[Secure-testing-commits] r3283 - in data: CVE DSA

Micah Anderson micah at costa.debian.org
Thu Jan 12 18:59:30 UTC 2006 

Author: micah
Date: 2006-01-12 18:59:23 +0000 (Thu, 12 Jan 2006)
New Revision: 3283

Modified:
   data/CVE/list
   data/DSA/list
Log:
DSA-935-1 and DSA-930-2


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-01-12 15:44:24 UTC (rev 3282)
+++ data/CVE/list	2006-01-12 18:59:23 UTC (rev 3283)
@@ -283,7 +283,9 @@
 	- linux-2.6 <unfixed>
 	NOTE: Added patch tracker template
 CVE-2006-0083 (Format string vulnerability in the logging code of SMS Server Tools ...)
-	{DSA-930-1}
+	{DSA-930-2}
+	[woody] - smstools 1.5.0-2woody0
+	[sarge] - smstools 1.14.8-1sarge0
 	- smstools <unfixed> (bug #347221; medium)
 CVE-2006-0106 (gdi/driver.c and gdi/printdrv.c in Wine 20050930, and other versions, ...)
 	{CVE-2005-4560}
@@ -2745,6 +2747,8 @@
 CVE-2005-3657 (The ActiveX control in MCINSCTL.DLL for McAfee VirusScan Security ...)
 	NOT-FOR-US: McAfee
 CVE-2005-3656 (Multiple format string vulnerabilities in logging functions in ...)
+	{DSA-935-1}
+	[sarge] - libapache2-mod-auth-pgsql 2.0.2b1-5sarge0
 	- libapache2-mod-auth-pgsql 2.0.2b1-7
 	- libapache-mod-auth-pgsql <not-affected> (Does not contain the vulnerable ap_log_rerror() function)
 CVE-2005-3655

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2006-01-12 15:44:24 UTC (rev 3282)
+++ data/DSA/list	2006-01-12 18:59:23 UTC (rev 3283)
@@ -11,6 +11,10 @@
 	{CVE-2005-2097 CVE-2005-3191 CVE-2005-3192 CVE-2005-3193 CVE-2005-3624 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628}
 	[sarge] - libextractor 0.4.2-2sarge2
 	NOTE: Fixed in testing at time of DSA
+[10 Jan 2006] DSA-935-1 libapache2-mod-auth-pgsql - format string vulnerability
+	{CVE-2005-3656}
+	[sarge] - libapache2-mod-auth-pgsql 2.0.2b1-5sarge0
+	NOTE: Not fixed in sid at the time of DSA
 [09 Jan 2006] DSA-934-1 pound - remote
 	{CVE-2005-1391 CVE-2005-3751}
 	[sarge] - pound 1.8.2-1sarge1
@@ -27,6 +31,11 @@
         {CVE-2005-3191 CVE-2005-3192 CVE-2005-3193 CVE-2005-3624 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628}
 	[woody] - xpdf 1.00-3.8
 	[sarge] - xpdf 3.00-13.4
+[10 Jan 2006] DSA-930-2 smstools - format string attack
+	{CVE-2006-0083}
+	[woody] smstools - 1.5.0-2woody0
+	[sarge] smstools - 1.14.8-1sarge0
+	NOTE: not fixed in sid at time of DSA
 [09 Jan 2006] DSA-930-1 smstools - format string error
         {CVE-2006-0083}
         [sarge] - smstools 1.14.8-1sarge0

More information about the Secure-testing-commits mailing list