[Secure-testing-commits] r3353 - data/CVE

Joey Hess joeyh at costa.debian.org
Mon Jan 23 21:14:30 UTC 2006 

Author: joeyh
Date: 2006-01-23 21:14:24 +0000 (Mon, 23 Jan 2006)
New Revision: 3353

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-01-23 20:16:49 UTC (rev 3352)
+++ data/CVE/list	2006-01-23 21:14:24 UTC (rev 3353)
@@ -392,6 +392,7 @@
 CVE-2005-4645 (SQL injection vulnerability in index.php in 3CFR allows remote ...)
 	NOT-FOR-US: 3CFR
 CVE-2005-4644 (Cross-site scripting (XSS) vulnerability in the HTML WikiProcessor in ...)
+	{DSA-951-1}
 	- trac 0.9.3-1
 CVE-2005-4643 (SQL injection vulnerability in index.php in Antharia OnContent // CMS ...)
 	NOT-FOR-US: Antharia OnContent
@@ -421,6 +422,7 @@
 	NOTE: The whole black list approach is flawed, for the DSA we'll switch to
 	NOTE: a white list approach of known to be safe env vars.
 CVE-2006-0150 (Multiple format string vulnerabilities in the auth_ldap_log_reason ...)
+	{DSA-952-1}
 	- libapache-auth-ldap <removed> (bug #347416)
 CVE-2006-0149 (Cross-site scripting (XSS) vulnerability in SimpBook 1.0, with ...)
 	NOT-FOR-US: SimpBook
@@ -1925,6 +1927,7 @@
 CVE-2005-4066 (Total Commander 6.53 uses weak encryption to store FTP usernames and ...)
 	NOT-FOR-US: Total Commander
 CVE-2005-4065 (SQL injection vulnerability in the search module in Edgewall Trac ...)
+	{DSA-951-1}
 	- trac 0.9.2-1 (bug #342232; medium)
 CVE-2005-4064 (Multiple SQL injection vulnerabilities in A-FAQ 1.0 allow remote ...)
 	NOT-FOR-US: A-FAQ
@@ -3162,14 +3165,14 @@
 	RESERVED
 CVE-2005-3628 [further xpdf overflow check]
 	RESERVED
-	{DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1}
+	{DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1}
 	- kdegraphics 3.5.0-3
 	- gpdf 2.10.0-2 (bug #342286)
 	- xpdf 3.01-4
 	- koffice 1:1.4.2-6 (bug #342294)
 	- libextractor 0.5.9-1
 CVE-2005-3627 (Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, ...)
-	{DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1}
+	{DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1}
 	- poppler 0.4.4-1 (bug #346076)
 	- tetex <not-affected> (Links dynamically to poppler)
 	- kdegraphics 3.5.0-3
@@ -3178,7 +3181,7 @@
 	- koffice 1:1.4.2-6 (bug #342294)
 	- libextractor 0.5.9-1
 CVE-2005-3626 (Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, ...)
-	{DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1}
+	{DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1}
 	- poppler 0.4.3-2
 	- kdegraphics 3.5.0-3
 	- xpdf 3.01-4
@@ -3186,7 +3189,7 @@
 	- koffice 1:1.4.2-6 (bug #342294)
 	- libextractor 0.5.9-1
 CVE-2005-3625 (Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, ...)
-	{DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1}
+	{DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1}
 	- poppler 0.4.4-1 (bug #346076)
 	- tetex <not-affected> (Links dynamically to poppler)
 	- kdegraphics 3.5.0-3
@@ -3195,7 +3198,7 @@
 	- koffice 1:1.4.2-6 (bug #342294)
 	- libextractor 0.5.9-1
 CVE-2005-3624 (The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, ...)
-	{DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1}
+	{DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1}
 	- poppler 0.4.4-1 (bug #346076)
 	- tetex <not-affected> (Links dynamically to poppler)
 	- gpdf 2.10.0-2 (bug #342286)
@@ -4637,7 +4640,7 @@
 CVE-2005-3194 (Multiple buffer overflows in ALZip 6.12 (Korean), 6.1 (International), ...)
 	NOT-FOR-US: ALZip
 CVE-2005-3193 (Heap-based buffer overflow in the JPXStream::readCodestream function ...)
-	{DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1}
+	{DSA-950-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1}
 	- xpdf 3.01-3 (bug #342281; bug #342337; medium)
 	- gpdf 2.10.0-1 (bug #342286; medium)
 	- pdftohtml <not-affected> (Vulnerable xpdf code not contained)
@@ -4649,7 +4652,7 @@
 	- libextractor 0.5.8-1 (medium)
 	- cupsys 1.1.23-13 (unimportant)
 CVE-2005-3192 (Heap-based buffer overflow in the StreamPredictor function in Xpdf ...)
-	{DSA-940-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1}
+	{DSA-950-1 DSA-940-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1}
 	- xpdf 3.01-3 (bug #342281; bug #342337; medium)
 	- gpdf 2.10.0-1 (bug #342286; medium)
 	- pdftohtml <unfixed> (bug #342289; medium)
@@ -4662,7 +4665,7 @@
 	- libextractor 0.5.8-1 (medium)
 	- cupsys 1.1.23-13 (unimportant)
 CVE-2005-3191 (Multiple heap-based buffer overflows in the (1) ...)
-	{DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1}
+	{DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1}
 	- xpdf 3.01-3 (bug #342281; bug #342337; medium)
 	- gpdf 2.10.0-1 (bug #342286; medium)
 	- pdftohtml <unfixed> (bug #342289; medium)

More information about the Secure-testing-commits mailing list