[Secure-testing-commits] r4973 - data/CVE

Stefan Fritsch stef-guest at alioth.debian.org
Sat Nov 18 11:09:42 CET 2006 

Author: stef-guest
Date: 2006-11-18 11:09:40 +0100 (Sat, 18 Nov 2006)
New Revision: 4973

Modified:
   data/CVE/list
Log:
- new torrentflux issue
- new firefox-sage issue
- CVE-2006-5793: new libpng DoS (medium)
- CVE-2006-4250: new man-db issue fixed
- CVE-2006-4572: new linux issue
- icedove fixed
- openssh fixed


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-11-18 08:14:20 UTC (rev 4972)
+++ data/CVE/list	2006-11-18 10:09:40 UTC (rev 4973)
@@ -1,3 +1,7 @@
+CVE-2006-XXXX [TorrentFlux Arbitrary Command Execution and Directory Traversal]
+	- torrentflux <unfixed> (medium; bug #399169)
+CVE-2006-XXXX [Firefox Sage Extension Feed Script Insertion Vulnerability]
+	- firefox-sage <unfixed> (medium; bug filed)
 CVE-2006-5972 (Stack-based buffer overflow in WG111v2.SYS in NetGear WG111v2 wireless ...)
 	TODO: check
 CVE-2006-5971 (Absolute path traversal vulnerability in admin/logfile.txt in Verity ...)
@@ -364,10 +368,10 @@
 CVE-2006-5795 (Multiple PHP remote file inclusion vulnerabilities in OpenEMR 2.8.1 ...)
 	NOT-FOR-US: OpenEMR
 CVE-2006-5794 (Unspecified vulnerability in the sshd Privilege Separation Monitor in ...)
-	- openssh <unfixed> (unimportant)
+	- openssh 1:4.3p2-6 (unimportant)
 	NOTE: Not a direct vulnerability
 CVE-2006-5793 (The sPLT chunk handling code (png_set_sPLT function in pngset.c) in ...)
-	TODO: check
+	- libpng <unfixed> (medium; bug #398706)
 CVE-2006-XXXX [obexpushd arbitrary command execution]
 	- obexpushd 0.4+svn10-1 (bug #397297; medium)
 CVE-2006-XXXX [motion insecure tempfile creation]
@@ -461,17 +465,19 @@
 CVE-2006-5749
 	RESERVED
 CVE-2006-5748 (Multiple unspecified vulnerabilities in the JavaScript engine in ...)
+	NOTE: MFSA-2006-65
 	- firefox <unfixed> (high)
 	- thunderbird <removed> (medium)
-	- icedove <unfixed> (medium)
+	- icedove 1.5.0.8-1 (medium)
 	- mozilla <unfixed> (high)
 	- xulrunner <unfixed> (high)
 	- mozilla-firefox <removed> (high)
 	- mozilla-thunderbird <removed> (medium)
 CVE-2006-5747 (Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, ...)
+	NOTE: MFSA-2006-65
 	- firefox <unfixed> (high)
 	- thunderbird <removed> (medium)
-	- icedove <unfixed> (medium)
+	- icedove 1.5.0.8-1 (medium)
 	- mozilla <unfixed> (medium)
 	- xulrunner <unfixed> (high)
 	[sarge] - mozilla-firefox <not-affected> (Vulnerable code not present)
@@ -1071,27 +1077,30 @@
 	- php4 4:4.4.4-4 (high; bug #396764)
 	- php5 5.1.6-6 (high; bug #396766)
 CVE-2006-5464 (Multiple unspecified vulnerabilities in the layout engine in Mozilla ...)
+	NOTE: MFSA-2006-65
 	- firefox <unfixed> (low)
 	- thunderbird <removed> (low)
-	- icedove <unfixed> (low)
+	- icedove 1.5.0.8-1 (low)
 	- mozilla <unfixed> (low)
 	- xulrunner <unfixed> (low)
 	- mozilla-firefox <removed> (low)
 	- mozilla-thunderbird <removed> (low)
 CVE-2006-5463 (Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, ...)
+	NOTE: MFSA-2006-67
 	- firefox <unfixed> (high)
 	- thunderbird <removed> (medium)
-	- icedove <unfixed> (medium)
+	- icedove 1.5.0.8-1 (medium)
 	- mozilla <unfixed> (high)
 	- xulrunner <unfixed> (high)
 	- mozilla-firefox <removed> (high)
 	- mozilla-thunderbird <removed> (medium)
 CVE-2006-5462 (Mozilla Network Security Service (NSS) library before 3.11.3, as used ...)
+	NOTE: MFSA-2006-66
 	NOTE: this is the similar to CVE-2006-4339, see also CVE-2006-4340
 	NOTE: the fixes for CVE-2006-4340 were incomplete
 	- firefox <unfixed> (high)
 	- thunderbird <removed> (medium)
-	- icedove <unfixed> (medium)
+	- icedove 1.5.0.8-1 (medium)
 	- mozilla <unfixed> (high)
 	- xulrunner <unfixed> (high)
 	- mozilla-thunderbird <removed> (medium)
@@ -3000,7 +3009,7 @@
 	{DSA-1202-1}
 	- screen 4.0.3-0.1 (bug #395225; medium)
 CVE-2006-4572 (ip6_tables in netfilter in the Linux kernel before 2.6.16.31 allows ...)
-	TODO: check
+	- linux-2.6 <unfixed>
 CVE-2006-4571 (Multiple unspecified vulnerabilities in Firefox before 1.5.0.7, ...)
 	{DSA-1210 DSA-1192-1 DSA-1191-1}
 	NOTE: MFSA-2006-64
@@ -3768,8 +3777,9 @@
 	{DSA-1211}
 	- pdns-recursor 3.1.4-1 (bug #398557; high)
 	- pdns <not-affected> (Recursor module has been moved to pdns-recursor)
-CVE-2006-4250
+CVE-2006-4250 [buffer overflow in man-db]
 	RESERVED
+	- man-db 2.4.3-5
 CVE-2006-4249 [plone group creation privilege escalation]
 	RESERVED
 	- zope-cmfplone <unfixed>

More information about the Secure-testing-commits mailing list