[Secure-testing-commits] r3715 - in data: CVE DSA

[Moritz Muehlenhoff]

Author: jmm-guest
Date: 2006-03-30 09:28:36 +0000 (Thu, 30 Mar 2006)
New Revision: 3715

Modified:
   data/CVE/list
   data/DSA/list
Log:
older clamav DSA was lacking a CVE ID
mediawiki CVEfied
dpkg/zlib unimportant


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-03-30 07:48:44 UTC (rev 3714)
+++ data/CVE/list	2006-03-30 09:28:36 UTC (rev 3715)
@@ -1,4 +1,4 @@
-CVE-2006-XXXX [Unspecified mediawiki issue]
+CVE-2006-1498 [Unspecified mediawiki issue]
 	- mediawiki 1.4.15-1
 CVE-2006-1491 [horde3 eval injection()]
 	- horde3 <unfixed>
@@ -11347,8 +11347,8 @@
 	NOTE: exploitability using this hole.
 	NOTE: oldstable (woody) had zlib 1.1, which is not affected
 	[woody] - dpkg <not-affected> (Woody contains zlib 1.1, which is not affected)
-	- dpkg 1.13.11 (bug #317967; medium)
-	NOTE: Sarge is affected
+	- dpkg 1.13.11 (bug #317967; unimportant)
+	NOTE: You need to trust debs anyway, when installing them
 	- zsync 0.4.0-2 (bug #317968; medium)
 	[woody] - dump <not-affected> (Woody contains zlib 1.1, which is not affected)
 	[sarge] - dump <no-dsa> (Backups do not contain untrusted data)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2006-03-30 07:48:44 UTC (rev 3714)
+++ data/DSA/list	2006-03-30 09:28:36 UTC (rev 3715)
@@ -319,7 +319,7 @@
 	[sarge] - kdelibs 3.3.2-6.4
 	NOTE: not fixed in testing at time of DSA (unfixed in sid)
 [20 Jan 2006] DSA-947-1 clamav - heap overflow
-        {CVE-2006-0162}
+        {CVE-2006-0162 CVE-2005-3587}
 	[sarge] - clamav 0.84-2.sarge.7
 	NOTE: fixed in testing at time of DSA
 [20 Jan 2006] DSA-946-1 sudo - missing input sanitising