[Secure-testing-commits] r4453 - data/CVE
Moritz Muehlenhoff
jmm-guest at costa.debian.org
Tue Jul 25 10:05:21 UTC 2006
Author: jmm-guest
Date: 2006-07-25 10:05:18 +0000 (Tue, 25 Jul 2006)
New Revision: 4453
Modified:
data/CVE/list
Log:
new shadow issue, maintainers already aware
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-07-24 18:37:04 UTC (rev 4452)
+++ data/CVE/list 2006-07-25 10:05:18 UTC (rev 4453)
@@ -738,7 +738,7 @@
{DSA-1119}
- hiki 0.8.6-1 (bug #378059; low)
CVE-2006-3378 (passwd command in shadow in Ubuntu 5.04 through 6.06 LTS, when called ...)
- TODO: check
+ - shadow <unfixed>
CVE-2006-3377 (Cross-site scripting (XSS) vulnerability in JMB Software AutoRank PHP ...)
NOT-FOR-US: JMB Software AutoRank PHP
CVE-2006-3376 (Integer overflow in player.c in libwmf 0.2.8.4, as used in multiple ...)
@@ -16732,6 +16732,7 @@
- dar <not-affected> (zlib not used on unstrusted input, see #317989)
[woody] - bacula <not-affected> (Woody contains zlib 1.1, which is not affected)
- bacula 1.36.3-2 (bug #318014; medium)
+ [sarge] - bacula <no-dsa> (Backups do not contain untrusted data)
[woody] - sash <not-affected> (Woody contains zlib 1.1, which is not affected)
- sash 3.7-6 (bug #318246; bug #318069; medium)
[woody] - libphysfs <not-affected> (Woody contains zlib 1.1, which is not affected)
More information about the Secure-testing-commits
mailing list