thr3ads.net - Secure testing commits - [Secure-testing-commits] r5279

If this information is useful, please help other people find it:
Share via:

Stefan Fritsch

2007-Jan-16 23:24 UTC

[Secure-testing-commits] r5279 - data/CVE

Author: stef-guest
Date: 2007-01-16 23:24:21 +0100 (Tue, 16 Jan 2007)
New Revision: 5279

Modified:
   data/CVE/list
Log:
- some updates from the bts
- includes new issues for udev, yacas, pdns
- squid CVEified


Modified: data/CVE/list
==================================================================---
data/CVE/list	2007-01-16 21:17:48 UTC (rev 5278)
+++ data/CVE/list	2007-01-16 22:24:21 UTC (rev 5279)
@@ -1,8 +1,14 @@
-CVE-2007-XXXX [gosa unspecified issue]
+CVE-2007-XXXX [udev wrong permissions on raid devices]
+	- linux-2.6 <unfixed> (bug #404927)
+CVE-2007-XXXX [yacas insecure rpath]
+	- yacas <unfixed> (bug #399226; bug #399227)
+CVE-2007-XXXX [TXT record parsing overflow with special characters]
+	- pdns <unfixed> (bug #406465)
+CVE-2007-XXXX [gosa allows non-priviledged users to change admin password]
 	- gosa 2.5.8-1 (medium)
 	NOTE: http://secunia.com/advisories/23749/
-CVE-2007-XXXX [Denial of Service Vulnerabilities]
-	- squid <unfixed> (low)
+CVE-2007-0248 [Denial of Service Vulnerabilities]
+	- squid <unfixed> (low) (bug #407202)
 	TODO: check if version 2.5.9-10sarge2 have comprimised code.
 	NOTE: reference - http://secunia.com/advisories/23767/
 CVE-2007-XXXX [libgtop2 "glibtop_get_proc_map_s()" Buffer Overflow]
@@ -2252,7 +2258,7 @@
 	NOTE: NOT-FOR-US (Apple Mac OS X)
 CVE-2006-6169 (Heap-based buffer overflow in the ask_outfile_name function in
...)
 	{DSA-1231-1}
-	- gnupg 1.4.5-3 (medium)
+	- gnupg 1.4.5-3 (medium; bug #401765)
 	- gnupg2 2.0.0-5.1 (medium; bug #400777)
 CVE-2006-XXXX [several security issues in phpmyadmin]
 	- phpmyadmin 4:2.9.1.1-1 (bug #399329)
@@ -2611,7 +2617,7 @@
 CVE-2006-5970 (Verity Ultraseek before 5.7 allows remote attackers to obtain
...)
 	NOT-FOR-US: Verity Ultraseek
 CVE-2006-5969 (CRLF injection vulnerability in the evalFolderLine function in
fvwm ...)
-	- fvwm 1:2.5.18-2 (low)
+	- fvwm 1:2.5.18-2 (low; bug #400303)
 	[sarge] - fvwm <no-dsa> (Minor issue)
 CVE-2006-5968 (MDaemon 9.0.5, 9.0.6, 9.51, and 9.53, and possibly other
versions, ...)
 	NOT-FOR-US: MDaemon
@@ -16587,8 +16593,7 @@
 	- xlockmore 1:5.13-2.1 (bug #309760)
 CVE-2006-0061 [xlock segfaults when using libpam-opensc]
 	RESERVED
-	- xlockmore 1:5.13-2.1 (bug #318123; high)
-	NOTE: Woody affected only, according to BTS fixed in Sarge.
+	- xlockmore <unfixed> (bug #318123; bug #399003; high)
 CVE-2006-0060
 	RESERVED
 CVE-2006-0059 (Heap-based buffer overflow in the ISO Transport Service over TCP
(RFC ...)

Secure testing commits - Jan 2007 - r5279 - data/CVE

[Secure-testing-commits] r5279 - data/CVE