[Secure-testing-commits] r4131 - data/CVE

Sat Jun 3 21:14:31 UTC 2006

Author: joeyh
Date: 2006-06-03 21:14:27 +0000 (Sat, 03 Jun 2006)
New Revision: 4131

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2006-06-03 20:40:54 UTC (rev 4130)
+++ data/CVE/list	2006-06-03 21:14:27 UTC (rev 4131)
@@ -246,6 +246,7 @@
 CVE-2006-2543 (Xtreme Topsites 1.1 allows remote attackers to trigger MySQL errors ...)
 	NOT-FOR-US: Xtreme Topsites
 CVE-2006-2542 (xmcdconfig in Debian GNU/Linux 2.6-17.1 creates /var/lib/cddb and ...)
+	{DSA-1086-1}
 	TODO: check sarge and woody
 	- xmcd 2.6-17.2 (bug #366816; medium)
 CVE-2006-2541 (SQL injection vulnerability in settings.asp in Zixforum 1.12 allows ...)
@@ -731,6 +732,7 @@
 CVE-2006-2315 (PHP remote file inclusion vulnerability in session.inc.php in ...)
 	NOT-FOR-US: ISPConfig
 CVE-2006-2314 (PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before ...)
+	{DSA-1087-1}
 	- postgresql 7.5.4 (medium; bug #368645)
 	- postgresql-7.4 1:7.4.13-1 (medium)
 	- postgresql-8.0 <removed> (medium)
@@ -743,6 +745,7 @@
 	NOTE: package which does not contain actual code.  That's why
 	NOTE: it's marked as fixed here.  (Previous versions are vulnerable.)
 CVE-2006-2313 (PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before ...)
+	{DSA-1087-1}
 	- postgresql 7.5.4 (high; bug #368645)
 	- postgresql-7.4 1:7.4.13-1 (high)
 	- postgresql-8.0 <removed> (high)
@@ -2552,7 +2555,7 @@
 CVE-2006-1578 (Multiple SQL injection vulnerabilities in Keystone Digital Library ...)
 	NOT-FOR-US: Keystone Digital Library Suite 
 CVE-2006-1577 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
-        [woody] - mantis <not-affected> (Vulnerable code not present)
+	[woody] - mantis <not-affected> (Vulnerable code not present)
 	- mantis <unfixed> (bug #361138)
 CVE-2006-1576 (Direct static code injection vulnerability in QLnews 1.2 allows remote ...)
 	NOT-FOR-US: QLnews
@@ -2759,6 +2762,7 @@
 	- mysql <unfixed> (bug #365939; low)
 CVE-2006-1515 [typespeed buffer overflow]
 	RESERVED
+	{DSA-1084-1}
 	- typespeed 0.4.4-10
 CVE-2006-1514 (Multiple buffer overflows in the abcmidi-yaps translator in abcmidi ...)
 	{DSA-1043-1}
@@ -3038,6 +3042,7 @@
 CVE-2005-4745 (SQL injection vulnerability in the rlm_sqlcounter module in FreeRADIUS ...)
 	- freeradius 1.0.5-1
 CVE-2005-4744 (Off-by-one error in the sql_error function in sql_unixodbc.c in ...)
+	{DSA-1089-1}
 	- freeradius 1.0.5-1
 CVE-1999-1587 (/usr/ucb/ps in Sun Microsystems Solaris 8 and 9, and certain earlier ...)
 	NOT-FOR-US: Solaris
@@ -3134,6 +3139,7 @@
 CVE-2006-1355 (avast! Antivirus 4.6.763 and earlier sets &quot;BUILTIN\Everyone&quot; ...)
 	NOT-FOR-US: avast AV
 CVE-2006-1354 (Unspecified vulnerability in FreeRADIUS 1.0.0 up to 1.1.0 allows ...)
+	{DSA-1089-1}
 	- freeradius 1.1.0-1.2 (bug #359042; high)
 CVE-2006-1353 (Multiple SQL injection vulnerabilities in ASPPortal 3.1.1 and earlier ...)
 	NOT-FOR-US: ASPPortal
@@ -8114,7 +8120,7 @@
 CVE-2005-3864 (SQL injection vulnerability in index.php in SourceWell 1.1.2 and ...)
 	NOT-FOR-US: SourceWell
 CVE-2005-3863 (Stack-based buffer overflow in kkstrtext.h in ktools library 0.3 and ...)
-	{DSA-1083-1 DTSA-23-1}
+	{DSA-1088-1 DSA-1083-1 DTSA-23-1}
 	- centericq 4.21.0-6 (bug #340959; medium)
 	- orpheus <unfixed> (bug #368402; medium)
 	- motor 2:3.4.0-6 (bug #368400; medium)
@@ -10530,7 +10536,7 @@
 	- module-assistant 0.9.10
 	TODO: Check, whether this version really fixes the issue, it's not mentioned in the changelog
 CVE-2005-3120 (Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and ...)
-	{DSA-876-1 DSA-874-1}
+	{DSA-1085-1 DSA-876-1 DSA-874-1}
 	- lynx 2.8.5-2sarge1 (bug #335033; high)
 	- lynx-cur 2.8.6-16 (bug #334423; high)
 	- lynx-ssl <removed>


