[Git][security-tracker-team/security-tracker][master] Review first batch of DSA suffixes from 2006

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sun Aug 3 18:12:46 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
34ca1383 by Salvatore Bonaccorso at 2025-08-03T19:11:54+02:00
Review first batch of DSA suffixes from 2006

While at it remove as well one left-over no-dsa tagged entry which was
included in the DSA for texinfo (DSA-1219-1).

Thanks: Utkarsh Gupta
Link: https://salsa.debian.org/security-tracker-team/security-tracker/-/merge_requests/224

- - - - -


2 changed files:

- data/CVE/list
- data/DSA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -827300,7 +827300,7 @@ CVE-2006-6172 (Buffer overflow in the asmrp_eval function in the RealMedia RTSP
 	- xine-lib 1.1.2+dfsg-2 (medium; bug #401740)
 	- mplayer 1.0~rc1-11 (medium)
 CVE-2006-6171 (ProFTPD 1.3.0a and earlier does not properly set the buffer size limit ...)
-	{DSA-1218}
+	{DSA-1218-1}
 	- proftpd-dfsg 1.3.0-13 (low; bug #399070)
 CVE-2006-6170 (Buffer overflow in the tls_x509_name_oneline function in the mod_tls m ...)
 	{DSA-1222-1}
@@ -827669,7 +827669,7 @@ CVE-2006-6010 (SAP allows remote attackers to obtain potentially sensitive infor
 CVE-2006-6009 (Unspecified vulnerability in the Java Runtime Environment (JRE) Swing  ...)
 	- sun-java5 1.5.0-08-1
 CVE-2006-6008 (ftpd in Linux Netkit (linux-ftpd) 0.17, and possibly other versions, d ...)
-	{DSA-1217}
+	{DSA-1217-1}
 	- linux-ftpd 0.17-23
 CVE-2006-6007 (save_profile.asp in WebEvents (Online Event Registration Template) 2.0 ...)
 	NOT-FOR-US: WebEvents (Online Event Registration Template)
@@ -827965,13 +827965,13 @@ CVE-2006-5872 (login.pl in SQL-Ledger before 2.6.21 and LedgerSMB before 1.1.5 a
 	{DSA-1239-1}
 	- sql-ledger 2.6.21-1
 CVE-2006-5871 (smbfs in Linux kernel 2.6.8 and other versions, and 2.4.x before 2.4.3 ...)
-	{DSA-1237-1 DSA-1233}
+	{DSA-1237-1 DSA-1233-1}
 	- linux-2.6 <not-affected> (Current Linux versions already implement intended behaviour)
 CVE-2006-5870 (Multiple integer overflows in OpenOffice.org (OOo) 2.0.4 and earlier,  ...)
 	{DSA-1246-1}
 	- openoffice.org 2.0.4-1 (medium; bug #405986; bug #405679)
 CVE-2006-5869 (pstotext before 1.9 allows user-assisted attackers to execute arbitrar ...)
-	{DSA-1220}
+	{DSA-1220-1}
 	- pstotext 1.9-4 (bug #356988; medium)
 CVE-2006-5868 (Multiple buffer overflows in Imagemagick 6.0 before 6.0.6.2, and 6.2 b ...)
 	{DSA-1213}
@@ -828231,7 +828231,7 @@ CVE-2006-5752 (Cross-site scripting (XSS) vulnerability in mod_status.c in the m
 	- apache <removed> (low)
 	[etch] - apache 1.3.34-4.1+etch1
 CVE-2006-5751 (Integer overflow in the get_fdb_entries function in net/bridge/br_ioct ...)
-	{DSA-1233}
+	{DSA-1233-1}
 	- linux-2.6 2.6.18-8 (medium)
 CVE-2006-5750 (Directory traversal vulnerability in the DeploymentFileRepository clas ...)
 	NOT-FOR-US: JBoss
@@ -828460,7 +828460,7 @@ CVE-2006-5651 (list.php in DigiOz Guestbook before 1.7.1 allows remote attackers
 CVE-2006-5650 (The ICQPhone.SipxPhoneManager ActiveX control in America Online ICQ 5. ...)
 	NOT-FOR-US: ICQPhone.SipxPhoneManager
 CVE-2006-5649 (Unspecified vulnerability in the "alignment check exception handling"  ...)
-	{DSA-1237-1 DSA-1233}
+	{DSA-1237-1 DSA-1233-1}
 	- linux-2.6 2.6.18-4
 CVE-2006-5648 (Ubuntu Linux 6.10 for the PowerPC (PPC) allows local users to cause a  ...)
 	- linux-2.6 2.6.18-1 (low)
@@ -828528,7 +828528,7 @@ CVE-2006-5621 (PHP remote file inclusion vulnerability in end.php in ask_rave 0.
 CVE-2006-5620 (PHP remote file inclusion vulnerability in include/menu_builder.php in ...)
 	NOT-FOR-US: MiniBILL
 CVE-2006-5619 (The seqfile handling (ip6fl_get_n function in ip6_flowlabel.c) in Linu ...)
-	{DSA-1233}
+	{DSA-1233-1}
 	- linux-2.6 2.6.18-4 (low)
 CVE-2006-5618 (Directory traversal vulnerability in script/cat_for_aff.php in Netref  ...)
 	NOT-FOR-US: Netref
@@ -829508,7 +829508,7 @@ CVE-2006-5176 (Buffer overflow in NTLM authentication in MailEnable Professional
 CVE-2006-5175 (Cross-site request forgery (CSRF) vulnerability in the administrative  ...)
 	NOT-FOR-US: TeraStation HD-HTGL
 CVE-2006-5174 (The copy_from_user function in the uaccess code in Linux kernel 2.6 be ...)
-	{DSA-1237-1 DSA-1233}
+	{DSA-1237-1 DSA-1233-1}
 	- linux-2.6 2.6.18-5
 	NOTE: s390 only, fix in 2.6.18-3 was reverted in 2.6.18-4
 CVE-2006-5173 (Linux kernel does not properly save or restore EFLAGS during a context ...)
@@ -829888,7 +829888,7 @@ CVE-2006-4999
 CVE-2006-4998
 	RESERVED
 CVE-2006-4997 (The clip_mkip function in net/atm/clip.c of the ATM subsystem in Linux ...)
-	{DSA-1237-1 DSA-1233}
+	{DSA-1237-1 DSA-1233-1}
 	- linux-2.6 2.6.18-1
 CVE-2006-4996 (Unspecified vulnerability in JoomlaLib (com_joomlalib) before 1.2.2 fo ...)
 	NOT-FOR-US: JoomlaLib (com_joomlalib) for Joomla!
@@ -830286,7 +830286,7 @@ CVE-2006-4814 (The mincore function in the Linux kernel before 2.4.33.6 does not
 	- linux-2.6 2.6.18.dfsg.1-9 (low)
 	- kernel-patch-openvz 028.18.1
 CVE-2006-4813 (The __block_prepare_write function in fs/buffer.c for Linux kernel 2.6 ...)
-	{DSA-1233}
+	{DSA-1233-1}
 	- linux-2.6 2.6.13-1
 CVE-2006-4812 (Integer overflow in PHP 5 up to 5.1.6 and 4 before 4.3.0 allows remote ...)
 	- php4 <not-affected>
@@ -830296,7 +830296,7 @@ CVE-2006-4811 (Integer overflow in Qt 3.3 before 3.3.7, 4.1 before 4.1.5, and 4.
 	- qt-x11-free 3:3.3.7-1 (bug #394192; bug #394313)
 	- qt4-x11 4.2.1-1 (bug #394192)
 CVE-2006-4810 (Buffer overflow in the readline function in util/texindex.c, as used b ...)
-	{DSA-1219}
+	{DSA-1219-1}
 	- texinfo 4.8.dfsg.1-4
 CVE-2006-4809 (Stack-based buffer overflow in loader_pnm.c in imlib2 before 1.2.1, an ...)
 	- imlib2 1.3.0.0debian1-3 (medium; bug #397371)
@@ -830318,7 +830318,7 @@ CVE-2006-4802 (Format string vulnerability in the Real Time Virus Scan service i
 CVE-2006-4801 (Race condition in Deja Vu, as used in Roxio Toast Titanium 7 and possi ...)
 	NOT-FOR-US: Roxio Toast
 CVE-2006-4800 (Multiple buffer overflows in libavcodec in ffmpeg before 0.4.9_p200605 ...)
-	{DSA-1215}
+	{DSA-1215-1}
 	- ffmpeg 0.cvs20060329-1
 	- xmovie <removed>
 	- xine-lib 1.1.2-1
@@ -830327,7 +830327,7 @@ CVE-2006-4800 (Multiple buffer overflows in libavcodec in ffmpeg before 0.4.9_p2
 	- mplayer 1.0~rc1-1
 	NOTE: according to the changelog, libxine (starting from 1.1.2-4) links dynamically against ffmpeg
 CVE-2006-4799 (Buffer overflow in ffmpeg for xine-lib before 1.1.2 might allow contex ...)
-	{DSA-1215}
+	{DSA-1215-1}
 	- xine-lib 1.1.2-1 (bug #369876; medium)
 	NOTE: according to the changelog, libxine (starting from 1.1.2-4) links dynamically against ffmpeg
 CVE-2006-4798 (SQL-Ledger before 2.4.4 stores a password in a query string, which mig ...)
@@ -830345,7 +830345,7 @@ CVE-2006-4793 (Multiple SQL injection vulnerabilities in icerik.asp in TualBLOG
 CVE-2004-2665 (Unspecified vulnerability in the Address and Routing Parameter Area (A ...)
 	NOT-FOR-US: HP-UX
 CVE-2006-5778 (ftpd in linux-ftpd 0.17, and possibly other versions, performs a chdir ...)
-	{DSA-1217}
+	{DSA-1217-1}
 	- linux-ftpd 0.17-23 (low; bug #384454)
 CVE-2006-XXXX [ejabberd HTML code injection]
 	- ejabberd 1.1.1-8
@@ -830928,7 +830928,7 @@ CVE-2006-4540 (Cross-site scripting (XSS) vulnerability in learncenter.asp in Le
 CVE-2006-4539 ((1) includes/widgets/module_company_tickets.php and (2) includes/widge ...)
 	NOT-FOR-US: Cerberus Helpdesk
 CVE-2006-4538 (Linux kernel 2.6.17 and earlier, when running on IA64 or SPARC platfor ...)
-	{DSA-1237-1 DSA-1233}
+	{DSA-1237-1 DSA-1233-1}
 	- linux-2.6 2.6.17-9
 CVE-2006-4537 (NET$SESSION_CONTROL.EXE in DECnet-Plus in OpenVMS ALPHA 7.3-2 and Alph ...)
 	NOT-FOR-US: OpenVMS
@@ -832828,7 +832828,7 @@ CVE-2006-3742 (The KDE PAM configuration shipped with Fedora Core 5 causes KDM p
 	- kdebase <not-affected>
 	NOTE: only in Fedora
 CVE-2006-3741 (The perfmonctl system call (sys_perfmonctl) in Linux kernel 2.4.x and  ...)
-	{DSA-1233}
+	{DSA-1233-1}
 	- linux-2.6 2.6.18-1
 CVE-2006-3740 (Integer overflow in the scan_cidfont function in X.Org 6.8.2 and XFree ...)
 	{DSA-1193-1}
@@ -835991,7 +835991,7 @@ CVE-2005-4803 (graphviz before 2.2.1 allows local users to overwrite arbitrary f
 	{DSA-857-1}
 	- graphviz 2.2.1-1sarge1 (bug #336985; low)
 CVE-2005-4802 (Flexbackup 1.2.1 and earlier allows local users to overwrite files and ...)
-	{DSA-1216}
+	{DSA-1216-1}
 	- flexbackup 1.2.1-3 (bug #334350; low)
 CVE-2005-4801 (Multiple cross-site request forgery (CSRF) vulnerabilities in Yet Anot ...)
 	NOT-FOR-US: YaPIG
@@ -846452,9 +846452,8 @@ CVE-2005-3013 (Buffer overflow in liby2util in Yet another Setup Tool (YaST) for
 CVE-2005-3012 (The MasterDataCD::createImage function in masterdatacd.cpp for SimpleC ...)
 	NOT-FOR-US: SimpleCDR-X
 CVE-2005-3011 (The sort_offline function for texindex in texinfo 4.8 and earlier allo ...)
-	{DSA-1219}
+	{DSA-1219-1}
 	- texinfo 4.8-1 (bug #328365; low)
-	[sarge] - texinfo <no-dsa> (Minor issue, hardly exploitable)
 CVE-2005-3010 (Direct static code injection vulnerability in the flood protection fea ...)
 	NOT-FOR-US: CuteNews
 CVE-2005-3009 (Cross-site scripting (XSS) vulnerability in CuteNews allows remote att ...)


=====================================
data/DSA/list
=====================================
@@ -16136,7 +16136,7 @@
 [13 Dec 2006] DSA-1234-1 ruby1.6
 	{CVE-2006-5467}
 	[sarge] - ruby1.6 1.6.8-12sarge3
-[10 Dec 2006] DSA-1233 kernel-source-2.6.8 - several
+[10 Dec 2006] DSA-1233-1 kernel-source-2.6.8 - several
         {CVE-2006-3741 CVE-2006-4538 CVE-2006-4813 CVE-2006-4997 CVE-2006-5174 CVE-2006-5619 CVE-2006-5649 CVE-2006-5751 CVE-2006-5871}
         [sarge] - kernel-source-2.6.8 2.6.8-16sarge6
 [09 Dec 2006] DSA-1232-1 clamav
@@ -16175,22 +16175,22 @@
 [30 Nov 2006] DSA-1221-1 libgsf
 	{CVE-2006-4514}
 	[sarge] - libgsf 1.11.1-1sarge1
-[27 Nov 2006] DSA-1220 pstotext
+[27 Nov 2006] DSA-1220-1 pstotext
 	{CVE-2006-5869}
 	[sarge] - pstotext 1.9-1sarge2
-[27 Nov 2006] DSA-1219 texinfo
+[27 Nov 2006] DSA-1219-1 texinfo
 	{CVE-2005-3011 CVE-2006-4810}
 	[sarge] - texinfo 4.7-2.2sarge2
-[21 Nov 2006] DSA-1218 proftpd
+[21 Nov 2006] DSA-1218-1 proftpd
 	{CVE-2006-6171}
 	[sarge] - proftpd 1.2.10-15sarge2
-[20 Nov 2006] DSA-1217 linux-ftpd
+[20 Nov 2006] DSA-1217-1 linux-ftpd
 	{CVE-2006-5778 CVE-2006-6008}
 	[sarge] - linux-ftpd 0.17-20sarge2
-[20 Nov 2006] DSA-1216 flexbackup
+[20 Nov 2006] DSA-1216-1 flexbackup
 	{CVE-2005-4802}
 	[sarge] - flexbackup 1.2.1-2sarge1
-[20 Nov 2006] DSA-1215 xine-lib
+[20 Nov 2006] DSA-1215-1 xine-lib
 	{CVE-2006-4799 CVE-2006-4800}
 	[sarge] - xine-lib 1.0.1-1sarge4
 [20 Nov 2006] DSA-1214 gv



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/34ca1383387a0fde27f25d90cf0985c84112aecb

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/34ca1383387a0fde27f25d90cf0985c84112aecb
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250803/52e1d96a/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list