-05 20:59:16 UTC (rev 3430)
@@ -113,15 +113,17 @@
 CVE-2006-0482 (Linux kernel 2.6.15.1 and earlier, when running on SPARC ...)
 	- linux-2.6 2.6.15-4
 CVE-2006-0481 (Heap-based buffer overflow in the alpha strip capability in libpng ...)
-	TODO: check
+	- libpng 1.2.8rel-3
+	[sarge] - libpng3 1.2.8rel-1
+	NOTE: Woody yet unclear
 CVE-2006-0480 (Cross-site scripting (XSS) vulnerability in the Articles module in ...)
 	TODO: check
 CVE-2006-0479 (pmwiki.php in PmWiki 2.1 beta 20, with register_globals enabled, ...)
-	TODO: check
+	- pmwiki <itp> (bug #330117)
 CVE-2006-0478 (CRE Loaded 6.15 allows remote attackers to perform privileged actions, ...)
 	TODO: check
 CVE-2006-0477 (Buffer overflow in git-checkout-index in GIT before 1.1.5 allows ...)
-	TODO: check
+	- git-core 1.1.5-1 (bug #350274)
 CVE-2006-0476 (Buffer overflow in Nullsoft Winamp 5.12 allows remote attackers to ...)
 	TODO: check
 CVE-2006-0475 (PHP-Ping 1.3 does not properly validate ping counts, which allows ...)
@@ -169,7 +171,7 @@
 CVE-2005-4694 (Unspecified vulnerability in the www_add method in Asset.pm in Plain ...)
 	TODO: check
 CVE-2005-4693 (Gaim-Encryption 2.38-1 on Debian Linux allows remote attackers to ...)
-	TODO: check
+	- gaim-encryption <unfixed> (bug #337127)
 CVE-2005-4692 (Unspecified vulnerability in mroovca stats (mroovcastats) before ...)
 	TODO: check
 CVE-2005-4691 (imake in NetBSD before 2.0.3, NetBSD-current before 12 September 2005, ...)
@@ -3284,8 +3286,6 @@
 CVE-2003-XXXX [Insecure tempfile in x-face-el]
 	- x-face-el 1.3.6.23-1
 	NOTE: DSA-340
-CVE-2005-XXXX [potential dos against gaim-encryption]
-	- gaim-encryption <unfixed> (bug #337127)
 CVE-2005-3781 (Unspecified vulnerability in in.named in Solaris 9 allows attackers to ...)
 	NOT-FOR-US: Solaris 
 CVE-2005-3780 (Multiple buffer overflows in IPUpdate 1.1 might allow attackers to ...)
@@ -4662,7 +4662,7 @@
 	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11)
 	TODO: check 2.4
 CVE-2005-3357 (mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost ...)
-	- apache2 2.0.55-4
+	- apache2 2.0.55-4 (bug #351246)
 CVE-2005-3356 (The mq_open system call in Linux kernel 2.6.9, in certain situations, ...)
 	- linux-2.6 2.6.15-4
 CVE-2005-3355 (Directory traversal vulnerability in GNU Gnump3d before 2.9.8 has ...)
@@ -4679,7 +4679,7 @@
 	- php5 5.1.1-1 (bug #336654; medium)
 CVE-2005-3352 (Cross-site scripting (XSS) vulnerability in the mod_imap module of ...)
 	- apache 1.3.34-2 (bug #343466; low)
-	- apache2 2.0.55-4 (bug #343467; low)
+	- apache2 2.0.55-4 (bug #343467; bug #349793; low)
 	NOTE: Version(s): prior to 1.3.35-dev, 2.0.56-dev are affected
 	NOTE: Means oldstable and stable are affected
 CVE-2005-3351 (SpamAssassin 3.0.4 allows attackers to bypass spam detection via an ...)

More information about the Secure-testing-commits mailing list