[Secure-testing-commits] r3326 - in data: CVE DSA

Moritz Muehlenhoff jmm-guest at costa.debian.org
Fri Jan 20 14:53:32 UTC 2006 

Author: jmm-guest
Date: 2006-01-20 14:53:26 +0000 (Fri, 20 Jan 2006)
New Revision: 3326

Modified:
   data/CVE/list
   data/DSA/list
Log:
two new DSAs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-01-20 11:24:15 UTC (rev 3325)
+++ data/CVE/list	2006-01-20 14:53:26 UTC (rev 3326)
@@ -1035,8 +1035,9 @@
 	[sarge] - kernel-source-2.4.27 <not-affected> (Vulnerable code not present)
 CVE-2006-0035 (The netlink_rcv_skb function in af_netlink.c in Linux kernel 2.6.15 ...)
 	- linux-2.6 <unfixed>
-CVE-2006-0019
+CVE-2006-0019 [kjs heap overflow]
 	RESERVED
+	- kdelibs <unfixed> (medium)
 CVE-2005-4474 (Buffer overflow in the &quot;Add to archive&quot; command in WinRAR 3.51 allows ...)
 	NOT-FOR-US: WinRAR
 CVE-2005-4473 (Unspecified vulnerability in Macromedia JRun 4 web server (JWS) allows ...)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2006-01-20 11:24:15 UTC (rev 3325)
+++ data/DSA/list	2006-01-20 14:53:26 UTC (rev 3326)
@@ -1,3 +1,11 @@
+[20 Jan 2006] DSA-948-1 kdelibs - heap overflow
+        {CVE-2006-0019}
+	[sarge] - kdelibs 3.3.2-6.4
+	NOTE: not fixed in testing at time of DSA (unfixed in sid)
+[20 Jan 2006] DSA-947-1 clamav - heap overflow
+        {CVE-2006-0162}
+	[sarge] - clamav 0.84-2.sarge.7
+	NOTE: fixed in testing at time of DSA
 [20 Jan 2006] DSA-946-1 sudo - missing input sanitising
         {CVE-2005-4158 CVE-2006-0151}
 	[woody] - sudo 1.6.6-1.5

More information about the Secure-testing-commits mailing list