[Secure-testing-commits] r4870 - in data: CVE DSA

Moritz Muehlenhoff jmm-guest at costa.debian.org
Mon Oct 23 20:00:28 UTC 2006 

Author: jmm-guest
Date: 2006-10-23 20:00:27 +0000 (Mon, 23 Oct 2006)
New Revision: 4870

Modified:
   data/CVE/list
   data/DSA/list
Log:
three new DSAs
qt fixed
one old tetex not-affected
rewrite php non-issues to unimportant severity


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-10-22 20:18:02 UTC (rev 4869)
+++ data/CVE/list	2006-10-23 20:00:27 UTC (rev 4870)
@@ -1,4 +1,4 @@
-CVE-2006-XXXX [unspecified steam cache vulnerability]
+VE-2006-XXXX [unspecified steam cache vulnerability]
 	- steam 2.2.31-1
 	[sarge] - steam <not-affected> (Sarge version doesn't implement caching)
 CVE-2006-5381 (Contenido CMS stores sensitive data under the web root with ...)
@@ -1196,7 +1196,7 @@
 	- php5 <unfixed> (bug #391586)
 CVE-2006-4811 [qt pixmap overflow]
 	RESERVED
-	- qt-x11-free <unfixed> (bug #394192)
+	- qt-x11-free 3:3.3.7-1 (bug #394192: bug #394313)
 	- qt4-x11 <unfixed> (bug #394192)
 CVE-2006-4810
 	RESERVED
@@ -5265,10 +5265,9 @@
 CVE-2006-3012 (SQL injection vulnerability in phpBannerExchange before 2.0 Update 6 ...)
 	NOT-FOR-US: phpBannerExchange
 CVE-2006-3011 (The error_log function in basic_functions.c in PHP before 4.4.4 and ...)
-	- php4 4:4.4.4-1 (low)
-	- php5 5.1.6-1 (low)
-	[sarge] - php4 <no-dsa> (Safe mode not supported)
-	NOTE: only safe mode bypass
+	- php4 4:4.4.4-1 (unimportant)
+	- php5 5.1.6-1 (unimportant)
+	NOTE: Safe mode violations are not supported
 CVE-2003-1303 (Buffer overflow in the imap_fetch_overview function in the IMAP ...)
 	NOT-FOR-US: Microsoft Internet Explore
 CVE-2003-1302 (The IMAP functionality in PHP before 4.3.1 allows remote attackers to ...)
@@ -5510,6 +5509,7 @@
 CVE-2006-2906 (The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas ...)
 	{DSA-1117}
 	- libgd2 2.0.33-5 (bug #372912; low)
+	- tetex-bin <not-affected> (Links dynamically, see #382506)
 CVE-2006-2905 (Partial Links 1.2.2 allows remote attackers to obtain sensitive ...)
 	NOT-FOR-US: Partial Links
 CVE-2006-2904 (SQL injection vulnerability in index.php in Partial Links 1.2.2 allows ...)
@@ -6111,15 +6111,14 @@
 	{DSA-1095-1}
 	- freetype 2.2.1-1 (medium)
 CVE-2006-2660 (Buffer consumption vulnerability in the tempnam function in PHP 5.1.4 ...)
-	- php4 4:4.4.4-1 (low)
-	[sarge] - php4 <no-dsa> (not worth an update, see NOTE by Sean)
+	- php4 4:4.4.4-1 (unimportant)
+	- php5 5.1.6-1 (unimportant)
 	NOTE: using a long enough path (>MAXPATHLEN) allows you to have
 	NOTE: tempnam create a file without the temp extension.  sounds like
 	NOTE: another shoot yourself in the foot issue, since the local user
 	NOTE: could just as easily create the file manually, and if the
 	NOTE: tempnam function is taking unsanitized input, it's an
 	NOTE: application error
-	- php5 5.1.6-1 (low)
 CVE-2006-2658 (Directory traversal vulnerability in the xsp component in mod_mono in ...)
 	- xsp 1.1.15-1
 CVE-2006-2657
@@ -6345,9 +6344,9 @@
 CVE-2006-2564 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
 	NOT-FOR-US: Alstrasoft Article Manager Pro
 CVE-2006-2563 (The cURL library (libcurl) in PHP 4.4.2 and 5.1.4 allows attackers to ...)
-	- php4 4:4.4.4-1 (bug #370166; low)
-	[sarge] - php4 <no-dsa> (Safe mode violations not supported)
-	- php5 5.1.6-1 (bug #370165; low)
+	- php4 4:4.4.4-1 (bug #370166; unimportant)
+	- php5 5.1.6-1 (bug #370165; unimportant)
+	NOTE: Safe mode violations are not supported
 CVE-2006-2562 (ZyXEL P-335WT router allows remote attackers to bypass access ...)
 	NOT-FOR-US: ZyXEL P-335WT router
 CVE-2006-2561 (Edimax BR-6104K router allows remote attackers to bypass access ...)
@@ -8671,9 +8670,9 @@
 CVE-2006-1609 (Unspecified vulnerability in Hitachi XFIT/S, XFIT/S/JCA, XFIT/S/ZGN, ...)
 	NOT-FOR-US: Hitachi XFIT
 CVE-2006-1608 (The copy function in file.c in PHP 4.4.2 and 5.1.2 allows local users ...)
-	- php4 4:4.4.4-1 (bug #361856)
-	[sarge] - php4 <no-dsa> (Safe mode violations not supported)
-	- php5 5.1.4-0.1 (bug #361915)
+	- php4 4:4.4.4-1 (bug #361856; unimportant)
+	- php5 5.1.4-0.1 (bug #361915; unimportant)
+	NOTE: Safe mode violations not supported
 CVE-2006-1607 (Unspecified vulnerability in the banner module in Exponent CMS before ...)
 	NOT-FOR-US: Exponent CMS
 CVE-2006-1606 (Unspecified vulnerability in the image module in Exponent CMS before ...)
@@ -9013,9 +9012,9 @@
 CVE-2006-1495 (SQL injection vulnerability in general/sendpassword.php in (1) ...)
 	NOT-FOR-US: PHPCollab / NetOffice
 CVE-2006-1494 (Directory traversal vulnerability in file.c in PHP 4.4.2 and 5.1.2 ...)
-	- php4 4:4.4.4-1 (bug #361855)
-	- php5 5.1.4-0.1 (bug #361916)
-	[sarge] - php4 <no-dsa> (open_basedir violations not supported)
+	- php4 4:4.4.4-1 (bug #361855; unimportant)
+	- php5 5.1.4-0.1 (bug #361916; unimportant)
+	NOTE: open_basedir violations are not supported
 CVE-2006-1493 (Cross-site scripting (XSS) vulnerability in dir.php in Explorer XP ...)
 	NOT-FOR-US: Explorer XP
 CVE-2006-1492 (Directory traversal vulnerability in dir.php in Explorer XP allows ...)
@@ -10168,9 +10167,9 @@
 CVE-2006-0997 (The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and ...)
 	NOT-FOR-US: Novell
 CVE-2006-0996 (Cross-site scripting (XSS) vulnerability in phpinfo (info.c) in PHP ...)
-	- php4 4:4.4.4-1 (bug #361853; low)
-	- php5 5.1.4-0.1 (bug #361914)
-	[sarge] - php4 <no-dsa> (not worth an update)
+	- php4 4:4.4.4-1 (bug #361853; unimportant)
+	- php5 5.1.4-0.1 (bug #361914; unimportant)
+	NOTE: Non-issue, explicit debug feature
 CVE-2006-0995 (EMC Dantz Retrospect 7 backup client 7.0.107, and other versions ...)
 	NOT-FOR-US: EMC Dantz Retrospect
 CVE-2006-0994 (Multiple Sophos Anti-Virus products, including Anti-Virus for Windows ...)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2006-10-22 20:18:02 UTC (rev 4869)
+++ data/DSA/list	2006-10-23 20:00:27 UTC (rev 4870)
@@ -1,3 +1,12 @@
+[22 Oct 2006] DSA-1197-1 python2.4
+	{CVE-2006-4980}
+	[sarge] - python2.4 2.4.1-2sarge1
+[19 Oct 2006] DSA-1196-1 clamav
+	{CVE-2006-4182 CVE-2006-5295}
+	[sarge] - clamav 0.84-2.sarge.11
+[19 Oct 2006] DSA-1196-1 clamav
+	{CVE-2006-4182 CVE-2006-5295}
+	[sarge] - clamav 0.84-2.sarge.11
 [10 Oct 2006] DSA-1195-1 openssl096
 	{CVE-2006-2940 CVE-2006-3738 CVE-2006-4343}
 	[sarge] - openssl096 0.9.6m-1sarge4

More information about the Secure-testing-commits mailing list