[Secure-testing-commits] r3567 - in data: CVE DSA

Moritz Muehlenhoff jmm-guest at costa.debian.org
Wed Mar 8 16:36:09 UTC 2006 

Author: jmm-guest
Date: 2006-03-08 16:36:03 +0000 (Wed, 08 Mar 2006)
New Revision: 3567

Modified:
   data/CVE/list
   data/DSA/list
Log:
squirrelmail DSA


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-03-08 09:46:42 UTC (rev 3566)
+++ data/CVE/list	2006-03-08 16:36:03 UTC (rev 3567)
@@ -1582,7 +1582,7 @@
 CVE-2006-0378 (Cross-site scripting (XSS) vulnerability in Netrix X-Site Manager ...)
 	NOT-FOR-US: Netrix X-Site Manager 
 CVE-2006-0377 (CRLF injection vulnerability in SquirrelMail 1.4.0 to 1.4.5 allows ...)
-	- squirrelmail <unfixed> (bug #354063)
+	- squirrelmail 2:1.4.6-1 (bug #354063)
 CVE-2006-0376 (The 802.11 wireless client in certain operating systems including ...)
 	NOT-FOR-US: Windows
 CVE-2006-0375 (Advantage Century Telecommunication (ACT) P202S IP Phone 1.01.21 ...)
@@ -2008,7 +2008,7 @@
 CVE-2006-0196 (Unspecified vulnerability in Serial line sniffer (aka slsnif) 0.4.4 ...)
 	NOT-FOR-US: slsnif
 CVE-2006-0195 (Interpretation conflict in the MagicHTML filter in SquirrelMail 1.4.0 ...)
-	- squirrelmail <unfixed> (bug #354062)
+	- squirrelmail 2:1.4.6-1 (bug #354062)
 CVE-2006-0194 (Cross-site scripting (XSS) vulnerability in default.asp in FogBugz ...)
 	NOT-FOR-US: FogBugz
 CVE-2006-0193 (Cross-site scripting (XSS) vulnerability in the Hosting Control Panel ...)
@@ -2022,7 +2022,7 @@
 CVE-2006-0189 (Buffer overflow in eStara Softphone 3.0.1.14 through 3.0.1.46 allows ...)
 	NOT-FOR-US: eStara Softphone
 CVE-2006-0188 (webmail.php in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to ...)
-	- squirrelmail <unfixed> (bug #354064)
+	- squirrelmail 2:1.4.6-1 (bug #354064)
 CVE-2005-4664 (SQL injection vulnerability in OcoMon 1.21, and possibly other ...)
 	NOT-FOR-US: OcoMon
 CVE-2005-4663 (Cross-site scripting (XSS) vulnerability in OcoMon 1.20, and possibly ...)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2006-03-08 09:46:42 UTC (rev 3566)
+++ data/DSA/list	2006-03-08 16:36:03 UTC (rev 3567)
@@ -1,3 +1,8 @@
+[08 Mar 2006] DSA-988-1 squirrelmail - several
+	{CVE-2006-0377 CVE-2006-0195 CVE-2006-0188}
+	[woody] - squirrelmail 1.2.6-5
+	[sarge] - squirrelmail 2:1.4.4-8
+	NOTE: not fixed in testing at the time of DSA (unfixed in sid)
 [07 Mar 2006] DSA-987-1 tar - buffer overflow
 	{CVE-2006-0300}
 	[sarge] - tar 1.14-2.1

More information about the Secure-testing-commits mailing list