[Secure-testing-commits] r3500 - data/CVE

Moritz Muehlenhoff jmm-guest at costa.debian.org
Fri Feb 17 10:47:01 UTC 2006 

Author: jmm-guest
Date: 2006-02-17 10:46:55 +0000 (Fri, 17 Feb 2006)
New Revision: 3500

Modified:
   data/CVE/list
Log:
migration-tools CVEfied and fixed
new imagemagick issue
update on freebsd for kfreebsd port


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-02-16 13:54:08 UTC (rev 3499)
+++ data/CVE/list	2006-02-17 10:46:55 UTC (rev 3500)
@@ -1,3 +1,5 @@
+CVE-2006-XXXX [imagemagick: array index overflow in DisplayImageCommand]
+	- imagemagick 6:6.2.4.5-0.6 (bug #345595)
 CVE-2006-0735 (Cross-site scripting (XSS) vulnerability in My Blog before 1.65 allows ...)
 	TODO: check
 CVE-2006-0734 (Unspecified vulnerability in Valve Software Half-Life CSTRIKE ...)
@@ -519,7 +521,7 @@
 CVE-2006-0513 (Directory traversal vulnerability in pkmslogout in Tivoli Web Server ...)
 	NOT-FOR-US: Tivoli
 CVE-2006-0512 (PADL MigrationTools 46 creates temporary files insecurely, which ...)
-	NOT-FOR-US: PADL MigrationTools
+	- migrationtools 46-2.1 (bug #338920; medium)
 CVE-2006-0511 (** DISPUTED ** Blackboard Academic Suite 6.0 and earlier does not ...)
 	NOT-FOR-US: Blackboard Academic Suite
 CVE-2006-0510 (SQL injection vulnerability in userlogin.jsp in Daffodil CRM 1.5 ...)
@@ -668,7 +670,7 @@
 CVE-2005-4684 (Konqueror can associate a cookie with multiple domains when the DNS ...)
 	TODO: check
 CVE-2005-4683 (PADL MigrationTools 46, when a failure occurs, stores contents of ...)
-	TODO: check
+	- migrationtools 46-2.1 (bug #338920; medium)
 CVE-2005-4682 (Cross-site scripting (XSS) vulnerability in error.asp in AudienceView ...)
 	TODO: check
 CVE-2005-4681 (** DISPUTED ** Buffer overflow in mIRC 5.91, 6.03, 6.12, and 6.16 ...)
@@ -892,11 +894,11 @@
 CVE-2006-0382 (Apple Mac OS X 10.4.5 and allows local users to cause a denial of ...)
 	TODO: check
 CVE-2006-0381 (A logic error in the IP fragment cache functionality in pf in FreeBSD ...)
-	NOT-FOR-US: pf on Free BSD and Open BSD 
+	- kfreebsd-5 5.4-14
 CVE-2006-0380 (A logic error in FreeBSD kernel 5.4-STABLE and 6.0 causes the kernel ...)
-	NOT-FOR-US: FreeBSD
+	NOT-FOR-US: FreeBSD, possibly affects kfreebsd-5
 CVE-2006-0379 (FreeBSD kernel 5.4-STABLE and 6.0 does not completely initialize a ...)
-	NOT-FOR-US: FreeBSD
+	NOT-FOR-US: FreeBSD, possibly affects kfreebsd-5
 CVE-2006-0378 (Cross-site scripting (XSS) vulnerability in Netrix X-Site Manager ...)
 	NOT-FOR-US: Netrix X-Site Manager 
 CVE-2006-0377
@@ -4852,8 +4854,6 @@
 CVE-2005-3857 (The time_out_leases function in locks.c for Linux kernel before ...)
 	- linux-2.6 2.6.14-4 (low)
 	- kernel-source-2.4.27 2.4.27-13 (low)
-CVE-2005-XXXX [Insecure temp file usage in migrationtools]
-	- migrationtools <unfixed> (bug #338920; medium)
 CVE-2005-XXXX [user logout in drupal has no effect]
 	[sarge] - drupal <not-affected> (bug was introduced after 4.5.3)
 	- drupal 4.5.5-3 (bug #336719; medium)

More information about the Secure-testing-commits mailing list