[Secure-testing-commits] r3344 - data/CVE

[Moritz Muehlenhoff]

Author: jmm-guest
Date: 2006-01-22 21:22:29 +0000 (Sun, 22 Jan 2006)
New Revision: 3344

Modified:
   data/CVE/list
Log:
new lsh issue
vlc fixed
no-dsa for dump/CVE-2005-2096


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-01-22 21:14:22 UTC (rev 3343)
+++ data/CVE/list	2006-01-22 21:22:29 UTC (rev 3344)
@@ -1,3 +1,5 @@
+CVE-2006-0353 [fd leak in lsh]
+	- lsh-utils 2.0.1cdbs-4 (low)
 CVE-2006-0283 (Unspecified vulnerability in Oracle Database Server 10.1.0.4.2, ...)
 	TODO: check
 CVE-2006-0321 [fetchmail: segfault after bouncing a message]
@@ -1960,7 +1962,7 @@
 	- gst-ffmpeg 0.8.7-5 (bug #343503; medium)
 	- kino <unfixed> (medium)
 	- smilutils <unfixed> (medium)
-	- vlc <unfixed> (medium)
+	- vlc 0.8.4.debian-2 (medium)
 	- motion <unfixed> (medium)
 	NOTE: kino, smilutils, motion and vlc link statically against libavcodec, need a recompile once ffmpeg is fixed
 CVE-2005-4047 (Cross-site scripting (XSS) vulnerability in kb.asp in IISWorks ...)
@@ -8615,7 +8617,8 @@
 	NOTE: Sarge is affected
 	- zsync 0.4.0-2 (bug #317968; medium)
 	[woody] - dump <not-affected> (Woody contains zlib 1.1, which is not affected)
-	- dump 0.4b40-1 (bug #317966; medium)
+	[sarge] - dump <no-dsa> (Backups do not contain untrusted data)
+	- dump 0.4b40-1 (bug #317966; low)
 	[woody] - aide <not-affected> (Woody contains zlib 1.1, which is not affected)
 	- aide 0.10-6.1.1 (bug #317523; medium)
 	[woody] - amd64-libs <not-affected> (Woody contains zlib 1.1, which is not affected)