[Secure-testing-commits] r4159 - in data: CVE DSA
Moritz Muehlenhoff
jmm-guest at costa.debian.org
Tue Jun 6 22:10:07 UTC 2006
Author: jmm-guest
Date: 2006-06-06 22:10:05 +0000 (Tue, 06 Jun 2006)
New Revision: 4159
Modified:
data/CVE/list
data/DSA/list
Log:
squirrelmail non-issue
openldap non-issue
tiffsplit not very severe
no-dsa for php-curl
kernel dupe
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-06-06 21:47:01 UTC (rev 4158)
+++ data/CVE/list 2006-06-06 22:10:05 UTC (rev 4159)
@@ -1,3 +1,6 @@
+CVE-2006-2842 [squirrelmail remote file inclusion]
+ - squirrelmail <unfixed> (unimportant)
+ NOTE: Only exploitable with register_globals enabled
CVE-2006-XXXX [XSS vulnerability in dokuwikis's "Fullname" and "E-Mail" fields]
- dokuwiki <unfixed> (medium)
CVE-2006-XXXX [PHP injection vulnerability in dokuwiki via curly braces]
@@ -177,7 +180,8 @@
CVE-2006-2755 (Cross-site scripting (XSS) vulnerability in index.php in UBBThreads ...)
TODO: check
CVE-2006-2754 (Stack-based buffer overflow in st.c in slurpd for OpenLDAP before ...)
- TODO: check
+ - openldap2.3 <unfixed> (unimportant)
+ NOTE: File is only written and read by slurpd, only editable by root
CVE-2006-2752 (The RedCarpet /etc/ximian/rcd.conf configuration file in Novell Linux ...)
TODO: check
CVE-2006-2751 (Cross-site scripting (XSS) vulnerability in Open Searchable Image ...)
@@ -409,7 +413,7 @@
CVE-2006-2659 (libs/comverp.c in Courier MTA before 0.53.2 allows attackers to cause ...)
- courier 0.53.2-1 (bug #368834)
CVE-2006-2656 (Stack-based buffer overflow in the tiffsplit command in libtiff 3.8.2 ...)
- - tiff 3.8.2-3 (bug #369819; medium)
+ - tiff 3.8.2-3 (bug #369819; low)
CVE-2006-2643 (Cross-site scripting (XSS) vulnerability in index.php in Monster Top ...)
NOT-FOR-US: Monster Top List
CVE-2006-2642 (** UNVERIFIABLE ** ...)
@@ -587,8 +591,9 @@
CVE-2006-2564 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
NOT-FOR-US: Alstrasoft Article Manager Pro
CVE-2006-2563 (The cURL library (libcurl) in PHP 4.4.2 and 5.1.4 allows attackers to ...)
- - php4-curl <unfixed> (bug #370166; medium)
- - php5-curl <unfixed> (bug #370165; medium)
+ - php4 <unfixed> (bug #370166; low)
+ [sarge] - php4 <no-dsa> (Safe mode violations not supported)
+ - php5 <unfixed> (bug #370165; low)
CVE-2006-2562 (ZyXEL P-335WT router allows remote attackers to bypass access ...)
NOT-FOR-US: ZyXEL P-335WT router
CVE-2006-2561 (Edimax BR-6104K router allows remote attackers to bypass access ...)
@@ -20493,10 +20498,9 @@
[sarge] - kernel-source-2.6.8 2.6.8-14
TODO: 2.4.27 seems to be unaffected, check back with kernel patch tracker
TODO: check, when this was fixed in 2.6
-CVE-2005-0528 [mremap kernel issue]
+CVE-2005-0528
REJECTED
- {DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
- TODO: Fixed for Woody, check 2.4 and 2.6
+ NOTE: This was a dupe of the mremap kernel issue CVE-2003-0985
CVE-2005-0527 (Firefox 1.0 allows remote attackers to execute arbitrary code via ...)
- mozilla-firefox 1.0.1
NOTE: didn't other with YA mozilla-browser bug, it has enough for 1.7.6 already..
Modified: data/DSA/list
===================================================================
--- data/DSA/list 2006-06-06 21:47:01 UTC (rev 4158)
+++ data/DSA/list 2006-06-06 22:10:05 UTC (rev 4159)
@@ -25,7 +25,7 @@
[woody] - motor 2:3.2.2-2woody1
[sarge] - motor 2:3.4.0-2sarge1
[29 May 2006] DSA-1082-1 kernel-source-2.4.17 - several vulnerabilities
- {CVE-2003-0984 CVE-2004-0138 CVE-2004-0394 CVE-2004-0427 CVE-2004-0447 CVE-2004-0554 CVE-2004-0565 CVE-2004-0685 CVE-2004-0883 CVE-2004-0949 CVE-2004-0997 CVE-2004-1016 CVE-2004-1017 CVE-2004-1068 CVE-2004-1070 CVE-2004-1071 CVE-2004-1072 CVE-2004-1073 CVE-2004-1074 CVE-2004-1234 CVE-2004-1235 CVE-2004-1333 CVE-2004-1335 CVE-2005-0001 CVE-2005-0003 CVE-2005-0124 CVE-2005-0135 CVE-2005-0384 CVE-2005-0489 CVE-2005-0504 CVE-2005-0528}
+ {CVE-2003-0984 CVE-2004-0138 CVE-2004-0394 CVE-2004-0427 CVE-2004-0447 CVE-2004-0554 CVE-2004-0565 CVE-2004-0685 CVE-2004-0883 CVE-2004-0949 CVE-2004-0997 CVE-2004-1016 CVE-2004-1017 CVE-2004-1068 CVE-2004-1070 CVE-2004-1071 CVE-2004-1072 CVE-2004-1073 CVE-2004-1074 CVE-2004-1234 CVE-2004-1235 CVE-2004-1333 CVE-2004-1335 CVE-2005-0001 CVE-2005-0003 CVE-2005-0124 CVE-2005-0135 CVE-2005-0384 CVE-2005-0489 CVE-2005-0504}
[woody] - kernel-source-2.4.17 2.4.17-1woody4
[29 May 2006] DSA-1081-1 libextractor - buffer overflow
{CVE-2006-2458}
@@ -61,19 +61,19 @@
{CVE-2006-0903 CVE-2006-1516 CVE-2006-1517 CVE-2006-1518}
[woody] - mysql 3.23.49-8.15
[21 May 2006] DSA-1070-1 kernel-source-2.4.19 - several vulnerabilities
- {CVE-2003-0984 CVE-2004-0138 CVE-2004-0394 CVE-2004-0427 CVE-2004-0447 CVE-2004-0554 CVE-2004-0565 CVE-2004-0685 CVE-2004-0883 CVE-2004-0949 CVE-2004-0997 CVE-2004-1016 CVE-2004-1017 CVE-2004-1068 CVE-2004-1070 CVE-2004-1071 CVE-2004-1072 CVE-2004-1073 CVE-2004-1074 CVE-2004-1234 CVE-2004-1235 CVE-2004-1333 CVE-2004-1335 CVE-2005-0001 CVE-2005-0003 CVE-2005-0124 CVE-2005-0135 CVE-2005-0384 CVE-2005-0489 CVE-2005-0504 CVE-2005-0528}
+ {CVE-2003-0984 CVE-2004-0138 CVE-2004-0394 CVE-2004-0427 CVE-2004-0447 CVE-2004-0554 CVE-2004-0565 CVE-2004-0685 CVE-2004-0883 CVE-2004-0949 CVE-2004-0997 CVE-2004-1016 CVE-2004-1017 CVE-2004-1068 CVE-2004-1070 CVE-2004-1071 CVE-2004-1072 CVE-2004-1073 CVE-2004-1074 CVE-2004-1234 CVE-2004-1235 CVE-2004-1333 CVE-2004-1335 CVE-2005-0001 CVE-2005-0003 CVE-2005-0124 CVE-2005-0135 CVE-2005-0384 CVE-2005-0489 CVE-2005-0504}
[woody] - kernel-image-sparc-2.4 26woody1
[woody] - kernel-patch-2.4.19-mips 2.4.19-0.020911.1.woody5
[woody] - kernel-source-2.4.19 2.4.19-4.woody3
[20 May 2006] DSA-1069-1 kernel-source-2.4.18 - several
- {CVE-2004-0427 CVE-2005-0489 CVE-2004-0394 CVE-2004-0447 CVE-2004-0554 CVE-2004-0565 CVE-2004-0685 CVE-2005-0001 CVE-2004-0883 CVE-2004-0949 CVE-2004-1016 CVE-2004-1333 CVE-2004-0997 CVE-2004-1335 CVE-2004-1017 CVE-2005-0124 CVE-2005-0528 CVE-2003-0984 CVE-2004-1070 CVE-2004-1071 CVE-2004-1072 CVE-2004-1073 CVE-2004-1074 CVE-2004-0138 CVE-2004-1068 CVE-2004-1234 CVE-2005-0003 CVE-2004-1235 CVE-2005-0504 CVE-2005-0384 CVE-2005-0135}
+ {CVE-2004-0427 CVE-2005-0489 CVE-2004-0394 CVE-2004-0447 CVE-2004-0554 CVE-2004-0565 CVE-2004-0685 CVE-2005-0001 CVE-2004-0883 CVE-2004-0949 CVE-2004-1016 CVE-2004-1333 CVE-2004-0997 CVE-2004-1335 CVE-2004-1017 CVE-2005-0124 CVE-2003-0984 CVE-2004-1070 CVE-2004-1071 CVE-2004-1072 CVE-2004-1073 CVE-2004-1074 CVE-2004-0138 CVE-2004-1068 CVE-2004-1234 CVE-2005-0003 CVE-2004-1235 CVE-2005-0504 CVE-2005-0384}
[woody] - kernel-source-2.4.18 2.4.18-14.4
[20 May 2006] DSA-1068-1 fbi - insecure temporary file
{CVE-2006-1695}
[woody] - fbi 1.23woody1
[sarge] - fbi 2.01-1.2sarge1
[20 May 2006] DSA-1067-1 kernel-source-2.4.16 - several
- {CVE-2004-0427 CVE-2005-0489 CVE-2004-0394 CVE-2004-0447 CVE-2004-0554 CVE-2004-0565 CVE-2004-0685 CVE-2005-0001 CVE-2004-0883 CVE-2004-0949 CVE-2004-1016 CVE-2004-1333 CVE-2004-0997 CVE-2004-1335 CVE-2004-1017 CVE-2005-0124 CVE-2005-0528 CVE-2003-0984 CVE-2004-1070 CVE-2004-1071 CVE-2004-1072 CVE-2004-1073 CVE-2004-1074 CVE-2004-0138 CVE-2004-1068 CVE-2004-1234 CVE-2005-0003 CVE-2004-1235 CVE-2005-0504 CVE-2005-0384 CVE-2005-0135}
+ {CVE-2004-0427 CVE-2005-0489 CVE-2004-0394 CVE-2004-0447 CVE-2004-0554 CVE-2004-0565 CVE-2004-0685 CVE-2005-0001 CVE-2004-0883 CVE-2004-0949 CVE-2004-1016 CVE-2004-1333 CVE-2004-0997 CVE-2004-1335 CVE-2004-1017 CVE-2005-0124 CVE-2003-0984 CVE-2004-1070 CVE-2004-1071 CVE-2004-1072 CVE-2004-1073 CVE-2004-1074 CVE-2004-0138 CVE-2004-1068 CVE-2004-1234 CVE-2005-0003 CVE-2004-1235 CVE-2005-0504 CVE-2005-0384 CVE-2005-0135}
[woody] - kernel-source-2.4.16 2.4.16-1woody2
[19 May 2006] DSA-1066-1 phpbb2 - missing input sanitising
{CVE-2006-1896}
More information about the Secure-testing-commits
mailing list