[Secure-testing-commits] r3347 - in data: CVE DSA

Moritz Muehlenhoff jmm-guest at costa.debian.org
Mon Jan 23 15:37:06 UTC 2006


Author: jmm-guest
Date: 2006-01-23 15:37:00 +0000 (Mon, 23 Jan 2006)
New Revision: 3347

Modified:
   data/CVE/list
   data/DSA/list
Log:
new libapache-auth-ldap DSA


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-01-23 13:41:11 UTC (rev 3346)
+++ data/CVE/list	2006-01-23 15:37:00 UTC (rev 3347)
@@ -422,7 +422,6 @@
 	NOTE: a white list approach of known to be safe env vars.
 CVE-2006-0150 (Multiple format string vulnerabilities in the auth_ldap_log_reason ...)
 	- libapache-auth-ldap <removed> (bug #347416)
-	NOTE: DSA in preparation
 CVE-2006-0149 (Cross-site scripting (XSS) vulnerability in SimpBook 1.0, with ...)
 	NOT-FOR-US: SimpBook
 CVE-2006-0148 (NetSarang Xlpd 2.1 allows remote attackers to cause a denial of ...)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2006-01-23 13:41:11 UTC (rev 3346)
+++ data/DSA/list	2006-01-23 15:37:00 UTC (rev 3347)
@@ -1,3 +1,8 @@
+[23 Jan 2006] DSA-952-1 libapache-auth-ldap - format string vulnerability
+	{CVE-2006-0150}
+	[sarge] - libapache-auth-ldap 1.6.0-3.1
+	[sarge] - libapache-auth-ldap 1.6.0-8.1
+	NOTE: fixed in testing at time of DSA (no longer present in testing/sid)
 [23 Jan 2006] DSA-951-1 trac - missing input sanitising
 	{CVE-2005-4065 CVE-2005-4644}
 	[sarge] - trac 0.8.1-3sarge3




More information about the Secure-testing-commits mailing list