[Secure-testing-commits] r4459 - data/CVE

Stefan Fritsch stef-guest at costa.debian.org
Thu Jul 27 16:29:26 UTC 2006 

Author: stef-guest
Date: 2006-07-27 16:29:17 +0000 (Thu, 27 Jul 2006)
New Revision: 4459

Modified:
   data/CVE/list
Log:
- CVE-2006-2898: some part of the fix seems to have been lost in asterisk
1:1.2.10.dfsg-1
- ethereal is now wireshark which fixes CVE-2006-3627 to -3632



Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-07-26 21:44:24 UTC (rev 4458)
+++ data/CVE/list	2006-07-27 16:29:17 UTC (rev 4459)
@@ -420,17 +420,23 @@
 CVE-2006-3633
 	RESERVED
 CVE-2006-3632 (Buffer overflow in Wireshark (aka Ethereal) 0.8.16 to 0.99.0 ...)
-	- ethereal <unfixed> (bug #378745; high)
+	- ethereal <removed> (bug #378745; high)
+	- wireshark 0.99.2-1 (high)
 CVE-2006-3631 (Unspecified vulnerability in the SSH dissector in Wireshark (aka ...)
-	- ethereal <unfixed> (bug #378745; high)
+	- ethereal <removed> (bug #378745; high)
+	- wireshark 0.99.2-1 (high)
 CVE-2006-3630 (Multiple off-by-one errors in Wireshark (aka Ethereal) 0.9.7 to ...)
-	- ethereal <unfixed> (bug #378745; high)
+	- ethereal <removed> (bug #378745; high)
+	- wireshark 0.99.2-1 (high)
 CVE-2006-3629 (Unspecified vulnerability in the MOUNT dissector in Wireshark ...)
-	- ethereal <unfixed> (bug #378745; high)
+	- ethereal <removed> (bug #378745; high)
+	- wireshark 0.99.2-1 (high)
 CVE-2006-3628 (Multiple format string vulnerabilities in Wireshark (aka Ethereal) ...)
-	- ethereal <unfixed> (bug #378745; high)
+	- ethereal <removed> (bug #378745; high)
+	- wireshark 0.99.2-1 (high)
 CVE-2006-3627 (Unspecified vulnerability in the GSM BSSMAP dissector in Wireshark ...)
-	- ethereal <unfixed> (bug #378745; high)
+	- ethereal <removed> (bug #378745; high)
+	- wireshark 0.99.2-1 (high)
 	[sarge] - ethereal <no-dsa> (Vulnerable code not present)
 CVE-2006-3625 (FLV Players 8 allows remote attackers to obtain sensitive information ...)
 	NOT-FOR-US: FLV Players
@@ -1952,7 +1958,7 @@
 CVE-2006-2899 (Unspecified vulnerability in ESTsoft InternetDISK versions before ...)
 	NOT-FOR-US: ESTsoft InternetDISK
 CVE-2006-2898 (The IAX2 channel driver (chan_iax2) for Asterisk 1.2.x before 1.2.9 ...)
-	- asterisk 1:1.2.7.1.dfsg-3
+	- asterisk 1:1.2.10.dfsg-2 (bug #380054)
 	- iax 0.2.2-5
 	- iaxmodem 0.1.8.dfsg-2
 CVE-2006-2897 (Cross-site scripting (XSS) vulnerability in FunkBoard 0.71 allows ...)

More information about the Secure-testing-commits mailing list