[Secure-testing-commits] r4751 - in data: CVE DSA

Moritz Muehlenhoff jmm-guest at costa.debian.org
Thu Sep 21 17:26:04 UTC 2006 

Author: jmm-guest
Date: 2006-09-21 17:26:03 +0000 (Thu, 21 Sep 2006)
New Revision: 4751

Modified:
   data/CVE/list
   data/DSA/list
Log:
new dsas
more sarge issues checked


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-09-21 09:14:32 UTC (rev 4750)
+++ data/CVE/list	2006-09-21 17:26:03 UTC (rev 4751)
@@ -579,7 +579,7 @@
 	TODO: check
 CVE-2006-4640 (Unspecified vulnerability in Adobe Flash Player before 9.0.16.0 allows ...)
 	- flashplugin-nonfree 7.0.68.0.1
-	[sarge] - flashplugin-non-free <no-dsa> (Contrib not supported)
+	[sarge] - flashplugin-nonfree <no-dsa> (Contrib not supported)
 CVE-2006-4639 (Multiple PHP remote file inclusion vulnerabilities in C-News.fr C-News ...)
 	TODO: check
 CVE-2006-4638 (PHP remote file inclusion vulnerability in article.php in ACGV News ...)
@@ -3025,10 +3025,10 @@
 	NOT-FOR-US: VMware
 CVE-2006-3588 (Unspecified vulnerability in Adobe (Macromedia) Flash Player 8.0.24.0 ...)
 	- flashplugin-nonfree 7.0.68.0.1
-	[sarge] - flashplugin-non-free <no-dsa> (Contrib not supported)
+	[sarge] - flashplugin-nonfree <no-dsa> (Contrib not supported)
 CVE-2006-3587 (Unspecified vulnerability in Adobe (Macromedia) Flash Player 8.0.24.0 ...)
 	- flashplugin-nonfree 7.0.68.0.1
-	[sarge] - flashplugin-non-free <no-dsa> (Contrib not supported)
+	[sarge] - flashplugin-nonfree <no-dsa> (Contrib not supported)
 CVE-2006-3586 (SQL injection vulnerability in Jetbox CMS 2.1 SR1 allows remote ...)
 	NOT-FOR-US: Jetbox CMS
 CVE-2006-3585 (Multiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS 2.1 ...)
@@ -3616,7 +3616,7 @@
 	NOT-FOR-US: QaTraq
 CVE-2006-3311 (Buffer overflow in Adobe Flash Player 8.0.24.0 and earlier, Flash ...)
 	- flashplugin-nonfree 7.0.68.0.1
-	[sarge] - flashplugin-non-free <no-dsa> (Contrib not supported)
+	[sarge] - flashplugin-nonfree <no-dsa> (Contrib not supported)
 CVE-2006-3310
 	RESERVED
 CVE-2006-3309 (SQL injection vulnerability in SPT--ForumTopics.php in Scout Portal ...)
@@ -10760,8 +10760,8 @@
 CVE-2006-0333 (Cross-site scripting (XSS) vulnerability in ar-blog 5.2 allows remote ...)
 	NOT-FOR-US: ar-blog
 CVE-2006-0332 (Pantomime in Ecartis 1.0.0 snapshot 20050909 stores e-mail attachments ...)
-	- ecartis 1.0.0+cvs.20030911-11 (medium; bug #348824)
-	NOTE: Sarge and Woody are affected
+	- ecartis 1.0.0+cvs.20030911-11 (low; bug #348824)
+	[sarge] - ecartis <no-dsa> (No real fix available, only rare setups affected, minor exploit potential)
 CVE-2006-0331 (Buffer overflow in Change passwd 3.1 (chpasswd) SquirrelMail plugin ...)
 	NOT-FOR-US: Squirrelmail plugin 
 CVE-2006-0330 (Cross-site scripting (XSS) vulnerability in Gallery before 1.5.2 ...)
@@ -16077,9 +16077,6 @@
 	- kdebase <unfixed> (bug #325369; unimportant)
 	NOTE: Only affects the unofficial BSD/Hurd ports or 2.2 kernels
 	NOTE: on Linux urandom should provide sufficient entropy
-CVE-2005-XXXX [imview: Possible buffer overflow with FITS images]
-	- imview <unfixed> (bug #326971; unknown)
-	TODO: Needs further evaluation
 CVE-2005-3753 (Linux kernel before after 2.6.12 and before 2.6.13.1 might allow ...)
 	- linux-2.6 2.6.12-7 (low)
 CVE-2005-3043 (SQL injection vulnerability in AddItem.asp in Mall23 eCommerce allows ...)
@@ -17030,7 +17027,7 @@
 CVE-2005-XXXX [cplay - still unsafe temporary file handling vulnerable to symlink attacks]
 	- cplay 1.49-8 (bug #324913; low)
 	[woody] - cplay <not-affected> (CPLAY_TMP doesn't exist in this version)
-	NOTE: Sarge is affected
+	[sarge] - cplay <no-dsa> (Hardly exploitable)
 CVE-2005-2672 (pwmconfig in LM_sensors before 2.9.1 creates temporary files ...)
 	{DSA-814-1 DTSA-17-1}
 	- lm-sensors 1:2.9.1-7 (bug #324193; medium)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2006-09-21 09:14:32 UTC (rev 4750)
+++ data/DSA/list	2006-09-21 17:26:03 UTC (rev 4751)
@@ -1,3 +1,15 @@
+[19 Sep 2006] DSA-1781-1 gzip
+	{CVE-2006-4334 CVE-2006-4335 CVE-2006-4336 CVE-2006-4337 CVE-2006-4338}
+	[sarge] - gzip 1.3.5-10sarge2
+[19 Sep 2006] DSA-1780-1 bomberclone
+	{CVE-2006-4005 CVE-2006-4006}
+	[sarge] - bomberclone 0.11.5-1sarge2
+[19 Sep 2006] DSA-1779-1 alsaplayer
+	{CVE-2006-4089}
+	[sarge] - alsaplayer 0.99.76-0.3sarge1
+[16 Sep 2006] DSA-1779-1 alsaplayer
+	{CVE-2006-4089}
+	[sarge] - alsaplayer 0.99.76-0.3sarge1
 [16 Sep 2006] DSA-1778-1 freetype
 	{CVE-2006-3467}
 	[sarge] - freetype 2.1.7-6

More information about the Secure-testing-commits mailing list