[Secure-testing-commits] r4725 - data/CVE

Stefan Fritsch stef-guest at costa.debian.org
Wed Sep 13 19:28:56 UTC 2006 

Author: stef-guest
Date: 2006-09-13 19:28:55 +0000 (Wed, 13 Sep 2006)
New Revision: 4725

Modified:
   data/CVE/list
Log:
- CVE-2006-3739/3740 new libxfont issues fixed
- CVE-2004-1617 lynx fix from DSA uploaded to unstable (are these still
  not propagating automatically?)
- CVE-2006-3467 freetype fixed (previous entry was wrong)
- GNUTLS-SA-2006-4 gnutls13 fixed
- CVE-2006-4243 new linux vserver issue fixed


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-09-13 09:14:40 UTC (rev 4724)
+++ data/CVE/list	2006-09-13 19:28:55 UTC (rev 4725)
@@ -221,7 +221,7 @@
 CVE-2006-XXXX [gnutls signature forgery]
 	NOTE: GNUTLS-SA-2006-4
 	NOTE: fix for gnutls13 reverted in 1.4.3-2
-	- gnutls13 <unfixed> (medium)
+	- gnutls13 1.4.4-1 (medium)
 	- gnutls12 <unfixed> (medium)
 	- gnutls11 <unfixed> (medium)
 CVE-2006-XXXX [gnutls Adaptive Chosen Ciphertext Attack]
@@ -1059,8 +1059,9 @@
 	RESERVED
 CVE-2006-4244 (Unspecified vulnerability in unspecified versions of SQL-Ledger, ...)
 	- sql-ledger 2.6.18-1 (medium; bug #386519)
-CVE-2006-4243
+CVE-2006-4243 [linux vserver priviledge escalation in remount code]
 	RESERVED
+	- linux-2.6 2.6.17-9
 CVE-2006-4242 (PHP remote file inclusion vulnerability in install.jim.php in the JIM ...)
 	NOT-FOR-US: JIM component for Joomla or Mambo
 CVE-2006-4241 (PHP remote file inclusion vulnerability in processor/reporter.sql.php ...)
@@ -2236,10 +2237,14 @@
 	TODO: check
 CVE-2006-3741
 	RESERVED
-CVE-2006-3740
+CVE-2006-3740 [libxfont CID integer overflows: scan_cidfont()]
 	RESERVED
-CVE-2006-3739
+	- xfree86 <removed>
+	- libxfont 1:1.2.2-1
+CVE-2006-3739 [libxfont CID integer overflows: CIDAFM()]
 	RESERVED
+	- xfree86 <removed>
+	- libxfont 1:1.2.2-1
 CVE-2006-3738
 	RESERVED
 CVE-2006-XXXX [htdig: several unspecified security problems]
@@ -2824,7 +2829,7 @@
 CVE-2006-3468 (Linux kernel 2.6.x, when using both NFS and EXT3, allows remote ...)
 	- linux-2.6 <unfixed>
 CVE-2006-3467 (Integer overflow in FreeType before 2.2 allows remote attackers to ...)
-	- freetype 2.2.1-1 (bug #379920; medium)
+	- freetype 2.2.1-5 (bug #379920; medium)
 	- libxfont 1:1.2.0-2 (medium; bug #383353)
 	[sarge] - xfree86 <unfixed> (medium)
 CVE-2006-3466
@@ -25189,7 +25194,7 @@
 	NOT-FOR-US: Tonecast
 CVE-2004-1617 (Lynx and lynx-ssl allow remote attackers to cause a denial of service ...)
 	{DSA-1077-1 DSA-1076-1}
-	- lynx 2.8.5-2sarge2 (bug #296340; low)
+	- lynx 2.8.5-2sarge1.2 (bug #296340; low)
 	- lynx-cur 2.8.6-6 (low)
 	- lynx-ssl <removed>
 CVE-2004-1616 (Links allows remote attackers to cause a denial of service (memory ...)

More information about the Secure-testing-commits mailing list