[Secure-testing-commits] r3931 - data/CVE

Joey Hess joeyh at costa.debian.org
Tue May 9 21:14:28 UTC 2006 

Author: joeyh
Date: 2006-05-09 21:14:24 +0000 (Tue, 09 May 2006)
New Revision: 3931

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-05-09 19:46:45 UTC (rev 3930)
+++ data/CVE/list	2006-05-09 21:14:24 UTC (rev 3931)
@@ -287,6 +287,7 @@
 CVE-2005-4794 (Cisco IP Phones 7902/7905/7912, ATA 186/188, Unity Express, ACNS, and ...)
 	NOT-FOR-US: Cisco
 CVE-2006-2148 (Multiple buffer overflows in client.c in CGI:IRC (CGIIRC) before 0.5.8 ...)
+	{DSA-1052-1}
 	- cgiirc <unfixed> (bug #365680; medium)
 	[sarge] - cgiirc <unfixed> (bug #365680; medium)
 CVE-2006-2133 (SQL injection vulnerability in index.php in BoonEx Barracuda 1.1 and ...)
@@ -513,10 +514,13 @@
 CVE-2006-2027 (Buffer overflow in Unicode processing in the logging functionality in ...)
 	TODO: check
 CVE-2006-2026 (Double-free vulnerability in tif_jpeg.c in libtiff before 3.8.1 allows ...)
+	{DSA-1054-1}
 	TODO: check
 CVE-2006-2025 (Integer overflow in the TIFFFetchData function in tif_dirread.c for ...)
+	{DSA-1054-1}
 	TODO: check
 CVE-2006-2024 (Multiple vulnerabilities in libtiff before 3.8.1 allow ...)
+	{DSA-1054-1}
 	TODO: check
 CVE-2006-2023 (Integer overflow in the RTSP_msg_len function in rtsp/RTSP_msg_len.c ...)
 	TODO: check
@@ -601,6 +605,7 @@
 	- php4 <unfixed> (bug #365311; medium)
 	- php5 <unfixed> (bug #365312; medium)
 CVE-2006-1989 (Buffer overflow in the get_database function in the HTTP client in ...)
+	{DSA-1050-1}
 	- clamav 0.88.2-1
 CVE-2006-1988 (The WebTextRenderer(WebInternal) _CG_drawRun:style:geometry: function ...)
 	NOT-FOR-US: Apple Safari
@@ -630,6 +635,7 @@
 CVE-2006-1977 (Cross-site scripting (XSS) vulnerability in FlexBB 0.5.7 BETA and ...)
 	NOT-FOR-US: FlexBB
 CVE-2006-1993 (Mozilla Firefox 1.5.0.2, when designMode is enabled, allows remote ...)
+	{DSA-1053-1}
 	- firefox 1.5.dfsg+1.5.0.3-1
 	[sarge] - mozilla-firefox <not-affected>
 	- mozilla <unfixed>
@@ -715,22 +721,31 @@
 CVE-2006-1941 (Neon Responder 5.4 for LANsurveyor allows remote attackers to cause a ...)
 	NOT-FOR-US: Neon Responder
 CVE-2006-1940 (Unspecified vulnerability in Ethereal 0.10.4 up to 0.10.14 allows ...)
+	{DSA-1049-1}
 	- ethereal 0.99.0-1 (bug #364758; medium)
 CVE-2006-1939 (Multiple unspecified vulnerabilities in Ethereal 0.9.x up to 0.10.14 ...)
+	{DSA-1049-1}
 	- ethereal 0.99.0-1 (bug #364758; medium)
 CVE-2006-1938 (Multiple unspecified vulnerabilities in Ethereal 0.8.x up to 0.10.14 ...)
+	{DSA-1049-1}
 	- ethereal 0.99.0-1 (bug #364758; medium)
 CVE-2006-1937 (Multiple unspecified vulnerabilities in Ethereal 0.10.x up to 0.10.14 ...)
+	{DSA-1049-1}
 	- ethereal 0.99.0-1 (bug #364758; medium)
 CVE-2006-1936 (Buffer overflow in Ethereal 0.8.5 up to 0.10.14 allows remote ...)
+	{DSA-1049-1}
 	- ethereal 0.99.0-1 (bug #364758; medium)
 CVE-2006-1935 (Buffer overflow in Ethereal 0.9.15 up to 0.10.14 allows remote ...)
+	{DSA-1049-1}
 	- ethereal 0.99.0-1 (bug #364758; medium)
 CVE-2006-1934 (Multiple buffer overflows in Ethereal 0.10.x up to 0.10.14 allow ...)
+	{DSA-1049-1}
 	- ethereal 0.99.0-1 (bug #364758; medium)
 CVE-2006-1933 (Multiple unspecified vulnerabilities in Ethereal 0.10.x up to 0.10.14 ...)
+	{DSA-1049-1}
 	- ethereal 0.99.0-1 (bug #364758; medium)
 CVE-2006-1932 (Off-by-one error in the OID printing routine in Ethereal 0.10.x up to ...)
+	{DSA-1049-1}
 	- ethereal 0.99.0-1 (bug #364758; medium)
 CVE-2006-1931 (The HTTP/XMLRPC server in Ruby before 1.8.2 uses blocking sockets, ...)
 	NOTE: the redhat bugzilla entry says this is fixed in 1.8.3
@@ -1034,7 +1049,7 @@
 CVE-2006-1791 (Directory traversal vulnerability in acc.php in QuickBlogger 1.4 ...)
 	NOT-FOR-US: QuickBlogger
 CVE-2006-1790 (A regression fix in Mozilla Firefox 1.0.7 allows remote attackers to ...)
-	{DSA-1046-1}
+	{DSA-1051-1 DSA-1046-1}
 	- firefox 1.5
 	- mozilla-firefox <not-affected> (problematic fix not backported into 1.0.4-2sarge5)
 CVE-2005-4785 (Cross-site scripting (XSS) vulnerability in QuickBlogger 1.4 and ...)
@@ -1137,7 +1152,7 @@
 CVE-2006-1743 (Multiple SQL injection vulnerabilities in form.php in JBook 1.4 allow ...)
 	NOT-FOR-US: JBook
 CVE-2006-1742 (The JavaScript engine in Mozilla Firefox and Thunderbird 1.x before ...)
-	{DSA-1046-1 DSA-1044-1}
+	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
 	- firefox <unfixed> (medium)
 	- mozilla-firefox <unfixed> (medium)
 	- mozilla <unfixed> (medium)
@@ -1146,82 +1161,82 @@
 	NOTE: The Mozilla Foundation labels this as "critical", but it's not
 	NOTE: clear if this bug is exploitable.
 CVE-2006-1741 (Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite ...)
-	{DSA-1046-1 DSA-1044-1}
+	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
 	- firefox <unfixed> (medium)
 	- mozilla-firefox <unfixed> (medium)
 	- mozilla <unfixed> (medium)
 	- thunderbird 1.5.0.2-1 (low)
 	- mozilla-thunderbird <unfixed> (low)
 CVE-2006-1740 (Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite ...)
-	{DSA-1046-1 DSA-1044-1}
+	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
 	- firefox <unfixed> (low)
 	- mozilla-firefox <unfixed> (low)
 	- mozilla <unfixed> (low)
 	- thunderbird 1.5.0.2-1 (low)
 	- mozilla-thunderbird <unfixed> (low)
 CVE-2006-1739 (The CSS border-rendering code in Mozilla Firefox and Thunderbird 1.x ...)
-	{DSA-1046-1 DSA-1044-1}
+	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
 	- firefox <unfixed> (medium)
 	- mozilla-firefox <unfixed> (medium)
 	- mozilla <unfixed> (medium)
 	- thunderbird 1.5.0.2-1 (low)
 	- mozilla-thunderbird <unfixed> (low)
 CVE-2006-1738 (Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x ...)
-	{DSA-1046-1 DSA-1044-1}
+	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
 	- firefox <unfixed> (medium)
 	- mozilla-firefox <unfixed> (medium)
 	- mozilla <unfixed> (medium)
 	- thunderbird 1.5.0.2-1 (low)
 	- mozilla-thunderbird <unfixed> (low)
 CVE-2006-1737 (Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5 and ...)
-	{DSA-1046-1 DSA-1044-1}
+	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
 	- firefox <unfixed> (medium)
 	- mozilla-firefox <unfixed> (medium)
 	- mozilla <unfixed> (medium)
 	- thunderbird 1.5.0.2-1 (low)
 	- mozilla-thunderbird <unfixed> (low)
 CVE-2006-1736 (Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite ...)
-	{DSA-1046-1 DSA-1044-1}
+	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
 	- firefox <unfixed> (low)
 	- mozilla-firefox <unfixed> (low)
 	- mozilla <unfixed> (low)
 CVE-2006-1735 (Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, ...)
-	{DSA-1046-1 DSA-1044-1}
+	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
 	- firefox <unfixed> (high)
 	- mozilla-firefox <unfixed> (high)
 	- mozilla <unfixed> (high)
 	- thunderbird 1.5.0.2-1 (medium)
 	- mozilla-thunderbird <unfixed> (medium)
 CVE-2006-1734 (Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, ...)
-	{DSA-1046-1 DSA-1044-1}
+	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
 	- firefox <unfixed> (high)
 	- mozilla-firefox <unfixed> (high)
 	- mozilla <unfixed> (high)
 	- thunderbird 1.5.0.2-1 (medium)
 	- mozilla-thunderbird <unfixed> (medium)
 CVE-2006-1733 (Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, ...)
-	{DSA-1046-1 DSA-1044-1}
+	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
 	- firefox <unfixed> (high)
 	- mozilla-firefox <unfixed> (high)
 	- mozilla <unfixed> (high)
 	- thunderbird 1.5.0.2-1 (medium)
 	- mozilla-thunderbird <unfixed> (medium)
 CVE-2006-1732 (Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x ...)
-	{DSA-1044-1}
+	{DSA-1051-1 DSA-1044-1}
 	- firefox <unfixed> (medium)
 	- mozilla-firefox <unfixed> (medium)
 	- mozilla <unfixed> (medium)
 	- thunderbird 1.5.0.2-1 (low)
 	- mozilla-thunderbird <unfixed> (low)
 CVE-2006-1731 (Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, ...)
-	{DSA-1046-1 DSA-1044-1}
+	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
 	- firefox <unfixed> (medium)
 	- mozilla-firefox <unfixed> (medium)
 	- mozilla <unfixed> (medium)
 	- thunderbird 1.5.0.2-1 (low)
 	- mozilla-thunderbird <unfixed> (low)
 CVE-2006-1730 (Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 ...)
-	{DSA-1046-1 DSA-1044-1}
+	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
 	- firefox 1.5.dfsg+1.5.0.2-1 (high)
 	- mozilla-firefox <unfixed> (high)
 	- mozilla <unfixed> (high)
@@ -1230,20 +1245,20 @@
 	NOTE: MFSA2006-22 says that it is not clear whether Thunderbird is
 	NOTE: exploitable in the default configuration.
 CVE-2006-1729 (Mozilla Firefox 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla ...)
-	{DSA-1046-1 DSA-1044-1}
+	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
 	- firefox 1.5.dfsg+1.5.0.2-1 (medium)
 	- mozilla-firefox <unfixed> (medium)
 	- mozilla <unfixed> (medium)
 	NOTE: Can likely be used to steal OpenSSH keys and the like.
 CVE-2006-1728 (Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x ...)
-	{DSA-1046-1 DSA-1044-1}
+	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
 	- firefox 1.5.dfsg+1.5.0.2-1 (high)
 	- mozilla-firefox <unfixed> (high)
 	- mozilla <unfixed> (high)
 	- thunderbird 1.5.0.2-1 (medium)
 	- mozilla-thunderbird <unfixed> (medium)
 CVE-2006-1727 (Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x ...)
-	{DSA-1046-1 DSA-1044-1}
+	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
 	- firefox 1.5.dfsg+1.5.0.2-1 (medium)
 	- mozilla-firefox <unfixed> (medium)
 	- mozilla <unfixed> (medium)
@@ -1259,7 +1274,7 @@
 	- firefox 1.5.dfsg+1.5.0.2-1 (low)
 	NOTE: New bug in Firefox 1.5.
 CVE-2006-1724 (Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, ...)
-	{DSA-1046-1 DSA-1044-1}
+	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
 	- firefox 1.5.dfsg+1.5.0.2-1 (medium)
 	- mozilla <unfixed> (medium)
 	- thunderbird 1.5.0.2-1 (low)
@@ -1268,7 +1283,7 @@
 	NOTE: Thunderbird is potentially affected as well, but not in the
 	NOTE: default configuration.
 CVE-2006-1723 (Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, ...)
-	{DSA-1046-1}
+	{DSA-1051-1 DSA-1046-1}
 	- firefox <unfixed> (medium)
 	- mozilla-firefox <unfixed> (medium)
 	- mozilla <unfixed> (medium)
@@ -2902,7 +2917,7 @@
 CVE-2006-1046 (server.cpp in Monopd 0.9.3 allows remote attackers to cause a denial ...)
 	- monopd <unfixed> (bug #355797)
 CVE-2006-1045 (The HTML rendering engine in Mozilla Thunderbird 1.5, when &quot;Block ...)
-	{DSA-1046-1}
+	{DSA-1051-1 DSA-1046-1}
 	- thunderbird 1.5.0.2-1
 	- firefox 1.5.dfsg+1.5.0.2-1
 CVE-2006-1044 (Multiple buffer overflows in LISTSERV 14.3 and 14.4, including ...)
@@ -3243,7 +3258,7 @@
 CVE-2006-0885 (Cross-site scripting (XSS) vulnerability in show_news.php in CuteNews ...)
 	NOT-FOR-US: CuteNews
 CVE-2006-0884 (The WYSIWYG rendering engine in Mozilla Thunderbird 1.0.7 and earlier ...)
-	{DSA-1046-1}
+	{DSA-1051-1 DSA-1046-1}
 	- mozilla-thunderbird <unfixed>
 	- thunderbird 1.5.0.2-1
 	- firefox 1.5.dfsg+1.5.0.2-1
@@ -3533,14 +3548,14 @@
 CVE-2006-0750 (SQL injection vulnerability in index.php in supersmashbrothers (SSB) ...)
 	NOT-FOR-US: supersmashbrothers
 CVE-2006-0749 (Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, ...)
-	{DSA-1046-1 DSA-1044-1}
+	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
 	- firefox <unfixed> (low)
 	- mozilla-firefox <unfixed> (low)
 	- mozilla <unfixed> (low)
 	- thunderbird 1.5.0.2-1 (low)
 	- mozilla-thunderbird <unfixed> (low)
 CVE-2006-0748 (Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before ...)
-	{DSA-1046-1 DSA-1044-1}
+	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
 	- firefox 1.5.dfsg+1.5.0.2-1 (high)
 	- mozilla-firefox <unfixed> (high)
 	- mozilla <unfixed> (high)
@@ -4695,6 +4710,7 @@
 	- mozilla-thunderbird <unfixed>
 	- thunderbird 1.5.0.2-1
 CVE-2006-0296 (The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, ...)
+	{DSA-1051-1}
 	- mozilla-firefox <not-affected> (Only Firefox 1.5 is affected)
 	- firefox 1.5.dfsg+1.5.0.1-1 (bug #351442)
 	- mozilla-thunderbird <unfixed>
@@ -4712,12 +4728,12 @@
 	- mozilla-thunderbird <unfixed>
 	- thunderbird 1.5.0.2-1
 CVE-2006-0293 (The function allocation code (js_NewFunction in jsfun.c) in Firefox ...)
-	{DSA-1046-1}
+	{DSA-1051-1 DSA-1046-1}
 	- firefox 1.5.dfsg+1.5.0.1-1 (bug #351442)
 	- mozilla-firefox <not-affected> (Only Firefox 1.5 is affected)
 	- mozilla-thunderbird <unfixed>
 CVE-2006-0292 (The Javascript interpreter (jsinterp.c) in Mozilla and Firefox before ...)
-	{DSA-1046-1 DSA-1044-1}
+	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
 	- firefox 1.5.dfsg+1.5.0.1-1 (bug #351442)
 	- mozilla-firefox <unfixed> (bug #351442)
 	- mozilla-thunderbird <unfixed>
@@ -6460,7 +6476,7 @@
 CVE-2005-4135 (Direct static code injection vulnerability in includes/newtopic.php in ...)
 	NOT-FOR-US: SimpleBBS
 CVE-2005-4134 (Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before ...)
-	{DSA-1046-1 DSA-1044-1}
+	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
 	- mozilla-firefox <unfixed> (unimportant)
 	- mozilla <unfixed> (unimportant)
 	NOTE: Not exploitable beyond a sluggish browser startup, see
@@ -16424,7 +16440,7 @@
 CVE-2005-XXXX [Possible SQL injection in freeradius]
 	- freeradius 1.0.2-4
 CVE-2005-2353 (run-mozilla.sh in Thunderbird, with debugging enabled, allows local ...)
-	{DSA-1046-1}
+	{DSA-1051-1 DSA-1046-1}
 	- mozilla-thunderbird 1.0.6-1 (bug #306893; low)
 	- firefox 1.5.dfsg+1.5.0.2-1
 	- thunderbird 1.5.0.2-1

More information about the Secure-testing-commits mailing list