[Secure-testing-commits] r4798 - in data: CVE DSA
Moritz Muehlenhoff
jmm-guest at costa.debian.org
Sun Oct 1 21:30:21 UTC 2006
Author: jmm-guest
Date: 2006-10-01 21:30:20 +0000 (Sun, 01 Oct 2006)
New Revision: 4798
Modified:
data/CVE/list
data/DSA/list
Log:
fix zope CVE ID
multiple bugnums
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-10-01 21:14:26 UTC (rev 4797)
+++ data/CVE/list 2006-10-01 21:30:20 UTC (rev 4798)
@@ -1830,7 +1830,8 @@
[sarge] - zope-cmfplone <not-affected> (Vulnerable code not present)
- zope-cmfplone <unfixed>
CVE-2006-4246 (Usermin before 1.220 (20060629) allows remote attackers to read ...)
- TODO: check
+ {DSA-1177-1}
+ - usermin <removed> (bug #374609)
CVE-2006-4245
RESERVED
CVE-2006-4244 (SQL-Ledger 2.4.4 through 2.6.17 authenticates users by verifying that ...)
@@ -1839,7 +1840,6 @@
RESERVED
- linux-2.6 2.6.17-9
CVE-2006-4242 (PHP remote file inclusion vulnerability in install.jim.php in the JIM ...)
- {DSA-1177-1}
NOT-FOR-US: JIM component for Joomla or Mambo
CVE-2006-4241 (PHP remote file inclusion vulnerability in processor/reporter.sql.php ...)
NOT-FOR-US: Reporter Mambo component (com_reporter)
@@ -2158,11 +2158,11 @@
CVE-2006-4096 (BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to ...)
{DSA-1172-1}
- bind <not-affected> (Not vulnerable according to CERT advisory)
- - bind9 1:9.3.2-P1-1 (medium; bug #386245)
+ - bind9 1:9.3.2-P1-1 (medium; bug #386245; bug #386237)
CVE-2006-4095 (BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers ...)
{DSA-1172-1}
- bind <not-affected> (Not vulnerable according to CERT advisory)
- - bind9 1:9.3.2-P1-1 (medium; bug #386245)
+ - bind9 1:9.3.2-P1-1 (medium; bug #386245; bug #386237)
CVE-2006-4094
RESERVED
CVE-2006-4093 (Linux kernel 2.x.6 before 2.6.17.9 and 2.4.x before 2.4.33.1 on ...)
@@ -2279,7 +2279,7 @@
NOT-FOR-US: myWebland myBloggie
CVE-2006-4041 (SQL injection vulnerability in Pike before 7.6.86, when using a ...)
- pike7.6 7.6.86-1
- [sarge] - pike7.2 <unfixed> (bug #382607)
+ [sarge] - pike7.2 <unfixed> (bug #382607; bug #383766)
CVE-2006-4040 (PHP remote file inclusion vulnerability in myevent.php in myWebland ...)
NOT-FOR-US: myWebland myEvent
CVE-2006-4039 (Multiple SQL injection vulnerabilities in eintragen.php in GaesteChaos ...)
@@ -2338,12 +2338,12 @@
CVE-2006-4021 (The cryptographic module in ScatterChat 1.0.x allows attackers to ...)
NOT-FOR-US: ScatterChat
CVE-2006-4020 (scanf.c in PHP 5.1.4 and earlier, and 4.4.3 and earlier, allows ...)
- - php5 5.1.6-1 (unimportant; bug #382256)
+ - php5 5.1.6-1 (unimportant; bug #382256; bug #382262)
- php4 4:4.4.4-1 (unimportant; bug #382261)
NOTE: Only exploitable by malicious, local user
CVE-2006-4019 (Dynamic variable evaluation vulnerability in compose.php in ...)
{DSA-1154}
- - squirrelmail 2:1.4.8-1
+ - squirrelmail 2:1.4.8-1 (bug #382621)
CVE-2006-4018 (Heap-based buffer overflow in the pefromupx function in ...)
{DSA-1153}
- clamav 0.88.4-1 (high; bug #382004; bug #382007)
@@ -2779,7 +2779,7 @@
- krusader <not-affected> (bug #380063; file in directory with 0700 permissions)
CVE-2006-3815 (heartbeat.c in heartbeat before 2.0.6 sets insecure permissions in a ...)
{DSA-1128}
- - heartbeat 1.2.4-13 (bug #379904)
+ - heartbeat 1.2.4-13 (bug #379904; bug #380289)
CVE-2006-3814 (Buffer overflow in the Loader_XM::load_instrument_internal function in ...)
{DSA-1166}
- cheesetracker 0.9.9-6 (bug #380364; low)
@@ -3637,7 +3637,7 @@
{DSA-1137-1}
- tiff 3.8.2-6
CVE-2006-3486 (** DISPUTED ** ...)
- - mysql-dfsg-5.0 5.0.22-4 (unimportant)
+ - mysql-dfsg-5.0 5.0.22-4 (unimportant; bug #378102)
[sarge] - mysql-dfsg-4.1 <not-affected> (Vulnerable code not present)
[sarge] - mysql-dfsg <not-affected> (Vulnerable code not present)
NOTE: Only DoS possible, only root can trigger this -> non-issue
@@ -3802,7 +3802,7 @@
- hiki 0.8.6-1 (bug #378059; low)
CVE-2006-3378 (passwd command in shadow in Ubuntu 5.04 through 6.06 LTS, when called ...)
{DSA-1150-1}
- - shadow 1:4.0.14-1
+ - shadow 1:4.0.14-1 (bug #379174)
CVE-2006-3377 (Cross-site scripting (XSS) vulnerability in JMB Software AutoRank PHP ...)
NOT-FOR-US: JMB Software AutoRank PHP
CVE-2006-3376 (Integer overflow in player.c in libwmf 0.2.8.4, as used in multiple ...)
@@ -4077,7 +4077,7 @@
NOT-FOR-US: Algorithmic Research PrivateWire VPN
CVE-2006-3251 (Heap-based buffer overflow in the array_push function in hashcash.c ...)
{DSA-1114}
- - hashcash 1.21
+ - hashcash 1.21 (bug #376444)
CVE-2006-3250 (Heap-based buffer overflow in Windows Live Messenger 8.0 allows ...)
NOT-FOR-US: Windows Live Messenger
CVE-2006-3249 (** DISPUTED ** ...)
@@ -5841,8 +5841,8 @@
NOT-FOR-US: Mobotix
CVE-2006-2489 (Integer overflow in CGI scripts in Nagios 1.x before 1.4.1 and 2.x ...)
{DSA-1072-1}
- - nagios 2:1.4-1 (bug #366682; bug #366803; high)
- - nagios2 2.3-1 (bug #366683; high)
+ - nagios 2:1.4-1 (bug #366682; bug #366803; bug #368193; high)
+ - nagios2 2.3-1 (bug #366683; bug #368199; high)
CVE-2006-2488 (Multiple cross-site scripting (XSS) vulnerabilities in Spymac WebOS ...)
NOT-FOR-US: Spymac
CVE-2006-2487 (Multiple PHP remote file inclusion vulnerabilities in ScozNews 1.2.1 ...)
@@ -6412,7 +6412,7 @@
NOT-FOR-US: Big Webmaster Guestbook Script
CVE-2006-2230 (Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine ...)
{DSA-1093-1}
- - xine-ui 0.99.4-2 (medium; bug #363370)
+ - xine-ui 0.99.4-2 (medium; bug #363370; bug #372172)
CVE-2006-2229 (OpenVPN 2.0.7 and earlier, when configured to use the --management ...)
- openvpn <unfixed> (unimportant)
NOTE: One needs to explicitly set the IP to something else than 127.0.0.1
@@ -7142,7 +7142,7 @@
CVE-2006-1931 (The HTTP/XMLRPC server in Ruby before 1.8.2 uses blocking sockets, ...)
{DSA-1157}
NOTE: the redhat bugzilla entry says this is fixed in 1.8.3
- - ruby1.8 1.8.3
+ - ruby1.8 1.8.3 (bug #365520)
CVE-2006-1930 (** DISPUTED ** ...)
NOT-FOR-US: Green Minute
CVE-2006-1929 (PHP remote file inclusion vulnerability in include/common.php in ...)
@@ -7489,7 +7489,8 @@
CVE-2006-1776 (PHP remote file inclusion vulnerability in doc/index.php in Jeremy ...)
NOT-FOR-US: Simplog
CVE-2006-1775 (Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.19 ...)
- - phpbb2 <unfixed> (medium)
+ - phpbb2 <unfixed> (unimportant)
+ NOTE: Only exploitable by authenticated admin users
CVE-2006-1774 (HP System Management Homepage (SMH) 2.1.3.132, when running on ...)
NOT-FOR-US: HP System Management Homepage
CVE-2006-1773 (SQL injection vulnerability in include.php in PHPKIT 1.6.1 Release 2 ...)
@@ -7755,7 +7756,7 @@
CVE-2005-4773 (The configuration of VMware ESX Server 2.x, 2.0.x, 2.1.x, and 2.5.x ...)
NOT-FOR-US: VMware
CVE-2004-2656 (Multiple cross-site scripting (XSS) vulnerabilities in Slashdot Like ...)
- - slash <unfixed> (medium)
+ - slash <unfixed> (medium; bug #390469)
CVE-2006-XXXX [firebird local DoS]
- firebird2 1.5.3.4870-4 (bug #362001)
[sarge] - firebird2 <no-dsa> (Minor issue)
@@ -7860,8 +7861,7 @@
CVE-2006-1665 (Multiple cross-site scripting (XSS) vulnerabilities in Arab Portal ...)
NOT-FOR-US: Arab Portal
CVE-2006-1664 (Buffer overflow in xine_list_delete_current in libxine 1.14 and ...)
- - libxine1 <not-affected> (not reproducible with Debian version)
- NOTE: see bug #363127
+ - libxine1 <not-affected> (Not reproducible with Debian version, see bug #363127)
CVE-2006-1663
REJECTED
CVE-2006-1662 (The frontpage option in Limbo CMS 1.0.4.2 and 1.0.4.1 allows remote ...)
@@ -9084,7 +9084,7 @@
[sarge] - shadow <not-affected> (Vulnerable code was introduced later)
CVE-2006-1173 (Sendmail before 8.13.7 allows remote attackers to cause a denial of ...)
{DSA-1155}
- - sendmail 8.13.7-1 (low)
+ - sendmail 8.13.7-1 (low; bug #373801)
CVE-2006-1172 (Stack-based buffer overflow in the createPKCS10 function in ...)
NOT-FOR-US: ActiveX control
CVE-2006-1171
@@ -10056,7 +10056,7 @@
NOTE: Only affected the 3.3.2 KDE backport
CVE-2006-0745 (X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 ...)
- xorg-x11 6.9.0.dfsg.1-5 (bug #360388; medium)
- - xorg-server 1:1.0.2-1
+ - xorg-server 1:1.0.2-1 (bug #378465; medium)
- xfree86 <not-affected>
CVE-2006-0744 (Linux kernel before 2.6.16.5 does not properly handle uncanonical ...)
{DSA-1103}
@@ -25982,7 +25982,7 @@
NOT-FOR-US: Tonecast
CVE-2004-1617 (Lynx and lynx-ssl allow remote attackers to cause a denial of service ...)
{DSA-1077-1 DSA-1076-1}
- - lynx 2.8.5-2sarge1.2 (bug #296340; low)
+ - lynx 2.8.5-2sarge1.2 (bug #296340; bug #384725; low)
- lynx-cur 2.8.6-6 (low)
- lynx-ssl <removed>
CVE-2004-1616 (Links allows remote attackers to cause a denial of service (memory ...)
@@ -29606,7 +29606,7 @@
CVE-2004-0627 (The check_scramble_323 function in MySQL 4.1.x before 4.1.3, and 5.0, ...)
- mysql <not-affected> (Apparently 3.2 not exploitable, see #330164)
- mysql-dfsg <not-affected> (Apparently 4.0 not exploitable, see #330164)
- - mysql-dfsg-4.1 4.1.11a-1 (bug #330164; medium)
+ - mysql-dfsg-4.1 4.1.11a-1 (bug #330164; bug #380507; medium)
- mysql-dfsg-5.0 <not-affected> (Was fixed before MySQL 5.0 was uploaded into the archive)
CVE-2004-0626 (The tcp_find_option function of the netfilter subsystem in Linux ...)
[sarge] - kernel-source-2.6.8 2.6.8-1
Modified: data/DSA/list
===================================================================
--- data/DSA/list 2006-10-01 21:14:26 UTC (rev 4797)
+++ data/DSA/list 2006-10-01 21:30:20 UTC (rev 4798)
@@ -23,7 +23,7 @@
{CVE-2006-3467}
[sarge] - freetype 2.1.7-6
[15 Sep 2006] DSA-1177-1 usermin
- {CVE-2006-4242}
+ {CVE-2006-4246}
[sarge] - usermin 1.110-3.1
[13 Sep 2006] DSA-1176-1 zope2.7
{CVE-2006-4684}
More information about the Secure-testing-commits
mailing list