[Secure-testing-commits] r3367 - data/CVE

Moritz Muehlenhoff jmm-guest at costa.debian.org
Wed Jan 25 17:46:49 UTC 2006 

Author: jmm-guest
Date: 2006-01-25 17:46:44 +0000 (Wed, 25 Jan 2006)
New Revision: 3367

Modified:
   data/CVE/list
Log:
new mydns issue, some house-keeping


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-01-25 13:49:10 UTC (rev 3366)
+++ data/CVE/list	2006-01-25 17:46:44 UTC (rev 3367)
@@ -51,7 +51,7 @@
 CVE-2006-0352 (The default configuration of Fluffington FLog 1.01 installs ...)
 	TODO: check
 CVE-2006-0351 (Unspecified "critical denial-of-service vulnerability" in MyDNS before ...)
-	TODO: check
+	- mydns 1.1.0+pre-3 (medium; bug #348826)
 CVE-2006-0350 (Cross-site scripting (XSS) vulnerability in eggblog 2.0 allow remote ...)
 	TODO: check
 CVE-2006-0349 (SQL injection vulnerability in eggblog 2.0 allows remote attackers to ...)
@@ -118,7 +118,7 @@
 CVE-2006-XXXX [tor discovery of hidden services]
 	- tor <unfixed> (bug #349283)
 CVE-2006-0353 (unix_random.c in lsh before 2.0.1 leaks file descriptors related to ...)
-	- lsh-utils 2.0.1cdbs-4 (low)
+	- lsh-utils 2.0.1cdbs-4 (low; bug #349303)
 CVE-2006-0283 (Unspecified vulnerability in Oracle Database Server 10.1.0.4.2, ...)
 	NOT-FOR-US: Oracle
 CVE-2006-0321 (fetchmail 6.3.0 and other versions before 6.3.2 allows remote ...)
@@ -468,7 +468,7 @@
 CVE-2006-0177 (Multiple buffer overflows in Cray UNICOS 9.0.2.2 might allow local ...)
 	NOT-FOR-US: Cray UNICOS
 CVE-2006-0176 (Buffer overflow in certain functions in src/fileio.c and ...)
-	- xmame <unfixed> (medium)
+	- xmame <unfixed> (medium; bug #349653)
 	NOTE: Only xmame-svgalib is vulnerable, the xmame-x package has a debconf
 	NOTE: question, that makes it very clear that setuid root is only for single-user
 	NOTE: systems and xmame-sdl and xmess aren't setuid at all
@@ -6999,8 +6999,9 @@
 	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.10)
 	- kernel-source-2.4.27 <not-affected>
 CVE-2005-XXXX [Buffer overflow in Description parsing]
-	- bidwatcher <removed> (bug #319489; high)
+	- bidwatcher <removed> (bug #319489; low)
 	NOTE: Sarge and Woody affected
+	NOTE: Package is totally broken due to Ebay changes, so risk is low
 CVE-2005-XXXX [Does not do escaping in mysql version - both a worrying flaw and stops adduser working]
 	- dbmail <unfixed> (bug #303991; medium)
 CVE-2005-XXXX [downloads.ini writable by group users, world-readable]

More information about the Secure-testing-commits mailing list