[Secure-testing-commits] r3556 - data/CVE
Moritz Muehlenhoff
jmm-guest at costa.debian.org
Sun Mar 5 12:06:04 UTC 2006
Author: jmm-guest
Date: 2006-03-05 12:05:57 +0000 (Sun, 05 Mar 2006)
New Revision: 3556
Modified:
data/CVE/list
Log:
bugnums
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-03-04 22:33:24 UTC (rev 3555)
+++ data/CVE/list 2006-03-05 12:05:57 UTC (rev 3556)
@@ -1159,7 +1159,7 @@
RESERVED
CVE-2006-0455 (gpgv in GnuPG 1.4.x before 1.4.2.1, when using unattended signature ...)
{DSA-978-1}
- - gnupg <unfixed> (bug #353017; bug #353019; medium)
+ - gnupg <unfixed> (bug #353017; bug #353019; bug #354620; medium)
[woody] - gnupg 1.0.6-4woody4
[sarge] - gnupg 1.4.1-1sarge1
NOTE: http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000211.html indicates that
@@ -1738,11 +1738,11 @@
NOT-FOR-US: TankLogger
CVE-2006-0208 (Multiple cross-site scripting (XSS) vulnerabilities in PHP 5.1.1, when ...)
- php5 5.1.2-1
- - php4 4:4.4.2-1
+ - php4 4:4.4.2-1 (bug #354682)
NOTE: html_errors shouldn't be used, probably no-dsa
CVE-2006-0207 (Multiple HTTP response splitting vulnerabilities in PHP 5.1.1 allow ...)
- php5 5.1.2-1
- - php4 4:4.4.2-1
+ - php4 4:4.4.2-1 (bug #354683)
NOTE: According to Hardened PHP advisory PHP4 isn't affected, but upstream changelog
NOTE: is a bit ambigious, if might be affected after all
TODO: Ping maintainers, Hardened PHP or upstream
@@ -5520,22 +5520,22 @@
{DSA-885-1}
- openvpn 2.0.5-1 (bug #336751; medium)
CVE-2005-3392 (Unspecified vulnerability in PHP before 4.4.1, when using the virtual ...)
- - php4 4:4.4.2-1 (bug #336645; low)
+ - php4 4:4.4.2-1 (bug #336645; bug #354681; low)
- php5 5.1.1-1 (bug #336654; low)
NOTE: According to CVE, this is a safe mode violation,
NOTE: therefore low impact. (According to SuSE, it's an
NOTE: information leak.)
CVE-2005-3391 (Multiple vulnerabilities in PHP before 4.4.1 allow remote attackers to ...)
- - php4 4:4.4.2-1 (bug #336645; low)
+ - php4 4:4.4.2-1 (bug #336645; bug #354678; low)
- php5 5.1.1-1 (bug #336654; low)
NOTE: This is a safe mode violation, therefore low impact.
CVE-2005-3390 (The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to ...)
- - php4 4:4.4.2-1 (bug #336645; low)
+ - php4 4:4.4.2-1 (bug #336645; bug #354680; low)
- php5 5.1.1-1 (bug #336654; high)
NOTE: http://www.hardened-php.net/advisory_202005.79.html
NOTE: http://www.hardened-php.net/globals-problem
CVE-2005-3389 (The parse_str function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, ...)
- - php4 4:4.4.2-1 (bug #336645; low)
+ - php4 4:4.4.2-1 (bug #336645; bug #354690; low)
- php5 5.1.1-1 (bug #336654; low)
NOTE: http://www.hardened-php.net/advisory_192005.78.html
CVE-2005-3388 (Cross-site scripting (XSS) vulnerability in the phpinfo function in ...)
@@ -5736,7 +5736,7 @@
CVE-2005-3320 (Cross-site scripting (XSS) vulnerability in SiteTurn Domain Manager ...)
NOT-FOR-US: SiteTurn Domain Manager
CVE-2005-3319 (The apache2handler SAPI (sapi_apache2.c) in the Apache module ...)
- - php4 4:4.4.2-1 (bug #336004; low)
+ - php4 4:4.4.2-1 (bug #336004; bug #354684; low)
- php5 5.1.1-1 (bug #336005; low)
CVE-2005-3318 (Buffer overflow in the _chm_decompress_block function in CHM lib ...)
{DSA-886-1}
@@ -6653,7 +6653,7 @@
- kernel-source-2.4.27 <not-affected>
[sarge] - kernel-source-2.6.8 <unfixed> (bug #332596)
CVE-2005-3054 (fopen_wrappers.c in PHP 4.4.0, and possibly other versions, does not ...)
- - php4 4:4.4.0-3 (bug #353585; medium)
+ - php4 4:4.4.0-3 (bug #353585; bug #354685; medium)
- php5 5.0.5-2 (bug #353585; medium)
CVE-2005-3053 (The sys_set_mempolicy function in mempolicy.c in Linux kernel 2.6.x ...)
- linux-2.6 2.6.12-3 (bug #330343; bug #330353; medium)
@@ -17764,7 +17764,7 @@
- less <not-affected> (Red Hat specific less bug)
CVE-2005-0085 (Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before ...)
{DSA-680-1}
- - htdig 1:3.1.6-11
+ - htdig 1:3.1.6-11 (bug #305996)
CVE-2005-0084 (Buffer overflow in the X11 dissector in Ethereal 0.8.10 through 0.10.8 ...)
{DSA-653-1}
- ethereal 0.10.9-1
More information about the Secure-testing-commits
mailing list