[Secure-testing-commits] r3936 - data/CVE

Stefan Fritsch stef-guest at costa.debian.org
Thu May 11 12:12:18 UTC 2006


Author: stef-guest
Date: 2006-05-11 12:12:14 +0000 (Thu, 11 May 2006)
New Revision: 3936

Modified:
   data/CVE/list
Log:
avahi fixed
abc2ps dsa 1041
abcmidi dsa 1043
asterisk dsa 1048
ethereal dsa 1049
clamav dsa 1050
mozilla-thunderbird dsa 1051
cgiirc dsa 1052
mozilla dsa 1053
tiff dsa 1054



Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-05-10 22:18:40 UTC (rev 3935)
+++ data/CVE/list	2006-05-11 12:12:14 UTC (rev 3936)
@@ -15,9 +15,9 @@
 CVE-2006-2290 (Multiple cross-site scripting (XSS) vulnerabilities in kommentar.php ...)
 	TODO: check
 CVE-2006-2289 (Buffer overflow in avahi-core in Avahi before 0.6.10 allows local ...)
-	TODO: check
+	- avahi 0.6.10-1 (medium)
 CVE-2006-2288 (Avahi before 0.6.10 allows local users to cause a denial of service ...)
-	TODO: check
+	- avahi 0.6.10-1 (low)
 CVE-2006-2287 (Multiple cross-site scripting (XSS) vulnerabilities in Vision Source ...)
 	TODO: check
 CVE-2006-2286 (Multiple PHP remote file inclusion vulnerabilities in ...)
@@ -346,7 +346,7 @@
 CVE-2006-2148 (Multiple buffer overflows in client.c in CGI:IRC (CGIIRC) before 0.5.8 ...)
 	{DSA-1052-1}
 	- cgiirc <unfixed> (bug #365680; medium)
-	[sarge] - cgiirc <unfixed> (bug #365680; medium)
+	[sarge] - cgiirc 0.5.4-6sarge1 (bug #365680; medium)
 CVE-2006-2133 (SQL injection vulnerability in index.php in BoonEx Barracuda 1.1 and ...)
 	TODO: check
 CVE-2006-2132 (SQL injection vulnerability in detail.asp in DUclassified allows ...)
@@ -572,13 +572,19 @@
 	TODO: check
 CVE-2006-2026 (Double-free vulnerability in tif_jpeg.c in libtiff before 3.8.1 allows ...)
 	{DSA-1054-1}
-	TODO: check
+	[sarge] - tiff 3.7.2-3sarge1
+	[woody] - tiff 3.5.5-7woody1
+	- tiff 3.8.1
 CVE-2006-2025 (Integer overflow in the TIFFFetchData function in tif_dirread.c for ...)
 	{DSA-1054-1}
-	TODO: check
+	[sarge] - tiff 3.7.2-3sarge1
+	[woody] - tiff 3.5.5-7woody1
+	- tiff 3.8.1
 CVE-2006-2024 (Multiple vulnerabilities in libtiff before 3.8.1 allow ...)
 	{DSA-1054-1}
-	TODO: check
+	[sarge] - tiff 3.7.2-3sarge1
+	[woody] - tiff 3.5.5-7woody1
+	- tiff 3.8.1
 CVE-2006-2023 (Integer overflow in the RTSP_msg_len function in rtsp/RTSP_msg_len.c ...)
 	TODO: check
 CVE-2006-2022 (Buffer overflow in the parse_url function in the RTSP module ...)
@@ -663,7 +669,8 @@
 	- php5 <unfixed> (bug #365312; medium)
 CVE-2006-1989 (Buffer overflow in the get_database function in the HTTP client in ...)
 	{DSA-1050-1}
-	- clamav 0.88.2-1
+	- clamav 0.88.2
+	[sarge] - clamav 0.84-2.sarge.9
 CVE-2006-1988 (The WebTextRenderer(WebInternal) _CG_drawRun:style:geometry: function ...)
 	NOT-FOR-US: Apple Safari
 	NOTE: PoC exploit does not work with konqueror 4:3.5.2-2
@@ -695,6 +702,7 @@
 	{DSA-1053-1}
 	- firefox 1.5.dfsg+1.5.0.3-1
 	[sarge] - mozilla-firefox <not-affected>
+	[sarge] - mozilla 1.7.8-1sarge6
 	- mozilla <unfixed>
 CVE-2006-XXXX [typo3 mailforms can be abused to send spam]
 	- typo3-src <unfixed> (bug #364350)
@@ -780,30 +788,48 @@
 CVE-2006-1940 (Unspecified vulnerability in Ethereal 0.10.4 up to 0.10.14 allows ...)
 	{DSA-1049-1}
 	- ethereal 0.99.0-1 (bug #364758; medium)
+	[sarge] - ethereal 0.10.10-2sarge5 (bug #364758; medium)
+	[woody] - ethereal 0.9.4-1woody15 (bug #364758; medium)
 CVE-2006-1939 (Multiple unspecified vulnerabilities in Ethereal 0.9.x up to 0.10.14 ...)
 	{DSA-1049-1}
 	- ethereal 0.99.0-1 (bug #364758; medium)
+	[sarge] - ethereal 0.10.10-2sarge5 (bug #364758; medium)
+	[woody] - ethereal 0.9.4-1woody15 (bug #364758; medium)
 CVE-2006-1938 (Multiple unspecified vulnerabilities in Ethereal 0.8.x up to 0.10.14 ...)
 	{DSA-1049-1}
 	- ethereal 0.99.0-1 (bug #364758; medium)
+	[sarge] - ethereal 0.10.10-2sarge5 (bug #364758; medium)
+	[woody] - ethereal 0.9.4-1woody15 (bug #364758; medium)
 CVE-2006-1937 (Multiple unspecified vulnerabilities in Ethereal 0.10.x up to 0.10.14 ...)
 	{DSA-1049-1}
 	- ethereal 0.99.0-1 (bug #364758; medium)
+	[sarge] - ethereal 0.10.10-2sarge5 (bug #364758; medium)
+	[woody] - ethereal 0.9.4-1woody15 (bug #364758; medium)
 CVE-2006-1936 (Buffer overflow in Ethereal 0.8.5 up to 0.10.14 allows remote ...)
 	{DSA-1049-1}
 	- ethereal 0.99.0-1 (bug #364758; medium)
+	[sarge] - ethereal 0.10.10-2sarge5 (bug #364758; medium)
+	[woody] - ethereal 0.9.4-1woody15 (bug #364758; medium)
 CVE-2006-1935 (Buffer overflow in Ethereal 0.9.15 up to 0.10.14 allows remote ...)
 	{DSA-1049-1}
 	- ethereal 0.99.0-1 (bug #364758; medium)
+	[sarge] - ethereal 0.10.10-2sarge5 (bug #364758; medium)
+	[woody] - ethereal 0.9.4-1woody15 (bug #364758; medium)
 CVE-2006-1934 (Multiple buffer overflows in Ethereal 0.10.x up to 0.10.14 allow ...)
 	{DSA-1049-1}
 	- ethereal 0.99.0-1 (bug #364758; medium)
+	[sarge] - ethereal 0.10.10-2sarge5 (bug #364758; medium)
+	[woody] - ethereal 0.9.4-1woody15 (bug #364758; medium)
 CVE-2006-1933 (Multiple unspecified vulnerabilities in Ethereal 0.10.x up to 0.10.14 ...)
 	{DSA-1049-1}
 	- ethereal 0.99.0-1 (bug #364758; medium)
+	[sarge] - ethereal 0.10.10-2sarge5 (bug #364758; medium)
+	[woody] - ethereal 0.9.4-1woody15 (bug #364758; medium)
 CVE-2006-1932 (Off-by-one error in the OID printing routine in Ethereal 0.10.x up to ...)
 	{DSA-1049-1}
 	- ethereal 0.99.0-1 (bug #364758; medium)
+	[sarge] - ethereal 0.10.10-2sarge5 (bug #364758; medium)
+	[woody] - ethereal 0.9.4-1woody15 (bug #364758; medium)
 CVE-2006-1931 (The HTTP/XMLRPC server in Ruby before 1.8.2 uses blocking sockets, ...)
 	NOTE: the redhat bugzilla entry says this is fixed in 1.8.3
 	NOTE: the fix is definitely not in 1.8.2-7sarge2	
@@ -1030,6 +1056,8 @@
 CVE-2006-1827 (Integer signedness error in format_jpeg.c in Asterisk 1.2.6 and ...)
 	{DSA-1048-1}
 	- asterisk 1:1.2.7.1.dfsg-1 (bug #364195; medium)
+	[sarge] - asterisk 1:1.0.7.dfsg.1-2sarge2 (bug #364195; medium)
+	[woody] - asterisk 0.1.11-3woody1 (bug #364195; medium)
 CVE-2005-4786 (Buffer overflow in the archive decompression library (vrAZMain.dll ...)
 	NOT-FOR-US: HAURI anti-virus
 CVE-2006-1826 (Multiple cross-site scripting (XSS) vulnerabilities in Snipe Gallery ...)
@@ -1109,6 +1137,8 @@
 	{DSA-1051-1 DSA-1046-1}
 	- firefox 1.5
 	- mozilla-firefox <not-affected> (problematic fix not backported into 1.0.4-2sarge5)
+	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8
+	- thunderbird 1.5.0.2-1
 CVE-2005-4785 (Cross-site scripting (XSS) vulnerability in QuickBlogger 1.4 and ...)
 	NOT-FOR-US: QuickBlogger
 CVE-2006-XXXX [kphone stores SIP passwords in world readable files]
@@ -1214,7 +1244,7 @@
 	- mozilla-firefox <unfixed> (medium)
 	- mozilla <unfixed> (medium)
 	- thunderbird 1.5.0.2-1 (low)
-	- mozilla-thunderbird <unfixed> (low)
+	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
 	NOTE: The Mozilla Foundation labels this as "critical", but it's not
 	NOTE: clear if this bug is exploitable.
 CVE-2006-1741 (Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite ...)
@@ -1223,82 +1253,83 @@
 	- mozilla-firefox <unfixed> (medium)
 	- mozilla <unfixed> (medium)
 	- thunderbird 1.5.0.2-1 (low)
-	- mozilla-thunderbird <unfixed> (low)
+	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
 CVE-2006-1740 (Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite ...)
 	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
 	- firefox <unfixed> (low)
 	- mozilla-firefox <unfixed> (low)
 	- mozilla <unfixed> (low)
 	- thunderbird 1.5.0.2-1 (low)
-	- mozilla-thunderbird <unfixed> (low)
+	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
 CVE-2006-1739 (The CSS border-rendering code in Mozilla Firefox and Thunderbird 1.x ...)
 	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
 	- firefox <unfixed> (medium)
 	- mozilla-firefox <unfixed> (medium)
 	- mozilla <unfixed> (medium)
 	- thunderbird 1.5.0.2-1 (low)
-	- mozilla-thunderbird <unfixed> (low)
+	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
 CVE-2006-1738 (Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x ...)
 	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
 	- firefox <unfixed> (medium)
 	- mozilla-firefox <unfixed> (medium)
 	- mozilla <unfixed> (medium)
 	- thunderbird 1.5.0.2-1 (low)
-	- mozilla-thunderbird <unfixed> (low)
+	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
 CVE-2006-1737 (Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5 and ...)
 	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
 	- firefox <unfixed> (medium)
 	- mozilla-firefox <unfixed> (medium)
 	- mozilla <unfixed> (medium)
 	- thunderbird 1.5.0.2-1 (low)
-	- mozilla-thunderbird <unfixed> (low)
+	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
 CVE-2006-1736 (Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite ...)
 	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
 	- firefox <unfixed> (low)
 	- mozilla-firefox <unfixed> (low)
 	- mozilla <unfixed> (low)
+	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8
 CVE-2006-1735 (Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, ...)
 	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
 	- firefox <unfixed> (high)
 	- mozilla-firefox <unfixed> (high)
 	- mozilla <unfixed> (high)
 	- thunderbird 1.5.0.2-1 (medium)
-	- mozilla-thunderbird <unfixed> (medium)
+	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium)
 CVE-2006-1734 (Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, ...)
 	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
 	- firefox <unfixed> (high)
 	- mozilla-firefox <unfixed> (high)
 	- mozilla <unfixed> (high)
 	- thunderbird 1.5.0.2-1 (medium)
-	- mozilla-thunderbird <unfixed> (medium)
+	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium)
 CVE-2006-1733 (Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, ...)
 	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
 	- firefox <unfixed> (high)
 	- mozilla-firefox <unfixed> (high)
 	- mozilla <unfixed> (high)
 	- thunderbird 1.5.0.2-1 (medium)
-	- mozilla-thunderbird <unfixed> (medium)
+	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium)
 CVE-2006-1732 (Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x ...)
 	{DSA-1051-1 DSA-1044-1}
 	- firefox <unfixed> (medium)
 	- mozilla-firefox <unfixed> (medium)
 	- mozilla <unfixed> (medium)
 	- thunderbird 1.5.0.2-1 (low)
-	- mozilla-thunderbird <unfixed> (low)
+	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
 CVE-2006-1731 (Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, ...)
 	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
 	- firefox <unfixed> (medium)
 	- mozilla-firefox <unfixed> (medium)
 	- mozilla <unfixed> (medium)
 	- thunderbird 1.5.0.2-1 (low)
-	- mozilla-thunderbird <unfixed> (low)
+	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
 CVE-2006-1730 (Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 ...)
 	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
 	- firefox 1.5.dfsg+1.5.0.2-1 (high)
 	- mozilla-firefox <unfixed> (high)
 	- mozilla <unfixed> (high)
 	- thunderbird 1.5.0.2-1 (medium)
-	- mozilla-thunderbird <unfixed> (medium)
+	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium)
 	NOTE: MFSA2006-22 says that it is not clear whether Thunderbird is
 	NOTE: exploitable in the default configuration.
 CVE-2006-1729 (Mozilla Firefox 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla ...)
@@ -1306,6 +1337,7 @@
 	- firefox 1.5.dfsg+1.5.0.2-1 (medium)
 	- mozilla-firefox <unfixed> (medium)
 	- mozilla <unfixed> (medium)
+	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium)
 	NOTE: Can likely be used to steal OpenSSH keys and the like.
 CVE-2006-1728 (Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x ...)
 	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
@@ -1313,14 +1345,14 @@
 	- mozilla-firefox <unfixed> (high)
 	- mozilla <unfixed> (high)
 	- thunderbird 1.5.0.2-1 (medium)
-	- mozilla-thunderbird <unfixed> (medium)
+	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium)
 CVE-2006-1727 (Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x ...)
 	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
 	- firefox 1.5.dfsg+1.5.0.2-1 (medium)
 	- mozilla-firefox <unfixed> (medium)
 	- mozilla <unfixed> (medium)
 	- thunderbird 1.5.0.2-1 (medium)
-	- mozilla-thunderbird <unfixed> (medium)
+	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium)
 	NOTE: If print preview (and this bug) can be triggered from JavaScript,
 	NOTE: the urgency should probably be raised.
 CVE-2006-1726 (Unspecified vulnerability in Firefox and Thunderbird 1.5 before ...)
@@ -1335,7 +1367,7 @@
 	- firefox 1.5.dfsg+1.5.0.2-1 (medium)
 	- mozilla <unfixed> (medium)
 	- thunderbird 1.5.0.2-1 (low)
-	- mozilla-thunderbird <unfixed> (low)
+	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
 	NOTE: MFSA2006-20 says exploitability has not been confirmed.
 	NOTE: Thunderbird is potentially affected as well, but not in the
 	NOTE: default configuration.
@@ -1345,7 +1377,7 @@
 	- mozilla-firefox <unfixed> (medium)
 	- mozilla <unfixed> (medium)
 	- thunderbird 1.5.0.2-1 (low)
-	- mozilla-thunderbird <unfixed> (low)
+	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
 	NOTE: This is probably: https://bugzilla.mozilla.org/show_bug.cgi?id=320459
 CVE-2006-1722 (Cross-site scripting (XSS) vulnerability in suche.htm in ShopXS 4.0 ...)
 	NOT-FOR-US: ShopXS
@@ -1909,10 +1941,13 @@
 	- typespeed 0.4.4-10
 CVE-2006-1514 (Multiple buffer overflows in the abcmidi-yaps translator in abcmidi ...)
 	{DSA-1043-1}
-	- abcmidi <unfixed>
+	- abcmidi 20060422-1
+	[woody] - abcmidi 17-1woody1
+	[sarge] - abcmidi 20050101-1sarge1
 CVE-2006-1513 (Multiple buffer overflows in abc2ps before 1.3.3 allow user-complicit ...)
 	{DSA-1041-1}
 	- abc2ps 1.3.3-3sarge1
+	[woody] - abc2ps 1.3.3-2woody1
 CVE-2006-1512
 	REJECTED
 CVE-2006-1511 (Buffer overflow in the ILASM assembler in the Microsoft .NET 1.0 and ...)
@@ -2976,6 +3011,7 @@
 CVE-2006-1045 (The HTML rendering engine in Mozilla Thunderbird 1.5, when &quot;Block ...)
 	{DSA-1051-1 DSA-1046-1}
 	- thunderbird 1.5.0.2-1
+	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8
 	- firefox 1.5.dfsg+1.5.0.2-1
 CVE-2006-1044 (Multiple buffer overflows in LISTSERV 14.3 and 14.4, including ...)
 	NOT-FOR-US: LISTSERV
@@ -3316,7 +3352,7 @@
 	NOT-FOR-US: CuteNews
 CVE-2006-0884 (The WYSIWYG rendering engine in Mozilla Thunderbird 1.0.7 and earlier ...)
 	{DSA-1051-1 DSA-1046-1}
-	- mozilla-thunderbird <unfixed>
+	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8
 	- thunderbird 1.5.0.2-1
 	- firefox 1.5.dfsg+1.5.0.2-1
 CVE-2003-1295 (Unspecified vulnerability in xscreensaver 4.12, and possibly other ...)
@@ -3610,14 +3646,14 @@
 	- mozilla-firefox <unfixed> (low)
 	- mozilla <unfixed> (low)
 	- thunderbird 1.5.0.2-1 (low)
-	- mozilla-thunderbird <unfixed> (low)
+	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
 CVE-2006-0748 (Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before ...)
 	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
 	- firefox 1.5.dfsg+1.5.0.2-1 (high)
 	- mozilla-firefox <unfixed> (high)
 	- mozilla <unfixed> (high)
 	- thunderbird 1.5.0.2-1 (high)
-	- mozilla-thunderbird <unfixed> (high)
+	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (high)
 CVE-2006-0747
 	RESERVED
 CVE-2006-0746 (Certain patches for kpdf do not include all relevant patches from xpdf ...)
@@ -4770,7 +4806,7 @@
 	{DSA-1051-1}
 	- mozilla-firefox <not-affected> (Only Firefox 1.5 is affected)
 	- firefox 1.5.dfsg+1.5.0.1-1 (bug #351442)
-	- mozilla-thunderbird <unfixed>
+	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8
 	- mozilla <not-affected> (Mozilla 1.7 is not affected)
 	- thunderbird 1.5.0.2-1
 CVE-2006-0295 (Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, ...)
@@ -4788,12 +4824,12 @@
 	{DSA-1051-1 DSA-1046-1}
 	- firefox 1.5.dfsg+1.5.0.1-1 (bug #351442)
 	- mozilla-firefox <not-affected> (Only Firefox 1.5 is affected)
-	- mozilla-thunderbird <unfixed>
+	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8
 CVE-2006-0292 (The Javascript interpreter (jsinterp.c) in Mozilla and Firefox before ...)
 	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
 	- firefox 1.5.dfsg+1.5.0.1-1 (bug #351442)
 	- mozilla-firefox <unfixed> (bug #351442)
-	- mozilla-thunderbird <unfixed>
+	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8
 	- thunderbird 1.5.0.2-1
 CVE-2006-0291 (Multiple unspecified vulnerabilities in Oracle Database Server ...)
 	NOT-FOR-US: Oracle
@@ -6536,6 +6572,7 @@
 	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
 	- mozilla-firefox <unfixed> (unimportant)
 	- mozilla <unfixed> (unimportant)
+	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (unimportant)
 	NOTE: Not exploitable beyond a sluggish browser startup, see
 	NOTE: http://www.mozilla.org/security/history-title.html
 CVE-2005-4133 (Sun Update Connection in Sun Solaris 10, when configured to use a web ...)
@@ -8103,7 +8140,8 @@
 CVE-2005-3559 (Directory traversal vulnerability in vmail.cgi in Asterisk 1.0.9 ...)
 	{DSA-1048-1}
 	- asterisk <unfixed> (bug #338116; medium)
-	NOTE: Sarge and Woody are affected by this
+	[sarge] - asterisk 1:1.0.7.dfsg.1-2sarge2 (bug #338116; medium)
+	[woody] - asterisk 0.1.11-3woody1 (bug #338116; medium)
 CVE-2005-3558 (PHP file inclusion vulnerability in index.php in OSTE 1.0 allows ...)
 	NOT-FOR-US: OSTE 
 CVE-2005-3557 (Directory traversal vulnerability in admin/defaults.php in PHPlist ...)
@@ -16499,6 +16537,7 @@
 CVE-2005-2353 (run-mozilla.sh in Thunderbird, with debugging enabled, allows local ...)
 	{DSA-1051-1 DSA-1046-1}
 	- mozilla-thunderbird 1.0.6-1 (bug #306893; low)
+	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
 	- firefox 1.5.dfsg+1.5.0.2-1
 	- thunderbird 1.5.0.2-1
 CVE-2005-XXXX [Directory traversal in unzoo]




More information about the Secure-testing-commits mailing list