[Secure-testing-commits] r3672 - in data: CVE DSA

Moritz Muehlenhoff jmm-guest at costa.debian.org
Thu Mar 23 14:10:39 UTC 2006 

Author: jmm-guest
Date: 2006-03-23 14:10:32 +0000 (Thu, 23 Mar 2006)
New Revision: 3672

Modified:
   data/CVE/list
   data/DSA/list
Log:
evolution DSA
further no-dsa and cleanups of older issues


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-03-23 13:59:03 UTC (rev 3671)
+++ data/CVE/list	2006-03-23 14:10:32 UTC (rev 3672)
@@ -4782,8 +4782,8 @@
 CVE-2005-3913 (Unspecified vulnerability in the domain alias management in Virtual ...)
 	NOT-FOR-US: Virtual Hosting Control System 
 CVE-2005-3912 (Format string vulnerability in miniserv.pl Perl web server in Webmin ...)
-	- perl 5.8.7-9 (bug #341542; medium)
-	NOTE: No longer exploitable with fixed Perl, thus no dedicated Webmin updated
+	- webmin <not-affected> (Fixed through corrected Perl)
+	NOTE: No longer exploitable with Perl 5.8.7-9, thus no dedicated Webmin updated
 CVE-2005-3911 (Multiple SQL injection vulnerabilities in calendar.php in BosDates 4.0 ...)
 	NOT-FOR-US: BosDates
 CVE-2005-3910 (merchants/index.php in Post Affiliate Pro 2.0.4 and earlier, with ...)
@@ -6567,6 +6567,7 @@
 	NOTE: fixed in libxaw7
 	- xorg-x11 <unfixed> (bug #172890; low)
 	- xfree86 <removed>
+	[sarge] - xfree86 <no-dsa>
 CVE-2005-3339 (Mantis before 0.19.3 caches the User ID longer than necessary, which ...)
 	{DSA-905-1}
 	- mantis 0.19.3-0.1 (bug #330682; unknown)
@@ -7327,6 +7328,7 @@
 	[woody] - coreutils <no-dsa> (Minor issue, hardly exploitable)
 CVE-2005-XXXX [tar's rmt command may have undesired side effects]
 	- tar <unfixed> (bug #290435; low)
+	[sarge] - tar <no-dsa> (Hardly exploitable)
 CVE-2005-XXXX [clamav's VERSION command does not return the currently loaded version]
 	NOTE: no exploit vector, just bad info
 	- clamav <unfixed> (bug #323803; unimportant)
@@ -9465,6 +9467,7 @@
 	- wine 0.0.20050830-1 (bug #321470; low)
 CVE-2005-XXXX [DoS to users to prevent usage of showpartial through _hard_ links]
 	- metamail 2.7-48 (bug #321473; low)
+	[sarge] - metamail <no-dsa> (Hardly exploitable, minor Dos)
 CVE-2005-XXXX [Insecure usage of temporary files in x11perfcomp and other security issues]
 	- xfree86 <unfixed> (bug #321447; low)
 	[woody] - xfree86 <no-dsa> (Hardly exploitable)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2006-03-23 13:59:03 UTC (rev 3671)
+++ data/DSA/list	2006-03-23 14:10:32 UTC (rev 3672)
@@ -1,3 +1,7 @@
+[23 Mar 2006] DSA-1016-1 evolution - format string vulnerabilities
+	{CVE-2005-2549 CVE-2005-2550}
+	[woody] - evolution 1.0.5-1woody3
+	[woody] - evolution 2.0.4-2sarge1
 [23 Mar 2006] DSA-1015-1 sendmail - programming error
 	{CVE-2006-0058}
 	[woody] - sendmail 8.12.3-7.2

More information about the Secure-testing-commits mailing list