[Secure-testing-commits] r3696 - in data: CVE DSA

Mon Mar 27 07:29:40 UTC 2006

Author: jmm-guest
Date: 2006-03-27 07:29:32 +0000 (Mon, 27 Mar 2006)
New Revision: 3696

Modified:
   data/CVE/list
   data/DSA/list
Log:
add missing CVE ID to netpbm DSA
correct CVE ID from trac DSA
remove temp phpldapadmin entry, already CVEfied
record minor leafnode issue fixed through s-p-u
no-dsa for a minor old mutt issue
remove old pwgen entry, not worth keeping


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2006-03-26 20:19:22 UTC (rev 3695)
+++ data/CVE/list	2006-03-27 07:29:32 UTC (rev 3696)
@@ -8604,14 +8604,12 @@
 	- maildrop 1.5.3-2 (bug #325135; medium)
 CVE-2005-2654 (phpldapadmin before 0.9.6c allows remote attackers to gain anonymous ...)
 	{DSA-790-1}
-	- phpldapadmin 0.9.6c-5 (medium)
+	- phpldapadmin 0.9.6c-5 (bug #322423; medium)
 	- egroupware <not-affected> (copy included is older and not vulnerable; bug #339583)
 CVE-2005-XXXX [cplay - still unsafe temporary file handling vulnerable to symlink attacks]
 	- cplay 1.49-8 (bug #324913; low)
 	[woody] - cplay <not-affected> (CPLAY_TMP doesn't exist in this version)
 	NOTE: Sarge is affected
-CVE-2005-XXXX [$servers[$i]['disable_anon_bind'] = true doesn't prevent anonymous to access ldap directory]
-	- phpldapadmin 0.9.6c-5 (bug #322423; low)
 CVE-2005-2672 (pwmconfig in LM_sensors before 2.9.1 creates temporary files ...)
 	{DSA-814-1 DTSA-17-1}
 	- lm-sensors 1:2.9.1-7 (bug #324193; medium)
@@ -12324,7 +12322,7 @@
 	REJECTED
 CVE-2005-1911 (The fetchnews NNTP client in leafnode 1.11.2 and earlier can hang ...)
 	- leafnode 1.11.3.rel-1 (bug #338886; low)
-	[sarge] - leafnode <no-dsa> (Very minor issue, not worth a fix)
+	[sarge] - leafnode 1.11.2.rel-1.0sarge0
 CVE-2005-1910 (SQL injection vulnerability in login.asp for WWWeb Concepts Events ...)
 	NOT-FOR-US: WWWeb Concepts Events System
 CVE-2005-1909 (The web server control panel in 602LAN SUITE 2004 allows remote ...)
@@ -12796,6 +12794,7 @@
 CVE-2005-2351 [Minor DoS condition in mutt due to preditable tempfiles]
 	RESERVED
 	- mutt <unfixed> (bug #311296; low)
+	[sarge] <no-dsa> (Minor annoyance, not a real DoS)
 CVE-2005-XXXX [gforge arbitrary code execution through viewFile.php]
 	NOTE: viewFile.php has been removed along with other files in -26, so Debian is
 	NOTE: no longer affected.
@@ -14246,8 +14245,6 @@
 	NOTE: stored in user's home directories instead.
 	TODO: check possibility of exploitation via scripting language,
 	TODO: as mentioned in the bug report as a separate issue
-CVE-2005-XXXX [Less secure default setting in pwgen or the lack documentation about it]
-	- pwgen 2.04-1
 CVE-2005-XXXX [Insecure handling of gpg passphrases in gabber]
 	- gabber <unfixed> (bug #177776; low)
 CVE-2005-1470 (Multiple unknown vulnerabilities in the (1) TZSP, (2) MGCP, (3) ISUP, ...)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2006-03-26 20:19:22 UTC (rev 3695)
+++ data/DSA/list	2006-03-27 07:29:32 UTC (rev 3696)
@@ -531,7 +531,7 @@
 	[sarge] - mantis 0.19.2-4.1
 	NOTE: fixed in testing at time of DSA
 [21 Nov 2005] DSA-904-1 netpbm-free - buffer overflows
-	{CVE-2005-3632}
+	{CVE-2005-3632 CVE-2005-3662}
 	[woody] - netpbm-free 2:9.20-8.5
 	[sarge] - netpbm-free 2:10.0-8sarge2
 	NOTE: not fixed in testing at time of DSA (unfixed in sid)
@@ -1298,7 +1298,7 @@
 	NOTE: anything statically linking zlib needs rebuild
 	NOTE: not fixed in testing at time of DSA (embargoed disclosure)
 [06 Jul 2005] DSA-739-1 trac - missing input sanitising
-	{CVE-2005-2007}
+	{CVE-2005-2147}
 	[sarge] - trac 0.8.1-3sarge2 (medium)
 	NOTE: fixed in testing at time of DSA
 [19 May 2005] DSA-725-2 ppxp - missing privilege release


