[Secure-testing-commits] r4101 - in data: CVE DSA

Moritz Muehlenhoff jmm-guest at costa.debian.org
Wed May 31 12:54:41 UTC 2006 

Author: jmm-guest
Date: 2006-05-31 12:54:38 +0000 (Wed, 31 May 2006)
New Revision: 4101

Modified:
   data/CVE/list
   data/DSA/list
Log:
two new DSAs
oftpd already fixed
no-dsa for thunderbird


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-05-31 07:42:50 UTC (rev 4100)
+++ data/CVE/list	2006-05-31 12:54:38 UTC (rev 4101)
@@ -1479,9 +1479,8 @@
 CVE-2006-1993 (Mozilla Firefox 1.5.0.2, when designMode is enabled, allows remote ...)
 	{DSA-1055-1 DSA-1053-1}
 	- firefox 1.5.dfsg+1.5.0.3-1 (bug #364810; high) 
-	[sarge] - mozilla-firefox 1.0.4-2sarge7 (high) 
-	[sarge] - mozilla 1.7.8-1sarge6 (high) 
 	- mozilla <unfixed> (high) 
+	[sarge] - mozilla-thunderbird <no-dsa> (Not directly exploitable in Thunderbird)
 CVE-2006-XXXX [typo3 mailforms can be abused to send spam]
 	- typo3-src <unfixed> (bug #364350)
 CVE-2006-XXXX [moinmoin XSS]
@@ -3788,7 +3787,6 @@
 CVE-2006-1053
 	RESERVED
 CVE-2006-1052 (The selinux_ptrace logic in hooks.c in SELinux for Linux 2.6.6 allows ...)
-	TODO: check sarge
 	- linux-2.6 2.6.15+2.6.16-rc5-0experimental.1  (low)
 CVE-2006-1051 (SQL injection vulnerability in Akarru Social BookMarking Engine before ...)
 	NOT-FOR-US: Akurru Social BookMarking Engine
@@ -13814,7 +13812,8 @@
 	{DSA-1003-1}
 	- xpvm 1.2.5-8 (bug #318285; medium)
 CVE-2005-2239 (oftpd 0.3.7 allows remote attackers to cause a denial of service via a ...)
-	- oftpd <removed> (bug #318286; medium)
+	- oftpd 20040304-1 (bug #318286; medium)
+	NOTE: This was fixed in the patch set maintained by Werner Koch, it's included
 CVE-2005-2238 (ftpd in IBM AIX 5.1, 5.2 and 5.3 allows remote authenticated users to ...)
 	NOT-FOR-US: AIX
 CVE-2005-2237 (Format string vulnerability in the swcons command in IBM AIX 5.3, and ...)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2006-05-31 07:42:50 UTC (rev 4100)
+++ data/DSA/list	2006-05-31 12:54:38 UTC (rev 4101)
@@ -1,3 +1,10 @@
+[31 May 2006] DSA-1083-1 motor - buffer overflow
+        {CVE-2005-3863}
+        [woody] - motor 3.2.2-2woody1
+        [sarge] - motor 3.4.0-2sarge1
+[29 May 2006] DSA-1082-1 kernel-source-2.4.17 - several vulnerabilities
+        {CVE-2003-0984 CVE-2004-0138 CVE-2004-0394 CVE-2004-0427 CVE-2004-0447 CVE-2004-0554 CVE-2004-0565 CVE-2004-0685 CVE-2004-0883 CVE-2004-0949 CVE-2004-0997 CVE-2004-1016 CVE-2004-1017 CVE-2004-1068 CVE-2004-1070 CVE-2004-1071 CVE-2004-1072 CVE-2004-1073 CVE-2004-1074 CVE-2004-1234 CVE-2004-1235 CVE-2004-1333 CVE-2004-1335 CVE-2005-0001 CVE-2005-0003 CVE-2005-0124 CVE-2005-0135 CVE-2005-0384 CVE-2005-0489 CVE-2005-0504 CVE-2005-0528}
+	[woody] - kernel-source-2.4.17 2.4.17-1woody4
 [29 May 2006] DSA-1081-1 libextractor - buffer overflow
         {CVE-2006-2458}
         [sarge] - libextractor 0.4.2-2sarge5

More information about the Secure-testing-commits mailing list