[Secure-testing-commits] r5279 - data/CVE
Stefan Fritsch
stef-guest at alioth.debian.org
Tue Jan 16 23:24:23 CET 2007
Author: stef-guest
Date: 2007-01-16 23:24:21 +0100 (Tue, 16 Jan 2007)
New Revision: 5279
Modified:
data/CVE/list
Log:
- some updates from the bts
- includes new issues for udev, yacas, pdns
- squid CVEified
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-01-16 21:17:48 UTC (rev 5278)
+++ data/CVE/list 2007-01-16 22:24:21 UTC (rev 5279)
@@ -1,8 +1,14 @@
-CVE-2007-XXXX [gosa unspecified issue]
+CVE-2007-XXXX [udev wrong permissions on raid devices]
+ - linux-2.6 <unfixed> (bug #404927)
+CVE-2007-XXXX [yacas insecure rpath]
+ - yacas <unfixed> (bug #399226; bug #399227)
+CVE-2007-XXXX [TXT record parsing overflow with special characters]
+ - pdns <unfixed> (bug #406465)
+CVE-2007-XXXX [gosa allows non-priviledged users to change admin password]
- gosa 2.5.8-1 (medium)
NOTE: http://secunia.com/advisories/23749/
-CVE-2007-XXXX [Denial of Service Vulnerabilities]
- - squid <unfixed> (low)
+CVE-2007-0248 [Denial of Service Vulnerabilities]
+ - squid <unfixed> (low) (bug #407202)
TODO: check if version 2.5.9-10sarge2 have comprimised code.
NOTE: reference - http://secunia.com/advisories/23767/
CVE-2007-XXXX [libgtop2 "glibtop_get_proc_map_s()" Buffer Overflow]
@@ -2252,7 +2258,7 @@
NOTE: NOT-FOR-US (Apple Mac OS X)
CVE-2006-6169 (Heap-based buffer overflow in the ask_outfile_name function in ...)
{DSA-1231-1}
- - gnupg 1.4.5-3 (medium)
+ - gnupg 1.4.5-3 (medium; bug #401765)
- gnupg2 2.0.0-5.1 (medium; bug #400777)
CVE-2006-XXXX [several security issues in phpmyadmin]
- phpmyadmin 4:2.9.1.1-1 (bug #399329)
@@ -2611,7 +2617,7 @@
CVE-2006-5970 (Verity Ultraseek before 5.7 allows remote attackers to obtain ...)
NOT-FOR-US: Verity Ultraseek
CVE-2006-5969 (CRLF injection vulnerability in the evalFolderLine function in fvwm ...)
- - fvwm 1:2.5.18-2 (low)
+ - fvwm 1:2.5.18-2 (low; bug #400303)
[sarge] - fvwm <no-dsa> (Minor issue)
CVE-2006-5968 (MDaemon 9.0.5, 9.0.6, 9.51, and 9.53, and possibly other versions, ...)
NOT-FOR-US: MDaemon
@@ -16587,8 +16593,7 @@
- xlockmore 1:5.13-2.1 (bug #309760)
CVE-2006-0061 [xlock segfaults when using libpam-opensc]
RESERVED
- - xlockmore 1:5.13-2.1 (bug #318123; high)
- NOTE: Woody affected only, according to BTS fixed in Sarge.
+ - xlockmore <unfixed> (bug #318123; bug #399003; high)
CVE-2006-0060
RESERVED
CVE-2006-0059 (Heap-based buffer overflow in the ISO Transport Service over TCP (RFC ...)
More information about the Secure-testing-commits
mailing list