[Secure-testing-commits] r4886 - data/CVE
Moritz Muehlenhoff
jmm-guest at costa.debian.org
Thu Oct 26 17:03:48 UTC 2006
Author: jmm-guest
Date: 2006-10-26 17:03:46 +0000 (Thu, 26 Oct 2006)
New Revision: 4886
Modified:
data/CVE/list
Log:
postgres dos unimportant
correct linux-2.6 fixed version
no-dsa for armagetron issues
imagemagick unimportant
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-10-25 18:28:34 UTC (rev 4885)
+++ data/CVE/list 2006-10-26 17:03:46 UTC (rev 4886)
@@ -1,9 +1,11 @@
CVE-2006-XXXX [diffmon information leakage]
- diffmon 20020222-2.2 (bug #382132)
CVE-2006-XXXX [postgres DoSs]
- - postgresql-7.4 1:7.4.14-1
- - postgresql-8.1 8.1.5-1
- [sarge] - postgresql <unfixed> (low)
+ - postgresql-7.4 1:7.4.14-1 (unimportant)
+ - postgresql-8.1 8.1.5-1 (unimportant)
+ [sarge] - postgresql <unfixed> (unimportant)
+ NOTE: All crashes can only be triggered by authenticated users, these are not
+ NOTE: treated as vulnerabilities.
CVE-2006-XXXX [serendipity XSS for registered authors]
- serendipity 1.0.2-1 (low)
CVE-2006-XXXX [drupal XSS and XSRF http://secunia.com/advisories/22486/]
@@ -641,7 +643,7 @@
TODO: check again later
NOTE: might or might not be a real firefox issue, probably low impact
CVE-2006-5158 (The nlmclnt_mark_reclaim in clntlock.c in NFS lockd in Linux kernel ...)
- - linux-2.6 2.6.15
+ - linux-2.6 2.6.16
CVE-2006-5157 (Format string vulnerability in the ActiveX control (ATXCONSOLE.OCX) in ...)
NOT-FOR-US: TrendMicro OfficeScan
CVE-2006-5156 (Buffer overflow in McAfee ePolicy Orchestrator before 3.5.0.720 and ...)
@@ -4014,9 +4016,11 @@
CVE-2006-3674 (nNetObject.cpp in Armagetron Advanced 2.8.2 and earlier allows remote ...)
- armagetron <unfixed> (bug #379062; low)
[sarge] - armagetron <no-dsa> (Minor game DoS)
+ [etch] - armagetron <no-dsa> (Minor game DoS)
CVE-2006-3673 (nNetObject.cpp in Armagetron Advanced 2.8.2 and earlier allows remote ...)
- armagetron <unfixed> (bug #379062; low)
[sarge] - armagetron <no-dsa> (Minor game DoS)
+ [etch] - armagetron <no-dsa> (Minor game DoS)
CVE-2006-3672 (KDE Konqueror 3.5.1 and earlier allows remote attackers to cause a ...)
- kdelibs 4:3.5.4-1 (bug #378962; low)
[sarge] - kdelibs <not-affected> (Doesn't trigger a crash on Sarge)
@@ -27295,8 +27299,9 @@
CVE-2005-0407 (Cross-site scripting (XSS) vulnerability in Openconf 1.04, and ...)
NOT-FOR-US: Openconf
CVE-2005-0406 (A design flaw in image processing software that modifies JPEG images ...)
- TODO: check all softwares that modifies JPEG images in Debian...
- - imagemagick <unfixed> (bug #298051; low)
+ - imagemagick <unfixed> (bug #298051; unimportant)
+ NOTE: <Maulkin> The EXIF spec says "if your app can't handle $foo, don't touch $foo"
+ NOTE: <Piet> 'convert -strip' will remove exif data according to http://www.imagemagick.org/pipermail/magick-users/2006-May/017538.html
CVE-2005-0405
RESERVED
CVE-2005-0404 (KMail 1.7.1 in KDE 3.3.2 allows remote attackers to spoof email ...)
@@ -27401,7 +27406,7 @@
CVE-2005-0371 (Armagetron 0.2.6.0 and earlier and Armagetron Advanced 0.2.7.0 and ...)
- armagetron <unfixed> (bug #296840; low)
[sarge] - armagetron <no-dsa> (Remaining vulnerabilities are minor)
- NOTE: Woody still affected
+ [etch] - armagetron <no-dsa> (Remaining vulnerabilities are minor)
CVE-2005-0370 (Armagetron 0.2.6.0 and earlier and Armagetron Advanced 0.2.7.0 and ...)
- armagetron 0.2.7.0-1
NOTE: Sarge has this version number, but oldstable is affected
More information about the Secure-testing-commits
mailing list