[Secure-testing-commits] r18615 - data/CVE

Wed Mar 7 18:20:28 UTC 2012

Author: jmm
Date: 2012-03-07 18:20:27 +0000 (Wed, 07 Mar 2012)
New Revision: 18615

Modified:
   data/CVE/list
Log:
record tremulus/quake 3 fixes


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2012-03-07 18:06:12 UTC (rev 18614)
+++ data/CVE/list	2012-03-07 18:20:27 UTC (rev 18615)
@@ -9441,6 +9441,8 @@
 	NOTE: Current openarena packages use the share ioquake3 engine
 	[squeeze] - openarena <no-dsa> (Minor issue, will be fixed in point update)
 	- ioquake3 1.36+svn1946-4
+	- tremulous 1.1.0-6
+	[squeeze] - tremulous <no-dsa> (Contrib not supported)
 CVE-2011-3011 (BaseServiceImpl.class in CA ARCserve D2D r15 does not properly handle ...)
 	NOT-FOR-US: CA ARCserve D2D
 CVE-2011-3010 (Multiple cross-site scripting (XSS) vulnerabilities in TWiki before ...)
@@ -10368,6 +10370,8 @@
 	NOTE: Current openarena packages use the share ioquake3 engine
 	[squeeze] - openarena 0.8.5-5+squeeze1
 	- ioquake3 1.36+svn1946-4
+	- tremulous 1.1.0-6
+	[squeeze] - tremulous <no-dsa> (Contrib not supported)
 CVE-2011-2763 (The web interface on the LifeSize Room appliance LS_RM1_3.5.3 (11) and ...)
 	NOT-FOR-US: LifeSize Room appliance
 CVE-2011-2762 (The web interface on the LifeSize Room appliance LS_RM1_3.5.3 (11) ...)
@@ -87471,9 +87475,13 @@
 CVE-2006-3326 (Directory traversal vulnerability in QuickZip 3.06.3 allows remote ...)
 	NOT-FOR-US: QuickZip
 CVE-2006-3325 (client/cl_parse.c in the id3 Quake 3 Engine 1.32c and the Icculus ...)
-	NOT-FOR-US: Quake 3
+	- ioquake3 1.36+svn1788j-1
+	- tremulous 1.1.0-6
+	[squeeze] - tremulous <no-dsa> (Contrib not supported)
 CVE-2006-3324 (The Automatic Downloading option in the id3 Quake 3 Engine and the ...)
-	NOT-FOR-US: Quake 3
+	- ioquake3 1.36+svn1788j-1
+	- tremulous 1.1.0-6
+	[squeeze] - tremulous <no-dsa> (Contrib not supported)
 CVE-2006-3323 (PHP remote file inclusion vulnerability in admin/admin.php in MF ...)
 	NOT-FOR-US: MF Piadas
 CVE-2006-3322 (SQL injection vulnerability in includes/functions_logging.php in ...)
@@ -88451,7 +88459,7 @@
 CVE-2006-2876 (Cross-site scripting (XSS) vulnerability in cat.php in PHP Pro Publish ...)
 	NOT-FOR-US: PHP Pro Publish
 CVE-2006-2875 (Stack-based buffer overflow in the CL_ParseDownload function of Quake ...)
-	- tremulous <unfixed> (bug #660830)
+	- tremulous 1.1.0-6 (bug #660827)
 	[squeeze] - tremulous <no-dsa> (Contrib not supported)
 	- ioquake3 1.36+svn1788j-1
 CVE-2006-2874 (Unspecified vulnerability in OSADS Alliance Database before 1.4 has ...)
@@ -89971,7 +89979,7 @@
 	{DSA-1058-1}
 	- awstats 6.5-2 (bug #365909; bug #365910; medium)
 CVE-2006-2236 (Buffer overflow in the Quake 3 Engine, as used by (1) ET 2.60, (2) ...)
-	- tremulous <unfixed> (bug #660827)
+	- tremulous 1.1.0-6 (bug #660827)
 	[squeeze] - tremulous <no-dsa> (Contrib not supported)
 	- ioquake3 1.36+svn1788j-1
 CVE-2006-2235 (CodeMunkyX (aka free-php.net) Simple Poll 1.0, when authentication is ...)
@@ -90330,7 +90338,9 @@
 	[sarge] - rsync <not-affected> (xattr patch appeared in 2.6.7)
 	[woody] - rsync <not-affected> (xattr patch appeared in 2.6.7)
 CVE-2006-2082 (Directory traversal vulnerability in Quake 3 engine, as used in ...)
-	NOT-FOR-US: Quake 3
+	- ioquake3 1.36+svn1788j-1
+	- tremulous 1.1.0-6
+	[squeeze] - tremulous <no-dsa> (Contrib not supported)
 CVE-2006-2081 (Oracle Database Server 10g Release 2 allows local users to execute ...)
 	NOT-FOR-US: Oracle
 CVE-2006-2080 (SQL injection vulnerability in portfolio_photo_popup.php in Verosky ...)


