[Secure-testing-commits] r3296 - data/CVE

Micah Anderson micah at costa.debian.org
Sat Jan 14 17:00:51 UTC 2006 

Author: micah
Date: 2006-01-14 17:00:45 +0000 (Sat, 14 Jan 2006)
New Revision: 3296

Modified:
   data/CVE/list
Log:
Certify some more packages as affected in Sarge


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-01-14 11:55:13 UTC (rev 3295)
+++ data/CVE/list	2006-01-14 17:00:45 UTC (rev 3296)
@@ -137,6 +137,7 @@
 	NOT-FOR-US: PD9 Software MegaBBS
 CVE-2006-0162 (Heap-based buffer overflow in libclamav/upx.c in Clam Antivirus ...)
 	- clamav 0.88-1
+	NOTE: Sarge is affected
 CVE-2006-0138 (aMSN (aka Alvaro's Messenger) allows remote attackers to cause a ...)
 	NOT-FOR-US: Alvaro's Messenger
 CVE-2006-0137 (SQL injection vulnerability in linkcategory.php in Phanatic Softwares ...)
@@ -2924,6 +2925,7 @@
 	NOT-FOR-US: Advanced Guestbook
 CVE-2005-3587 (Improper boundary checks in petite.c in Clam AntiVirus (ClamAV) before ...)
 	- clamav 0.87.1-1 (medium)
+	NOTE: sarge is affected (not in oldstable)
 CVE-2005-3586 (content.php in Mambo 4.5.2 through 4.5.2.3 allows remote attackers to ...)
 	NOT-FOR-US: Mambo
 CVE-2005-3585 (SQL injection vulnerability in forum.php in PhpWebThings 1.4.4 allows ...)
@@ -4218,6 +4220,7 @@
 CVE-2005-3229 (Multiple interpretation error in unspecified versions of ClamAV ...)
 	- clamav <unfixed> (low)
 	NOTE: This was already forwarded to sgran; zobel any news yet?
+	NOTE: Sarge affected (not in oldstable)
 CVE-2005-3228 (Multiple interpretation error in unspecified versions of Ikarus ...)
 	NOT-FOR-US: Ikarus Antivirus
 CVE-2005-3227 (Multiple interpretation error in unspecified versions of UNA Antivirus ...)
@@ -6372,6 +6375,7 @@
 	- gallery 1.3.3
 CVE-2005-XXXX [DoS against clamav through infinite loop in cli_rmdirs]
 	- clamav 0.86.2-1 (low)
+	NOTE: suspect this also affects Sarge, not enough info to know what this is
 CVE-2005-2554 (The web server for Network Associates ePolicy Orchestrator Agent 3.5.0 ...)
 	NOT-FOR-US: Network Associated ePolicy Orchestrator Agent
 CVE-2005-2553 (The find_target function in ptrace32.c in the Linux kernel 2.4.x ...)
@@ -6719,9 +6723,11 @@
 	- fftw3 3.0.1-12 (low; bug #321566)
 CVE-2005-XXXX [clamav-getfile: Insecure use of temporary files]
 	- clamav-getfiles 0.5-1 (bug #321446; medium)
+	NOTE: Sarge is affected
 CVE-2005-3254 (The CGIwrap program before 3.9 on Debian GNU/Linux uses an incorrect ...)
 	{DTSA-6-1}
 	- cgiwrap 3.9-3.1 (bug #316881; low)
+	NOTE: Sarge and Woody affected
 CVE-2005-3255 (The (1) cgiwrap and (2) php-cgiwrap packages before 3.9 in Debian ...)
 	{DTSA-6-1}
 	- cgiwrap 3.9-3.1 (bug #316901; low)
@@ -10342,6 +10348,7 @@
 	NOT-FOR-US: HTTP Commander
 CVE-2005-XXXX [clamav: DoS through multiple empty Content-Disposition header lines]
 	- clamav 0.85.1-1 (low)
+	NOTE: Suspect Sarge is affected, not enough information to certify
 CVE-2005-XXXX [libxpm4: new s_popen() function is insecure garbage]
 	- xfree86 4.3.0.dfsg.1-14 (bug #308783)
 	- xorg-x11 <not-affected> (Xfree-specific, inspected the Subversion tree)

More information about the Secure-testing-commits mailing list