[Secure-testing-commits] r4989 - in data: CVE DSA

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Tue Nov 21 19:19:21 CET 2006 

Author: jmm-guest
Date: 2006-11-21 19:19:19 +0100 (Tue, 21 Nov 2006)
New Revision: 4989

Modified:
   data/CVE/list
   data/DSA/list
Log:
five new DSAs
bugnums


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-11-21 18:14:31 UTC (rev 4988)
+++ data/CVE/list	2006-11-21 18:19:19 UTC (rev 4989)
@@ -331,7 +331,7 @@
 CVE-2006-5816 (Multiple PHP remote file inclusion vulnerabilities in Dmitry Sheiko ...)
 	NOT-FOR-US: Business Card Web Builder
 CVE-2006-5815 (Unspecified vulnerability in ProFTPD allows remote attackers to ...)
-	- proftpd-dfsg 1.3.0-13
+	- proftpd-dfsg 1.3.0-13 (bug #399070) 
 	- proftpd <removed>
 CVE-2006-5814 (Unspecified vulnerability in Novell eDirectory allows remote attackers ...)
 	NOT-FOR-US: Novell eDirectory 
@@ -1147,7 +1147,7 @@
 CVE-2006-5445 (Unspecified vulnerability in the SIP channel driver ...)
 	- asterisk 1:1.2.13~dfsg-1 (medium; bug #395080)
 CVE-2006-5444 (Integer overflow in the get_input function in the Skinny channel ...)
-	- asterisk 1:1.2.13~dfsg-1 (medium; bug #395080)
+	- asterisk 1:1.2.13~dfsg-1 (medium; bug #395080; #394025)
 CVE-2006-5443 (Unspecified vulnerability in XIAO Gang WWW Interactive Mathematics ...)
 	- wims 3.60-1 (bug #395102)
 CVE-2006-5442 (ViewVC 1.0.2 and earlier does not specify a charset in its HTTP ...)
@@ -3009,7 +3009,7 @@
 	- wireshark 0.99.4-1 (bug #396258; medium)
 CVE-2006-4573 (Multiple unspecified vulnerabilities in the &quot;utf8 combining characters ...)
 	{DSA-1202-1}
-	- screen 4.0.3-0.1 (bug #395225; medium)
+	- screen 4.0.3-0.1 (bug #395225; bug #395999; medium)
 CVE-2006-4572 (ip6_tables in netfilter in the Linux kernel before 2.6.16.31 allows ...)
 	- linux-2.6 <unfixed>
 CVE-2006-4571 (Multiple unspecified vulnerabilities in Firefox before 1.5.0.7, ...)
@@ -5892,7 +5892,7 @@
 CVE-2006-3335 (Unspecified vulnerability in mkdir in HP-UX B.11.00, B.11.04, B.11.11, ...)
 	NOT-FOR-US: HP-UX
 CVE-2006-3334 (Buffer overflow in the png_decompress_chunk function in pngrutil.c in ...)
-	- libpng 1.2.8rel-5.2 (bug #377298; unimportant)
+	- libpng 1.2.8rel-5.2 (bug #377298; bug #397892; unimportant)
 	NOTE: A static 50 char array consumes 13 machine words on 32bit archs, so the overflow
 	NOTE: cannot overwrite other memory sections
 CVE-2006-3333 (Cross-site scripting (XSS) vulnerability in index.php in Zorum Forum ...)
@@ -9756,7 +9756,7 @@
 CVE-2005-4773 (The configuration of VMware ESX Server 2.x, 2.0.x, 2.1.x, and 2.5.x ...)
 	NOT-FOR-US: VMware
 CVE-2004-2656 (Multiple cross-site scripting (XSS) vulnerabilities in Slashdot Like ...)
-	- slash <not-affected> (Vulnerable code introduced in 2002, while Debian's is older!)
+	- slash <not-affected> (Vulnerable code introduced in 2002, while Debian's is older!, see #390469)
 CVE-2006-XXXX [firebird local DoS]
 	- firebird2 1.5.3.4870-4 (bug #362001)
 	[sarge] - firebird2 <no-dsa> (Minor issue)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2006-11-21 18:14:31 UTC (rev 4988)
+++ data/DSA/list	2006-11-21 18:19:19 UTC (rev 4989)
@@ -1,3 +1,18 @@
+[21 Nov 2006] DSA-1218 proftpd
+	{CVE-2006-5815}
+	[sarge] - proftpd 1.2.10-15sarge2
+[20 Nov 2006] DSA-1217 linux-ftpd
+	{CVE-2006-5778}
+	[sarge] - linux-ftpd 0.17-20sarge2
+[20 Nov 2006] DSA-1216 flexbackup
+	{CVE-2006-4802}
+	[sarge] - flexbackup 1.2.1-2sarge1
+[20 Nov 2006] DSA-1215 xine-lib
+	{CVE-2006-4799 CVE-2006-4800}
+	[sarge] - xine-lib 1.0.1-1sarge4
+[20 Nov 2006] DSA-1214 gv 
+	{CVE-2006-5864}
+	[sarge] - gv 3.6.1-10sarge1
 [19 Nov 2006] DSA-1213 imagemagick
 	{CVE-2006-0082 CVE-2006-4144 CVE-2006-5456 CVE-2006-5868}
 	[sarge] - imagemagick 6:6.0.6.2-2.8

More information about the Secure-testing-commits mailing list