[Secure-testing-commits] r5016 - in data: CVE DSA

Stefan Fritsch stef-guest at alioth.debian.org
Tue Nov 28 11:39:30 CET 2006


Author: stef-guest
Date: 2006-11-28 11:39:28 +0100 (Tue, 28 Nov 2006)
New Revision: 5016

Modified:
   data/CVE/list
   data/DSA/list
Log:
CVE-2006-5815: previous proftpd fix was wrong (high)

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-11-28 08:53:03 UTC (rev 5015)
+++ data/CVE/list	2006-11-28 10:39:28 UTC (rev 5016)
@@ -665,8 +665,11 @@
 	NOT-FOR-US: Business Card Web Builder
 CVE-2006-5815 (Buffer overflow in ProFTPD 1.3.0 and earlier, when configured to use ...)
 	{DSA-1218}
-	- proftpd-dfsg 1.3.0-13 (bug #399070) 
-	- proftpd <removed>
+	- proftpd-dfsg <unfixed> (bug #399070; high) 
+	- proftpd <removed> (high)
+	NOTE: Previous fix was wrong, see
+	NOTE: http://bugs.proftpd.org/show_bug.cgi?id=2858
+	NOTE: http://www.gleg.net/proftpd.txt
 CVE-2006-5814 (Unspecified vulnerability in Novell eDirectory allows remote attackers ...)
 	NOT-FOR-US: Novell eDirectory 
 CVE-2006-5813 (Unspecified vulnerability in Novell eDirectory 8.8 allows attackers to ...)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2006-11-28 08:53:03 UTC (rev 5015)
+++ data/DSA/list	2006-11-28 10:39:28 UTC (rev 5016)
@@ -1,6 +1,6 @@
 [21 Nov 2006] DSA-1218 proftpd
 	{CVE-2006-5815}
-	[sarge] - proftpd 1.2.10-15sarge2
+	[sarge] - proftpd <unfixed> (high)
 [20 Nov 2006] DSA-1217 linux-ftpd
 	{CVE-2006-5778}
 	[sarge] - linux-ftpd 0.17-20sarge2




More information about the Secure-testing-commits mailing list