[Secure-testing-commits] r3295 - data/CVE

Moritz Muehlenhoff jmm-guest at costa.debian.org
Sat Jan 14 11:55:19 UTC 2006 

Author: jmm-guest
Date: 2006-01-14 11:55:13 +0000 (Sat, 14 Jan 2006)
New Revision: 3295

Modified:
   data/CVE/list
Log:
bugnums


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-01-14 11:33:50 UTC (rev 3294)
+++ data/CVE/list	2006-01-14 11:55:13 UTC (rev 3295)
@@ -1,8 +1,8 @@
 CVE-2006-XXXX [php5 response splitting]
-	- php5 <unfixed> (bug filed)
+	- php5 <unfixed> (bug #347894)
 	- php4 <not-affected> (vulnerable code was introduced in PHP5)
 CVE-2006-XXXX [php5 mysqli format string issue]
-	- php5 <unfixed> (bug filed)
+	- php5 <unfixed> (bug #347894)
 	- php4 <not-affected> (vulnerable code was introduced in PHP5)
 CVE-2006-0187 (By design, Microsoft Visual Studio 2005 automatically executes code in ...)
 	NOT-FOR-US: Microsoft
@@ -95,7 +95,7 @@
 	NOTE: The whole black list approach is flawed, for the DSA we'll switch to
 	NOTE: a white list approach of known to be safe env vars.
 CVE-2006-0150 (Multiple format string vulnerabilities in the auth_ldap_log_reason ...)
-	- libapache-auth-ldap <removed>
+	- libapache-auth-ldap <removed> (bug #347416)
 	NOTE: DSA in preparation
 CVE-2006-0149 (Cross-site scripting (XSS) vulnerability in SimpBook 1.0, with ...)
 	NOT-FOR-US: SimpBook
@@ -985,7 +985,7 @@
 	NOT-FOR-US: IOS
 CVE-2005-4348 (fetchmail before 6.3.1 and before 6.2.5.5, when configured for ...)
 	{DSA-939-1}
-	- fetchmail 6.3.1-1 (bug #343836; low)
+	- fetchmail 6.3.1-1 (bug #343836; bug #345944; low)
 CVE-2005-4418 [Default policy in util-vserver prior to 0.30.208 trusted unknown capabilities]
 	RESERVED
 	- util-vserver 0.30.208-1
@@ -1582,7 +1582,7 @@
 CVE-2005-4066 (Total Commander 6.53 uses weak encryption to store FTP usernames and ...)
 	NOT-FOR-US: Total Commander
 CVE-2005-4065 (SQL injection vulnerability in the search module in Edgewall Trac ...)
-	- trac 0.9.2-1 (medium)
+	- trac 0.9.2-1 (bug #342232; medium)
 CVE-2005-4064 (Multiple SQL injection vulnerabilities in A-FAQ 1.0 allow remote ...)
 	NOT-FOR-US: A-FAQ
 CVE-2005-4063 (Multiple cross-site scripting (XSS) vulnerabilities in NetAuctionHelp ...)
@@ -1766,7 +1766,7 @@
 CVE-2005-3981 (** DISPUTED ** ...)
 	NOT-FOR-US: Windows
 CVE-2005-3980 (SQL injection vulnerability in the ticket query module in Edgewall ...)
-	- trac 0.9.1-1 (medium)
+	- trac 0.9.1-1 (bug #341697; medium)
 CVE-2005-3979 (relocate_server.php in Coppermine Photo Gallery (CPG) 1.4.2 and 1.4 ...)
 	NOT-FOR-US: Coppermine Photo Gallery
 CVE-2005-3978 (Multiple SQL injection vulnerabilities in NetClassifieds Premium ...)
@@ -2824,7 +2824,7 @@
 	- libextractor 0.5.9-1
 CVE-2005-3627 (Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, ...)
 	{DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1}
-	- poppler 0.4.4-1
+	- poppler 0.4.4-1 (bug #346076)
 	- kdegraphics 3.5.0-3
 	- gpdf <unfixed>
 	- xpdf 3.01-4
@@ -2840,7 +2840,7 @@
 	- libextractor 0.5.9-1
 CVE-2005-3625 (Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, ...)
 	{DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1}
-	- poppler 0.4.4-1
+	- poppler 0.4.4-1 (bug #346076)
 	- kdegraphics 3.5.0-3
 	- xpdf 3.01-4
 	- gpdf <unfixed>
@@ -2848,7 +2848,7 @@
 	- libextractor 0.5.9-1
 CVE-2005-3624 (The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, ...)
 	{DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1}
-	- poppler 0.4.4-1
+	- poppler 0.4.4-1 (bug #346076)
 	- gpdf <unfixed>
 	- kdegraphics 3.5.0-3
 	- xpdf 3.01-4
@@ -3024,7 +3024,7 @@
 	- petris 1.0.1-5
 CVE-2005-3539 (Multiple eval injection vulnerabilities in HylaFAX 4.2.3 and earlier ...)
 	{DSA-933-1}
-	- hylafax 2:4.2.4-2
+	- hylafax 2:4.2.4-2 (bug #347298)
 	NOTE: First patch had regressions
 CVE-2005-3538 (hfaxd in HylaFAX 4.2.3, when PAM support is disabled, accepts ...)
 	- hylafax 2:4.2.4-1
@@ -11798,7 +11798,7 @@
 	{DSA-850-1}
 	- tcpdump 3.8.3-4
 CVE-2005-1278 (The isis_print function, as called by isoclns_print, in tcpdump 3.9.1 ...)
-	- tcpdump 3.8.3-4
+	- tcpdump 3.8.3-4 (bug #307920)
 CVE-2005-1277
 	REJECTED
 CVE-2005-1276

More information about the Secure-testing-commits mailing list