[Secure-testing-commits] r3453 - in data: CVE DSA

Moritz Muehlenhoff jmm-guest at costa.debian.org
Fri Feb 10 11:52:15 UTC 2006 

Author: jmm-guest
Date: 2006-02-10 11:52:09 +0000 (Fri, 10 Feb 2006)
New Revision: 3453

Modified:
   data/CVE/list
   data/DSA/list
Log:
new elog DSA
new tcc issue
some no-dsa


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-02-10 09:14:19 UTC (rev 3452)
+++ data/CVE/list	2006-02-10 11:52:09 UTC (rev 3453)
@@ -17,7 +17,8 @@
 CVE-2006-0636 (desktop.php in eyeOS 0.8.9 and earlier tests for the existence of the ...)
 	TODO: check
 CVE-2006-0635 (Tiny C Compiler (TCC) 0.9.23 (aka TinyCC) evaluates the ...)
-	TODO: check
+	- tcc <unfixed> (bug filed; medium)
+	NOTE: Sarge status not yet analysed
 CVE-2006-0634 (Borland C++Builder 6 (BCB6) with Update Pack 4 Enterprise edition ...)
 	TODO: check
 CVE-2006-0633 (The make_password function in ipsclass.php in Invision Power Board ...)
@@ -5301,6 +5302,7 @@
 	NOT-FOR-US: Sun Java System Directory Server
 CVE-2005-3268 (yiff server (yiff-server) 2.14.2 on Debian GNU/Linux runs as root and ...)
 	- yiff 2.14.2-8 (bug #334616; low)
+	[sarge] - yiff <no-dsa> (Only a minor privacy leak)
 CVE-2005-3267 (Integer overflow in Skype client before 1.4.x.84 on Windows, before ...)
 	NOT-FOR-US: Skype
 CVE-2005-3266
@@ -5740,11 +5742,8 @@
 	- mpack 1.6-1 (bug #216566)
 CVE-2005-XXXX [coreutils ignores umask when using -m in mkdir, mkfifo and mknod]
 	- coreutils 5.93-1 (bug #306076; low)
-	[woody] - fileutils <unfixed> (low)
-	NOTE: Sarge is affected
-CVE-2005-XXXX [gossip names windows potentially confusing, which might lead to inform. disclosure]
-	- gossip <unfixed> (bug #305419; low)
-	NOTE: This looks quite strange, should be followed up, whether it's really reproducible
+	[sarge] - coreutils <no-dsa> (Minor issue, hardly exploitable)
+	[woody] - coreutils <no-dsa> (Minor issue, hardly exploitable)
 CVE-2005-XXXX [tar's rmt command may have undesired side effects]
 	- tar <unfixed> (bug #290435; low)
 CVE-2005-XXXX [clamav's VERSION command does not return the currently loaded version]
@@ -13555,8 +13554,8 @@
 CVE-2005-1106 (PictureViewer in QuickTime for Windows 6.5.2 allows remote attackers ...)
 	NOT-FOR-US: Windows
 CVE-2005-1105 (Directory traversal vulnerability in the MimeBodyPart.getFileName ...)
-	NOTE: api vulnerablity
 	- libgnumail-java <unfixed> (bug #304712; low)
+	[sarge] - libgnumail <no-dsa> (Only user in Sarge is ant, which isn't affected)
 CVE-2005-1104 (Multiple cross-site scripting (XSS) vulnerabilities in Centra 7 ...)
 	NOT-FOR-US: Centra
 CVE-2005-1103 (Sygate Security Agent (SSA) in Sygate Secure Enterprise 3.5 through ...)
@@ -13694,8 +13693,8 @@
 	- netapplet <not-affected> (Not vulerable, see bug #310833)
 CVE-2005-1039 (Race condition in Core Utilities (coreutils) 5.2.1, when (1) mkdir, ...)
 	- coreutils <unfixed> (bug #304556; low)
-	[woody] - fileutils <unfixed> (bug #304556; low)
-	NOTE: Sarge is affected
+	[sarge] - coreutils <no-dsa> (Minor issue, hardly exploitable)
+	[woody] - coreutils <no-dsa> (Minor issue, hardly exploitable)
 CVE-2005-1038 (crontab in Vixie cron 4.1, when running with the -e option, allows ...)
 	NOTE: long fixed in Debian's cron
 CVE-2005-1037 (Unknown vulnerability in AIX 5.3.0, when configured as an NIS client, ...)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2006-02-10 09:14:19 UTC (rev 3452)
+++ data/DSA/list	2006-02-10 11:52:09 UTC (rev 3453)
@@ -1,3 +1,7 @@
+[10 Feb 2006] DSA-967-1 elog - several
+        {CVE-2006-4439 CVE-2006-0347 CVE-2006-0348 CVE-2006-0597 CVE-2006-0598 CVE-2006-0599 CVE-2006-0600}
+        [sarge] - elog 2.5.7+r1558-4+sarge2
+	NOTE: fixed in testing at time of DSA
 [09 Feb 2006] DSA-966-1 adzapper - denial of service
         {CVE-2006-0046}
         [sarge] - adzapper 20050316-1sarge1

More information about the Secure-testing-commits mailing list