[Secure-testing-commits] r4803 - data/CVE

Moritz Muehlenhoff jmm-guest at costa.debian.org
Tue Oct 3 11:20:06 UTC 2006 

Author: jmm-guest
Date: 2006-10-03 11:20:04 +0000 (Tue, 03 Oct 2006)
New Revision: 4803

Modified:
   data/CVE/list
Log:
I confused one of the openssh issues, fixed
bugnums
two no-dsa for minor issues


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-10-03 11:12:26 UTC (rev 4802)
+++ data/CVE/list	2006-10-03 11:20:04 UTC (rev 4803)
@@ -449,10 +449,8 @@
 CVE-2005-4811 (The hugepage code (hugetlb.c) in Linux kernel 2.6, possibly 2.6.12 and ...)
 	- linux-2.6 2.6.14
 CVE-2006-4925 (packet.c in ssh in OpenSSH allows remote attackers to cause a denial ...)
-	- openssh <unfixed> (low)
-	- openssh-krb5 <unfixed> (low)
-	[sarge] - openssh <not-affected>
-	[sarge] - openssh-krb5 <not-affected>
+	- openssh <unfixed> (unimportant)
+	NOTE: That's a non-issue
 CVE-2006-4924 (sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, ...)
 	- openssh 1:4.3p2-4 (low; bug #389995)
 	- openssh-krb5 <unfixed> (low)
@@ -1739,7 +1737,7 @@
 	NOT-FOR-US: CGI-Rescue Mail F/W System
 CVE-2006-4343 (The get_server_hello function in the SSLv2 client code in OpenSSL ...)
 	{DSA-1185-1}
-	- openssl 0.9.8c-2
+	- openssl 0.9.8c-2 (bug #389940)
 	- openssl097 0.9.7k-2
 	- openssl096 <removed>
 CVE-2006-4342
@@ -3139,7 +3137,7 @@
 	- apache2 2.0.55-4.1 (medium; bug #380182)
 CVE-2006-3746 (Integer overflow in parse_comment in GnuPG (gpg) 1.4.4 allows remote ...)
 	{DSA-1141-1 DSA-1140-1}
-	- gnupg 1.4.5-1 (medium)
+	- gnupg 1.4.5-1 (medium; bug #381204) 
 	- gnupg2 1.9.20-2 (medium)
 CVE-2006-3745 (Unspecified vulnerability in the sctp_make_abort_user function in the ...)
 	- linux-2.6 2.6.17-7
@@ -3163,7 +3161,7 @@
 	- libxfont 1:1.2.2-1
 CVE-2006-3738 (Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL ...)
 	{DSA-1185-1}
-	- openssl 0.9.8c-2
+	- openssl 0.9.8c-2 (bug #389940)
 	- openssl097 0.9.7k-2
 	- openssl096 <removed>
 CVE-2006-XXXX [htdig: several unspecified security problems]
@@ -4889,7 +4887,7 @@
 	- mailman 1:2.1.8-3
 CVE-2006-2940 (OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions ...)
 	{DSA-1185-1}
-	- openssl 0.9.8c-2
+	- openssl 0.9.8c-2 (bug #389940)
 	- openssl097 0.9.7k-2
 	- openssl096 <removed>
 CVE-2006-2939
@@ -4898,7 +4896,7 @@
 	RESERVED
 CVE-2006-2937 (OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote ...)
 	{DSA-1185-1}
-	- openssl 0.9.8c-2
+	- openssl 0.9.8c-2 (bug #389940)
 	- openssl097 0.9.7k-2
 	- openssl096 <not-affected>
 CVE-2006-2936 (The ftdi_sio driver (usb/serial/ftdi_sio.c) in Linux kernel 2.6.x up ...)
@@ -9748,7 +9746,7 @@
 	- ezpublish3 <itp> (bug #267370)
 CVE-2006-1320 (util.c in rssh 2.3.0 in Debian GNU/Linux does not use braces to make a ...)
 	{DSA-1109}
-	- rssh 2.3.0-1.1 (bug #346322; low)
+	- rssh 2.3.0-1.1 (bug #346322; bug #363978; low)
 CVE-2006-1321 (Cross-site scripting (XSS) vulnerability in webcheck before 1.9.6 ...)
 	- webcheck 1.9.6
 CVE-2006-0937 (U.N.U. Mailgust 1.9 allows remote attackers to obtain sensitive ...)
@@ -18738,6 +18736,7 @@
 	- gaim 1:1.4.0-5 (low)
 	- centericq 4.20.0-9 (bug #323185; low)
 	- ekg 1:1.5+20050712+1.6rc2-1 (low)
+	[sarge] - ekg <no-dsa> (Minor issue)
 	NOTE: ekg in Sarge is affected (Not in Woody, gaim and centericq had DSAs)
 CVE-2005-2369 (Multiple integer signedness errors in libgadu, as used in ekg before ...)
 	{DSA-813-1 DTSA-2-1}
@@ -21803,6 +21802,7 @@
 	NOT-FOR-US: Gentoo
 CVE-2005-1706 (Unknown vulnerability in MailScanner 4.41.3 and earlier, related to ...)
 	- mailscanner 4.42.9 (bug #310774; low)
+	[sarge] - mailscanner <no-dsa> (Minor issue)
 CVE-2005-1705 (gdb before 6.3 searches the current working directory to load the ...)
 	- gdb 6.3-6
 CVE-2005-1704 (Integer overflow in the Binary File Descriptor (BFD) library for gdb ...)

More information about the Secure-testing-commits mailing list