[Secure-testing-commits] r4937 - data/CVE

Joey Hess joeyh at alioth.debian.org
Wed Nov 8 21:14:47 CET 2006 

Author: joeyh
Date: 2006-11-08 21:14:45 +0100 (Wed, 08 Nov 2006)
New Revision: 4937

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-11-08 19:46:48 UTC (rev 4936)
+++ data/CVE/list	2006-11-08 20:14:45 UTC (rev 4937)
@@ -666,6 +666,7 @@
 	[sarge] - rpm <no-dsa> (You need to trust the RPMs you're installing)
 	NOTE: Only hypothetical, far-fetched attacks feasible
 CVE-2006-5465 (Buffer overflow in PHP before 5.2.0 allows remote attackers to execute ...)
+	{DSA-1206-1}
 	- php4 4:4.4.4-4 (high; bug #396764)
 	- php5 5.1.6-6 (high; bug #396766)
 CVE-2006-5464
@@ -2816,6 +2817,7 @@
 	- php4 4:4.4.4-1 (unimportant)
 	NOTE: Safe mode violations not supported, insufficient measure
 CVE-2006-4482 (Multiple heap-based buffer overflows in the (1) str_repeat and (2) ...)
+	{DSA-1206-1}
 	- php5 5.1.6-1 (medium)
 	- php4 4:4.4.4-1 (medium)
 CVE-2006-4481 (The (1) file_exists and (2) imap_reopen functions in PHP before 5.1.5 ...)
@@ -6123,6 +6125,7 @@
 	- php4 <unfixed> (unimportant)
 	NOTE: Sanitising is the application's responsibilitys
 CVE-2006-3017 (zend_hash_del_key_or_index in zend_hash.c in PHP before 4.4.3 and 5.x ...)
+	{DSA-1206-1}
 	- php5 5.1.4-0.1 (medium)
 	- php4 4:4.4.4-1 (medium; bug #381998)
 CVE-2006-3016 (Unspecified vulnerability in session.c in PHP before 5.1.3 has unknown ...)
@@ -16935,6 +16938,7 @@
 	- sylpheed-claws 1.0.5-2 (bug #338436; medium)
 	- sylpheed-claws-gtk2 1.9.100-1 (bug #339529; medium)
 CVE-2005-3353 (The exif_read_data function in the Exif module in PHP before 4.4.1 ...)
+	{DSA-1206-1}
 	- php4 4:4.4.2-1 (bug #339577; medium)
 	- php5 5.1.1-1 (bug #336654; medium)
 CVE-2005-3352 (Cross-site scripting (XSS) vulnerability in the mod_imap module of ...)
@@ -17778,8 +17782,8 @@
 CVE-2004-XXXX [Barrendero spool world-readable]
 	- barrendero 1.1-1 (bug #279163)
 CVE-2005-XXXX [hdup inproperly preserves permissions on directories]
-       - hdup 2.0.14-2 (bug #302790; low)
-       NOTE: Minor issue, workaround and patch documented since version above
+	- hdup 2.0.14-2 (bug #302790; low)
+	NOTE: Minor issue, workaround and patch documented since version above
 	[sarge] - hdup <no-dsa> (Mostly a design limitation, very limited security implications)
 CVE-2001-XXXX [crypt++ passes passwords through the command line]
 	- crypt++el 2.91-2.1 (bug #105562; low)

More information about the Secure-testing-commits mailing list