[Secure-testing-commits] r4748 - data/CVE

Moritz Muehlenhoff jmm-guest at costa.debian.org
Wed Sep 20 17:53:15 UTC 2006 

Author: jmm-guest
Date: 2006-09-20 17:53:13 +0000 (Wed, 20 Sep 2006)
New Revision: 4748

Modified:
   data/CVE/list
Log:
no-dsa and unimportant issues, bugnums


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-09-20 09:14:23 UTC (rev 4747)
+++ data/CVE/list	2006-09-20 17:53:13 UTC (rev 4748)
@@ -988,13 +988,15 @@
 CVE-2006-4448 (Multiple PHP remote file inclusion vulnerabilities in interact 2.2, ...)
 	NOT-FOR-US: interact
 CVE-2006-4447 (X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, ...)
-	- xbase-clients 1:7.1.ds-2
-	- xtrans 1.0.0-6
-	- xorg-server 1:1.0.2-9
-	- libx11 2:1.0.0-7
-	- xdm 1:1.0.5-1
-	- xterm <unfixed>
-	[sarge] - xfree86 <unfixed>
+	- xbase-clients 1:7.1.ds-2 (unimportant)
+	- xtrans 1.0.0-6 (unimportant)
+	- xorg-server 1:1.0.2-9 (low)
+	- libx11 2:1.0.0-7 (unimportant)
+	- xdm 1:1.0.5-1 (unimportant)
+	- xterm <unfixed> (unimportant)
+	[sarge] - xfree86 <unfixed> (low)
+	NOTE: The only issue really exploitable is the vtinit issue, all other are nice
+	NOTE: to have, but not security problems
 CVE-2006-4446 (Heap-based buffer overflow in DirectAnimation.PathControl COM object ...)
 	NOT-FOR-US: Microsoft
 CVE-2006-4445 (** DISPUTED ** ...)
@@ -1829,9 +1831,10 @@
 	- graphicsmagick 1.1.7-7 (medium; bug #383333)
 CVE-2006-XXXX [crash in the certificate verification logic]
 	NOTE: GNUTLS-SA-2006-2
-	- gnutls11 <unfixed> (low)
-	- gnutls12 1.2.11-3 (low)
-	- gnutls13 1.4.2-1 (low)
+	- gnutls11 <unfixed> (unimportant)
+	- gnutls12 1.2.11-3 (unimportant)
+	- gnutls13 1.4.2-1 (unimportant)
+	NOTE: Normal bug, no reliable denial of service potential
 CVE-2006-4071 (Sign extension vulnerability in the createBrushIndirect function in ...)
 	NOT-FOR-US: Microsoft
 CVE-2006-4070 (Format string vulnerability in Imendio Planner 0.13 allows ...)
@@ -2963,7 +2966,7 @@
 	NOT-FOR-US: Microsoft Internet Explorer 
 CVE-2006-3626 (Race condition in Linux kernel 2.6.17.4 and earlier allows local users ...)
 	{DSA-1111}
-	- linux-2.6 2.6.17-4 (high)
+	- linux-2.6 2.6.17-4 (bug #378324; high)
 CVE-2006-XXXX [insufficient form variable escaping]
 	- webauth 3.5.2-1
 CVE-2006-3590 (mso.dll, as used by Microsoft PowerPoint 2000 through 2003, allows ...)
@@ -7355,7 +7358,7 @@
 	- slash <unfixed> (medium)
 CVE-2006-XXXX [firebird local DoS]
 	- firebird2 1.5.3.4870-4 (bug #362001)
-	[sarge] - firebird <no-dsa> (Minor issue)
+	[sarge] - firebird2 <no-dsa> (Minor issue)
 CVE-2006-1744 (Buffer overflow in pl_main.c in sail in BSDgames before 2.17-7 allows ...)
 	{DSA-1036-1}
 	- bsdgames 2.17-7 (bug #360989)
@@ -14263,7 +14266,8 @@
 	- courier 0.47-12 (bug #211920; medium)
 CVE-2005-3531 (fusermount in FUSE before 2.4.1, if installed setuid root, allows ...)
 	{DTSA-27-1}
-	- fuse 2.4.1-0.1 (bug #340398; medium)
+	- fuse 2.4.1-0.1 (bug #340398; low)
+	[sarge] - fuse <no-dsa> (Minor local DoS)
 CVE-2005-3530 (Cross-site scripting (XSS) vulnerability in Antville 1.1 allows remote ...)
 	NOT-FOR-US: Antville
 CVE-2005-3529 (tiki-view_forum_thread.php in TikiWiki 1.9.0 through 1.9.2 allows ...)
@@ -23536,7 +23540,7 @@
 	NOT-FOR-US: VHCS
 CVE-2005-1127 (Format string vulnerability in the log function in Net::Server 0.87 ...)
 	{DSA-1122 DSA-1121}
-	- libnet-server-perl 0.89-1
+	- libnet-server-perl 0.89-1 (bug #378640)
 	NOTE: This was already fixed in 0.87-1, although the changelog doesn't mention
 	NOTE: the security implication, which was noticed later. I've verified both fixes
 	NOTE: are identical

More information about the Secure-testing-commits mailing list