[Secure-testing-commits] r4790 - data/CVE
Moritz Muehlenhoff
jmm-guest at costa.debian.org
Sun Oct 1 10:21:08 UTC 2006
Author: jmm-guest
Date: 2006-10-01 10:21:06 +0000 (Sun, 01 Oct 2006)
New Revision: 4790
Modified:
data/CVE/list
Log:
my analysis of the latest openssh issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-10-01 09:14:24 UTC (rev 4789)
+++ data/CVE/list 2006-10-01 10:21:06 UTC (rev 4790)
@@ -41,7 +41,10 @@
CVE-2006-5052 (Unspecified vulnerability in portable OpenSSH before 4.4, when running ...)
TODO: check
CVE-2006-5051 (Signal handler race condition in OpenSSH before 4.4 allows remote ...)
- TODO: check
+ - openssh <unfixed> (unimportant)
+ - openssh-krb5 <unfixed> (high)
+ NOTE: From my analysis only openssh with Kerberos support should be vulnerable
+ NOTE: However, we'll fix openssh as well just to make sure
CVE-2006-5050 (Directory traversal vulnerability in httpd in Rob Landley BusyBox ...)
TODO: check
CVE-2006-5049 (Unspecified vulnerability in Classifieds (com_classifieds) component ...)
@@ -296,10 +299,15 @@
TODO: check
CVE-2005-4811 (The hugepage code (hugetlb.c) in Linux kernel 2.6, possibly 2.6.12 and ...)
TODO: check
-CVE-2006-4925
+CVE-2006-4925 [openssh GSSAPI information leak)
RESERVED
+ - openssh <unfixed> (low)
+ - openssh-krb5 <unfixed> (low)
+ [sarge] - openssh <not-affected>
+ [sarge] - openssh-krb5 <not-affected>
CVE-2006-4924 (sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, ...)
- openssh <unfixed> (low; bug #389995)
+ - openssh-krb5 <unfixed> (low)
CVE-2006-4923 (Cross-site scripting (XSS) vulnerability in search.php in eSyndiCat ...)
NOT-FOR-US: eSyndiCat Portal System
CVE-2006-4922 (Unrestricted file upload vulnerability in ...)
More information about the Secure-testing-commits
mailing list