[Secure-testing-commits] r3247 - in data: CVE DSA

Moritz Muehlenhoff jmm-guest at costa.debian.org
Mon Jan 9 14:23:01 UTC 2006 

Author: jmm-guest
Date: 2006-01-09 14:22:55 +0000 (Mon, 09 Jan 2006)
New Revision: 3247

Modified:
   data/CVE/list
   data/DSA/list
Log:
two new DSAs for pound and smstools
kernel updates
corrected hylafax fix
fuse fixed


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-01-08 09:14:19 UTC (rev 3246)
+++ data/CVE/list	2006-01-09 14:22:55 UTC (rev 3247)
@@ -1,3 +1,6 @@
+CVE-2006-0083 [smstools logging format string issue]
+	{CVE-2006-0083}
+	- smstools <unfixed>
 CVE-2006-0106 [wine SETABORTPROC code execution via WMF]
 	{CVE-2005-4560}
 	- wine <unfixed> (bug #346197; medium)
@@ -2437,8 +2440,9 @@
 CVE-2005-3661 (Dell TrueMobile 2300 Wireless Broadband Router running firmware ...)
 	NOT-FOR-US: Dell hardware issue
 CVE-2005-3660 (Linux kernel 2.4 and 2.6 allows attackers to cause a denial of service ...)
-	- linux-2.6 <unfixed>
-	- kernel-source-2.4.27 <unfixed>
+	- linux-2.6 <unfixed> (low)
+	- kernel-source-2.4.27 <unfixed> (low)
+	NOTE: Really hard to fix design limitation, no fix to be expected soon
 CVE-2005-3659
 	RESERVED
 CVE-2005-3658
@@ -2683,11 +2687,13 @@
 	NOT-FOR-US: Tonio Gallery
 CVE-2005-3541
 	RESERVED
-CVE-2005-3540
+CVE-2005-3540 [buffer overflow in petris]
 	RESERVED
+	- petris <unfixed>
 CVE-2005-3539 [hylafax notify missing input sanitising]
 	RESERVED
-	- hylafax 2:4.2.4-1
+	- hylafax 2:4.2.4-2
+	NOTE: First patch had regressions
 CVE-2005-3538 [hylafax hfaxd PAM breakage]
 	RESERVED
 	- hylafax 2:4.2.4-1
@@ -2710,7 +2716,7 @@
 	{DSA-917-1}
 	- courier 0.47-12 (bug #211920; medium)
 CVE-2005-3531 (fusermount in FUSE before 2.4.1, if installed setuid root, allows ...)
-	- fuse <unfixed> (bug #340398; medium)
+	- fuse 2.4.1-0.1 (bug #340398; medium)
 CVE-2005-3530 (Cross-site scripting (XSS) vulnerability in Antville 1.1 allows remote ...)
 	NOT-FOR-US: Antville
 CVE-2005-3529 (tiki-view_forum_thread.php in TikiWiki 1.9.0 through 1.9.2 allows ...)
@@ -17999,7 +18005,7 @@
 	{DSA-510}
 	- jftpgw 0.13.4-1
 CVE-2004-0447 (Unknown vulnerability in Linux before 2.4.26 for IA64 allows local ...)
-	NOTE: fixed in linux 2.4.26
+	- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.26)
 CVE-2004-0446
 	RESERVED
 CVE-2004-0445 (The SYMDNS.SYS driver in Symantec Norton Internet Security and ...)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2006-01-08 09:14:19 UTC (rev 3246)
+++ data/DSA/list	2006-01-09 14:22:55 UTC (rev 3247)
@@ -1,3 +1,9 @@
+[09 Jan 2006] DSA-930-1 smstools - format string error
+        {CVE-2006-0083}
+        [sarge] - smstools 1.14.8-1sarge0
+[09 Jan 2006] DSA-929-1 petris - buffer overflow
+        {CVE-2005-3540}
+        [sarge] - petris 1.0.1-4sarge0
 [27 Dec 2005] DSA-928-1 dhis-tools-dns - insecure temporary file
         {CVE-2005-3341}
         [sarge] - dhis-tools-dns 5.0-3sarge1

More information about the Secure-testing-commits mailing list