[Secure-testing-commits] r4778 - data/CVE

Stefan Fritsch stef-guest at costa.debian.org
Thu Sep 28 19:15:27 UTC 2006 

Author: stef-guest
Date: 2006-09-28 19:15:26 +0000 (Thu, 28 Sep 2006)
New Revision: 4778

Modified:
   data/CVE/list
Log:
CVE-2006-2937, -2940, -3738, -4343: new openssl issues (medium?)



Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-09-28 17:32:38 UTC (rev 4777)
+++ data/CVE/list	2006-09-28 19:15:26 UTC (rev 4778)
@@ -297,7 +297,7 @@
 CVE-2006-4925
 	RESERVED
 CVE-2006-4924 (sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, ...)
-	- openssh <unfixed> (low)
+	- openssh <unfixed> (low; bug filed)
 CVE-2006-4923 (Cross-site scripting (XSS) vulnerability in search.php in eSyndiCat ...)
 	NOT-FOR-US: eSyndiCat Portal System
 CVE-2006-4922 (Unrestricted file upload vulnerability in ...)
@@ -1575,8 +1575,11 @@
 	- asterisk 1:1.2.11.dfsg-1 (medium; bug #385060)
 CVE-2006-4344 (CRLF injection vulnerability in CGI-Rescue Mail F/W System (formd) ...)
 	NOT-FOR-US: CGI-Rescue Mail F/W System
-CVE-2006-4343
+CVE-2006-4343 [openssl sslv2 client crash]
 	RESERVED
+	- openssl 0.9.8c-2
+	- openssl097 0.9.7k-2
+	- openssl096 <unfixed>
 CVE-2006-4342
 	RESERVED
 CVE-2006-4341
@@ -2993,8 +2996,11 @@
 CVE-2006-3739 (Integer overflow in the CIDAFM function in X.Org 6.8.2 and XFree86 X ...)
 	- xfree86 <removed>
 	- libxfont 1:1.2.2-1
-CVE-2006-3738
+CVE-2006-3738 [openssl buffer overflow]
 	RESERVED
+	- openssl 0.9.8c-2
+	- openssl097 0.9.7k-2
+	- openssl096 <unfixed>
 CVE-2006-XXXX [htdig: several unspecified security problems]
 	- htdig 1:3.2.0b6-1
 CVE-2006-XXXX [ldap account manager sets trivial password instead of disabling it]
@@ -4715,14 +4721,20 @@
 	- twiki <not-affected> (Debian's version is old and does not include affected file)
 CVE-2006-2941 (Mailman before 2.1.9rc1 allows remote attackers to cause a denial of ...)
 	- mailman 1:2.1.8-3
-CVE-2006-2940
+CVE-2006-2940 [openssl DoS]
 	RESERVED
+	- openssl 0.9.8c-2
+	- openssl097 0.9.7k-2
+	- openssl096 <unfixed>
 CVE-2006-2939
 	RESERVED
 CVE-2006-2938
 	RESERVED
-CVE-2006-2937
+CVE-2006-2937 [openssl DoS]
 	RESERVED
+	- openssl 0.9.8c-2
+	- openssl097 0.9.7k-2
+	- openssl096 <not-affected>
 CVE-2006-2936 (The ftdi_sio driver (usb/serial/ftdi_sio.c) in Linux kernel 2.6.x up ...)
 	- linux-2.6 2.6.17-5 (low)
 CVE-2006-2935 (The dvd_read_bca function in the DVD handling code in ...)

More information about the Secure-testing-commits mailing list