[Secure-testing-commits] r5235 - data/CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Wed Jan 10 21:52:05 CET 2007 

Author: jmm-guest
Date: 2007-01-10 21:52:03 +0100 (Wed, 10 Jan 2007)
New Revision: 5235

Modified:
   data/CVE/list
Log:
fix xorg source package name
krb5 issues
bugnums


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-01-10 20:37:50 UTC (rev 5234)
+++ data/CVE/list	2007-01-10 20:52:03 UTC (rev 5235)
@@ -818,7 +818,6 @@
 	NOT-FOR-US: EternalMart Mailing List Manager (EMLM)
 CVE-2006-6749 (Buffer overflow in the parse_expression function in parse_config in ...)
 	- openser 1.1.0-8 (medium; bug #404591)
-	NOTE: OpenPKG-SA-2006.042
 CVE-2006-XXXX [insecure rpath in libflash-mozplugin]
 	- libflash 0.4.13-9 (low; bug #399508)
 	[etch] - libflash <no-dsa> (Not exploitable through directory writable by an unprivileged user)
@@ -1397,7 +1396,7 @@
 	NOT-FOR-US: ColdFusion
 CVE-2006-6481 (Clam AntiVirus (ClamAV) 0.88.6 allows remote attackers to cause a ...)
 	{DSA-1238-1}
-	- clamav 0.88.7-1 (low)
+	- clamav 0.88.7-1 (low; bug #401874)
 CVE-2006-6480 (admin/admin_membre/fiche_membre.php in AnnonceScriptHP 2.0 allows ...)
 	NOT-FOR-US: AnnonceScriptHP
 CVE-2006-6479 (Multiple cross-site scripting (XSS) vulnerabilities in AnnonceScriptHP ...)
@@ -1549,7 +1548,7 @@
 	NOT-FOR-US: F-Prot
 CVE-2006-6406 (Clam AntiVirus (ClamAV) 0.88.6 allows remote attackers to bypass virus ...)
 	{DSA-1238-1}
-	- clamav 0.88.7-1 (medium)
+	- clamav 0.88.7-1 (medium; bug #401873)
 CVE-2006-6405 (BitDefender Mail Protection for SMB 2.0 allows remote attackers to ...)
 	NOT-FOR-US: BitDefender
 CVE-2006-6404
@@ -1824,7 +1823,7 @@
 CVE-2006-6274 (SQL injection vulnerability in articles.asp in Expinion.net iNews (1) ...)
 	NOT-FOR-US: Expinion.net iNews 
 CVE-2006-6302 (fail2ban 0.7.4 and earlier does not properly parse sshd logs file, which ...)
-	- fail2ban <not-affected> (looks fixed in 0.6)
+	- fail2ban <not-affected> (looks fixed in 0.6, see #401793)
 CVE-2006-6301 (DenyHosts 2.5 does not properly parse sshd logs file, which allows remote ...)
 	- denyhosts 2.6-1 (medium; bug #401795)
 CVE-2006-6273 (sp_index.php in Simple PHP Gallery 1.1 allows remote attackers to ...)
@@ -2105,9 +2104,10 @@
 CVE-2006-6145 (CRYPTOCard CRYPTO-Server before 6.4.56 stores LDAP credentials in ...)
 	NOT-FOR-US: CRYPTOCard
 CVE-2006-6144 (The &quot;mechglue&quot; abstraction interface of the GSS-API library for ...)
-	TODO: check
+	- krb5 <not-affected> (Only 1.5 onwards are vulnerable)
 CVE-2006-6143 (The RPC library in Kerberos 5 1.4 through 1.4.4, and 1.5 through ...)
 	- krb5 1.4.4-6
+	[sarge] - krb5 <not-affected>
 CVE-2006-6142 (Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail ...)
 	{DSA-1241-1}
 	- squirrelmail 2:1.4.9a-1
@@ -2201,13 +2201,13 @@
 CVE-2006-6104 (The System.Web class in the XSP for ASP.NET server 1.1 through 2.0 in ...)
 	- mono 1.2.2.1-1 (low)
 CVE-2006-6103 (Integer overflow in the ProcDbeSwapBuffers function in the DBE ...)
-	- xorg 2:1.1.1-15
+	- xorg-server 2:1.1.1-15
 	[sarge] - xfree86 <unfixed>
 CVE-2006-6102 (Integer overflow in the ProcDbeGetVisualInfo function in the DBE ...)
-	- xorg 2:1.1.1-15
+	- xorg-server 2:1.1.1-15
 	[sarge] - xfree86 <unfixed>
 CVE-2006-6101 (Integer overflow in the ProcRenderAddGlyphs function in the Render ...)
-	- xorg 2:1.1.1-15
+	- xorg-server 2:1.1.1-15
 	[sarge] - xfree86 <unfixed>
 CVE-2006-6100
 	RESERVED

More information about the Secure-testing-commits mailing list