[Secure-testing-commits] r3373 - in data: CVE DSA
Florian Weimer
fw at costa.debian.org
Thu Jan 26 10:59:24 UTC 2006
Author: fw
Date: 2006-01-26 10:59:18 +0000 (Thu, 26 Jan 2006)
New Revision: 3373
Modified:
data/CVE/list
data/DSA/list
Log:
DSA-956-1: lsh-utils
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-01-26 09:27:19 UTC (rev 3372)
+++ data/CVE/list 2006-01-26 10:59:18 UTC (rev 3373)
@@ -229,6 +229,7 @@
- mydns 1.1.0+pre-3 (medium)
CVE-2006-0353 (unix_random.c in lshd for lsh 2.0.1 leaks file descriptors related to ...)
- lsh-utils 2.0.1cdbs-4 (low; bug #349303)
+ NOTE: woody seems to be vulnerable as well (looking at the source code).
CVE-2006-0283 (Unspecified vulnerability in Oracle Database Server 10.1.0.4.2, ...)
NOT-FOR-US: Oracle
CVE-2006-0321 (fetchmail 6.3.0 and other versions before 6.3.2 allows remote ...)
Modified: data/DSA/list
===================================================================
--- data/DSA/list 2006-01-26 09:27:19 UTC (rev 3372)
+++ data/DSA/list 2006-01-26 10:59:18 UTC (rev 3373)
@@ -1,3 +1,7 @@
+[26 Jan 2006] DSA-956-1 lsh-server - filedescriptor leak
+ {CVE-2006-0353}
+ [sarge] - lsh-utils 2.0.1-3sarge1
+ NOTE: not fixed in testing at time of DSA (not yet built)
[25 Jan 2006] DSA-955-1 mailman - DoS
{CVE-2005-3573 CVE-2005-4153}
[woody] - mailman <not-affected> (Vulnerable code not present)
More information about the Secure-testing-commits
mailing list