[Secure-testing-commits] r4968 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Wed Nov 15 21:14:23 CET 2006
Author: joeyh
Date: 2006-11-15 21:14:22 +0100 (Wed, 15 Nov 2006)
New Revision: 4968
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-11-15 20:02:42 UTC (rev 4967)
+++ data/CVE/list 2006-11-15 20:14:22 UTC (rev 4968)
@@ -73,6 +73,7 @@
CVE-2006-5849 (PHP remote file inclusion vulnerability in inc/irayofuncs.php in ...)
TODO: check
CVE-2006-5848 (Cross-site request forgery (CSRF) vulnerability in Edgewall Trac 0.10 ...)
+ {DSA-1209}
TODO: check
CVE-2006-5847 (Cross-site scripting (XSS) vulnerability in index.php in FreeWebshop ...)
TODO: check
@@ -1791,7 +1792,7 @@
TODO: check
NOTE: This may be a dupe of CVE-2006-4925
CVE-2006-5051 (Signal handler race condition in OpenSSH before 4.4 allows remote ...)
- {DSA-1189-1}
+ {DSA-1212 DSA-1189-1}
- openssh 1:4.3p2-4 (unimportant)
- openssh-krb5 <unfixed> (high)
NOTE: From my analysis only openssh with Kerberos support should be vulnerable
@@ -2068,7 +2069,7 @@
- openssh <unfixed> (unimportant)
NOTE: That's a non-issue
CVE-2006-4924 (sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, ...)
- {DSA-1189-1}
+ {DSA-1212 DSA-1189-1}
- openssh 1:4.3p2-4 (low; bug #389995)
- openssh-krb5 <unfixed> (low)
CVE-2006-4923 (Cross-site scripting (XSS) vulnerability in search.php in eSyndiCat ...)
@@ -2821,7 +2822,7 @@
CVE-2006-4572 (Multiple unspecified vulnerabilities in netfilter for IPv6 code in ...)
TODO: check
CVE-2006-4571 (Multiple unspecified vulnerabilities in Firefox before 1.5.0.7, ...)
- {DSA-1192-1 DSA-1191-1}
+ {DSA-1210 DSA-1192-1 DSA-1191-1}
NOTE: MFSA-2006-64
- mozilla <unfixed> (high)
- firefox 1.5.dfsg+1.5.0.7-1 (high)
@@ -2840,7 +2841,7 @@
- thunderbird 1.5.0.7-1
[sarge] - mozilla-firefox <unfixed> (low)
CVE-2006-4568 (Mozilla Firefox before 1.5.0.7 and SeaMonkey before 1.0.5 allows ...)
- {DSA-1192-1 DSA-1191-1}
+ {DSA-1210 DSA-1192-1 DSA-1191-1}
NOTE: MFSA-2006-61
- mozilla <unfixed> (low)
- firefox 1.5.dfsg+1.5.0.7-1 (low)
@@ -2855,7 +2856,7 @@
[sarge] - mozilla-thunderbird <unfixed> (unimportant)
NOTE: The internal update mechanism is disabled in Debian
CVE-2006-4566 (Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and ...)
- {DSA-1192-1 DSA-1191-1}
+ {DSA-1210 DSA-1192-1 DSA-1191-1}
NOTE: MFSA-2006-57
- mozilla <unfixed> (high)
- firefox 1.5.dfsg+1.5.0.7-1 (high)
@@ -2863,7 +2864,7 @@
- xulrunner 1.8.0.7-1 (high)
[sarge] - mozilla-firefox <unfixed> (high)
CVE-2006-4565 (Heap-based buffer overflow in Mozilla Firefox before 1.5.0.7, ...)
- {DSA-1192-1 DSA-1191-1}
+ {DSA-1210 DSA-1192-1 DSA-1191-1}
NOTE: MFSA-2006-57
- mozilla <unfixed> (high)
- firefox 1.5.dfsg+1.5.0.7-1 (high)
@@ -3375,7 +3376,7 @@
CVE-2006-4341
REJECTED
CVE-2006-4340 (Mozilla Network Security Service (NSS) library before 3.11.3, as used ...)
- {DSA-1192-1 DSA-1191-1}
+ {DSA-1210 DSA-1192-1 DSA-1191-1}
NOTE: MFSA-2006-60, this is the similar to CVE-2006-4339
- mozilla <unfixed> (high)
- firefox 1.5.dfsg+1.5.0.7-1 (high)
@@ -3589,6 +3590,7 @@
- pdns-recursor 3.1.4-1 (bug #398559)
- pdns <not-affected> (Recursor module has been moved to pdns-recursor)
CVE-2006-4251 (Buffer overflow in PowerDNS Recursor 3.1.3 and earlier might allow ...)
+ {DSA-1211}
- pdns-recursor 3.1.4-1 (bug #398557; high)
- pdns <not-affected> (Recursor module has been moved to pdns-recursor)
CVE-2006-4250
@@ -6902,7 +6904,7 @@
NOTE: Verified that the patch has been applied in 2.4.0-1,
NOTE: may have been fixed earlier.
CVE-2006-2788 (Double-free vulnerability in the getRawDER function for nsIX509Cert in ...)
- {DSA-1192-1 DSA-1191-1}
+ {DSA-1210 DSA-1192-1 DSA-1191-1}
- mozilla <unfixed> (high)
- mozilla-firefox <unfixed> (high)
- firefox 1.5.dfsg+1.5.0.4 (high)
More information about the Secure-testing-commits
mailing list