Moritz Muehlenhoff
2007-Jan-31 23:11 UTC
[Secure-testing-commits] r5391 - in data: CVE DSA
Author: jmm-guest
Date: 2007-01-31 23:11:14 +0100 (Wed, 31 Jan 2007)
New Revision: 5391
Modified:
data/CVE/list
data/DSA/list
Log:
two new DSAs
phpbb issue already adressed
Modified: data/CVE/list
==================================================================---
data/CVE/list 2007-01-31 19:38:54 UTC (rev 5390)
+++ data/CVE/list 2007-01-31 22:11:14 UTC (rev 5391)
@@ -207,10 +207,10 @@
- chmlib 2:0.39-1 (bug #408603; medium)
CVE-2007-0494 (ISC BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0 up to 9.3.3,
9.4.0a1 ...)
{DSA-1254-1}
- - bind9 1:9.3.4-2
+ - bind9 1:9.3.4-2 (medium; bug #408432)
- bind <not-affected>
CVE-2007-0493 (Use-after-free vulnerability in ISC BIND 9.3.0 up to 9.3.3,
9.4.0a1 up to ...)
- - bind9 1:9.3.4-2
+ - bind9 1:9.3.4-2 (medium; bug #408432)
[sarge] - bind9 <not-affected> (Vulnerable code not present)
- bind <not-affected>
CVE-2007-XXXX [gstreamer ffmpeg missing checks of packet sizes, chunk sizes,
and fragment positions]
@@ -2254,7 +2254,8 @@
CVE-2006-6509 (Cross-site scripting (XSS) vulnerability in the skinning feature
in ...)
NOT-FOR-US: SiteKiosk
CVE-2006-6508 (Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.21
allows ...)
- - phpbb2 <unfixed> (bug #402140; low)
+ NOTE: This is covered/duped by CVE-2006-6841
+ - phpbb2 2.0.21-6
CVE-2006-6507 (Mozilla Firefox 2.0 before 2.0.0.1 allows remote attackers to
bypass ...)
NOTE: MFSA-2006-76
- iceweasel 2.0.0.1+dfsg-1 (high)
@@ -2700,7 +2701,7 @@
- linux-2.6 <unfixed>
[etch] - linux-2.6 <not-affected> (Only affects 2.6.19, introduced after
2.6.18)
CVE-2006-6332 (Stack-based buffer overflow in net80211/ieee80211_wireless.c in
...)
- - madwifi 1:0.9.2+r1842.20061207-2 (high; bug #402836)
+ - madwifi 1:0.9.2+r1842.20061207-2 (high; bug #402836; bug #402111)
[etch] - madwifi <no-dsa> (Non-free not supported)
CVE-2006-6331 (metaInfo.php in TorrentFlux 2.2, when
$cfg["enable_file_priority"] is ...)
- torrentflux 2.1-7 (bug #400582; medium)
Modified: data/DSA/list
==================================================================---
data/DSA/list 2007-01-31 19:38:54 UTC (rev 5390)
+++ data/DSA/list 2007-01-31 22:11:14 UTC (rev 5391)
@@ -1,3 +1,9 @@
+[31 Jan 2007] DSA-1256-1 gtk+2.0
+ {CVE-2007-0010}
+ [sarge] - gtk+2.0 2.6.4-3.2
+[31 Jan 2007] DSA-1255-1 libgtop2
+ {CVE-2007-0235}
+ [sarge] - libgtop2 2.6.0-4sarge1
[27 Jan 2007] DSA-1254-1 bind9
{CVE-2007-0494}
[sarge] - bind9 9.2.4-1sarge2