thr3ads.net - Secure testing commits - [Secure-testing-commits] r4934

If this information is useful, please help other people find it:
Share via:
Moritz Muehlenhoff
2006-Nov-08 19:41 UTC
[Secure-testing-commits] r4934 - in data: CVE DSA

Author: jmm-guest
Date: 2006-11-08 19:41:23 +0100 (Wed, 08 Nov 2006)
New Revision: 4934

Modified:
   data/CVE/list
   data/DSA/list
Log:
php dsa
non-free no-dsas
elog CVEfied
rpm no-dsa
one kernel issue fixed in 2.6.18
two php non-issues
libmad issue not a bug, no real DoS potential/security impact
hdup fixed to the extent allowed by design limitations
one phpmyadmin unimportant, the other not affected


Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-11-08 08:14:25 UTC (rev 4933)
+++ data/CVE/list	2006-11-08 18:41:23 UTC (rev 4934)
@@ -1,9 +1,9 @@
 CVE-2006-5792 (Unspecified vulnerability in XLink Omni-NFS Enterprise allows
remote ...)
 	TODO: check
 CVE-2006-5791 (Multiple cross-site scripting (XSS) vulnerabilities in elogd.c
in ELOG ...)
-	TODO: check
+	- elog <unfixed> (medium; bug #392016)
 CVE-2006-5790 (Multiple format string vulnerabilities in elogd.c in ELOG 2.6.2
and ...)
-	TODO: check
+	- elog <unfixed> (medium; bug #392016)
 CVE-2006-5789 (WarFTPd 1.82.00-RC11 allows remote authenticated users to cause
a ...)
 	TODO: check
 CVE-2006-5788 (PHP remote file inclusion vulnerability in (1) index.php and (2)
...)
@@ -283,8 +283,6 @@
 CVE-2006-XXXX [phpmyadmin XSS (PMASA-2006-6)]
 	- phpmyadmin 4:2.9.0.3-1 (low; bug #396638)
 	[sarge]	- phpmyadmin <not-affected> (Vulnerable code not present)
-CVE-2006-XXXX [ELOG remote code execution and XSS]
-	- elog <unfixed> (medium; bug #392016)
 CVE-2006-XXXX [avahi fake netlink message vulnerability ]
 	- avahi 0.6.15-1 (low)
 CVE-2006-5649
@@ -661,8 +659,8 @@
 	TODO: check
 CVE-2006-5466 (Heap-based buffer overflow in the showQueryPackage function in
librpm ...)
 	- rpm 4.4.1-11 (low)
-	NOTE: This needs further investigation, most probably a non-issue, pinged
maintainer
-	NOTE: [sarge] - rpm <no-dsa> (You need to trust the RPMs you''re
installing)
+	[sarge] - rpm <no-dsa> (You need to trust the RPMs you''re
installing)
+	NOTE: Only hypothetical, far-fetched attacks feasible
 CVE-2006-5465 (Buffer overflow in PHP before 5.2.0 allows remote attackers to
execute ...)
 	- php4 4:4.4.4-4 (high; bug #396764)
 	- php5 5.1.6-6 (high; bug #396766)
@@ -960,6 +958,7 @@
 CVE-2006-5330 (CRLF injection vulnerability in Adobe Flash Player plugin 9.0.16
for ...)
 	- flashplugin-nonfree <unfixed> (medium)
 	[sarge] - flashplugin-nonfree <no-dsa> (Contrib not supported, only
installer package)
+	[etch] - flashplugin-nonfree <no-dsa> (Contrib not supported, only
installer package)
 	TODO: file bug when upstream fix is released
 CVE-2006-5329
 	RESERVED
@@ -1227,6 +1226,7 @@
 	NOT-FOR-US: Linksys
 CVE-2006-5201 (Multiple packages on Sun Solaris, including (1) NSS; (2) Java
JDK and ...)
 	- sun-java5 <unfixed> (bug #393042)
+	[etch] - sun-java5 <no-dsa> (Non-free not supported)
 	NOTE: this is similar to CVE-2006-4339
 CVE-2006-5200 (Unspecified vulnerability in Adobe Breeze 5 Licensed Server and
Breeze ...)
 	NOT-FOR-US: Adobe
@@ -1286,7 +1286,7 @@
 	- linux-2.6 <unfixed>
 	NOTE: s390 only, fix in 2.6.18-3 was reverted in 2.6.18-4
 CVE-2006-5173 (Linux kernel does not properly save or restore EFLAGS during a
context ...)
-	- linux-2.6 <unfixed>
+	- linux-2.6 2.6.18-1
 CVE-2006-5172
 	RESERVED
 CVE-2006-5171
@@ -1410,9 +1410,11 @@
 CVE-2006-5118 (PHP remote file inclusion vulnerability in index.php3 in the PDD
...)
 	NOT-FOR-US: PHPSelect Web Development Division 
 CVE-2006-5117 (phpMyAdmin before 2.9.1-rc1 has a libraries directory under the
web ...)
-	- phpmyadmin 4:2.9.0.2-0.1 (bug #391090; low)
+	- phpmyadmin 4:2.9.0.2-0.1 (bug #391090; unimportant)
+	NOTE: Only path disclosure
 CVE-2006-5116 (Multiple cross-site request forgery (CSRF) vulnerabilities in
...)
 	- phpmyadmin 4:2.9.0.2-0.1 (bug #391090; low)
+	[sarge] - phpmyadmin <not-affected> (Vulnerable code not present)
 CVE-2006-5115 (Directory traversal vulnerability in kgcall.php in KGB 1.87
allows ...)
 	NOT-FOR-US: KGB
 CVE-2006-5114 (Multiple cross-site scripting (XSS) vulnerabilities in wgate in
SAP ...)
@@ -6113,14 +6115,16 @@
 CVE-2006-3019 (Multiple PHP remote file inclusion vulnerabilities in phpCMS
1.2.1pl2 ...)
 	NOT-FOR-US: phpCMS
 CVE-2006-3018 (Unspecified vulnerability in the session extension functionality
in ...)
-	- php5 5.1.4-0.1 (medium)
-	- php4 <unfixed> (medium)
+	- php5 5.1.4-0.1 (unimportant)
+	- php4 <unfixed> (unimportant)
+	NOTE: Sanitising is the application''s responsibilitys
 CVE-2006-3017 (zend_hash_del_key_or_index in zend_hash.c in PHP before 4.4.3
and 5.x ...)
 	- php5 5.1.4-0.1 (medium)
 	- php4 4:4.4.4-1 (medium; bug #381998)
 CVE-2006-3016 (Unspecified vulnerability in session.c in PHP before 5.1.3 has
unknown ...)
-	- php5 5.1.4-0.1 (medium)
-	- php4 4:4.4.4-1 (medium; bug #382259)
+	- php5 5.1.4-0.1 (unimportant)
+	- php4 4:4.4.4-1 (unimportant; bug #382259)
+	NOTE: Sanitising is the application''s responsibilitys
 CVE-2006-3015 (Argument injection vulnerability in WinSCP 3.8.1 build 328
allows ...)
 	NOT-FOR-US: WinSCP
 CVE-2006-3014 (Microsoft Excel allows user-assisted attackers to execute
arbitrary ...)
@@ -7516,6 +7520,7 @@
 	- clamav <not-affected> (clamav-freshclam doesn''t ship
freshclam setuid or setgid)
 CVE-2006-2426 (Sun Java Runtime Environment (JRE) 1.5.0_6 and earlier, JDK
1.5.0_6 ...)
 	- sun-java5 <unfixed>
+	[etch] - sun-java5 <no-dsa> (Non-free not supported)
 CVE-2006-2425 (Multiple cross-site scripting (XSS) vulnerabilities in PRV.php
in ...)
 	NOT-FOR-US: phpRemoteView
 CVE-2006-2424 (PHP remote file inclusion vulnerability in ezUserManager 1.6 and
...)
@@ -17325,9 +17330,6 @@
 	- squid <not-affected> (bug #334882; medium)
 	NOTE: Bug was introduced in a patch to squid-2.5.STABLE10,
 	NOTE: this patch was never applied to the Debian package.
-CVE-2005-XXXX [libmad: Assertion failed; buffer overflow]
-	- libmad <unfixed> (bug #287519; low)
-	- mad <removed>
 CVE-2005-3256 (The key selection dialogue in Enigmail before 0.92.1 can
incorrectly ...)
 	{DSA-889-1}
 	- enigmail 2:0.93-1 (bug #335731; medium)
@@ -17772,8 +17774,9 @@
 CVE-2004-XXXX [Barrendero spool world-readable]
 	- barrendero 1.1-1 (bug #279163)
 CVE-2005-XXXX [hdup inproperly preserves permissions on directories]
-	- hdup <unfixed> (bug #302790; low)
-	[sarge] - hdup <no-dsa> (Mostly a bug, very limited security
implications)
+       - hdup 2.0.14-2 (bug #302790; low)
+       NOTE: Minor issue, workaround and patch documented since version above
+	[sarge] - hdup <no-dsa> (Mostly a design limitation, very limited
security implications)
 CVE-2001-XXXX [crypt++ passes passwords through the command line]
 	- crypt++el 2.91-2.1 (bug #105562; low)
 CVE-2004-XXXX [Two vulnerabilities in sredird]

Modified: data/DSA/list
==================================================================---
data/DSA/list	2006-11-08 08:14:25 UTC (rev 4933)
+++ data/DSA/list	2006-11-08 18:41:23 UTC (rev 4934)
@@ -1,3 +1,6 @@
+[06 Nov 2006] DSA-1206-1 php4
+	{CVE-2005-3353 CVE-2006-3017 CVE-2006-4482 CVE-2006-5465}
+	[sarge] - php4 4:4.3.10-18
 [02 Nov 2006] DSA-1205-1 thttpd - insecure temporary files
 	{CVE-2006-4248}
 	[sarge] - thttpd 2.23beta1-3sarge2
Secure testing commits - Nov 2006 - r4934 - in data: CVE DSA

[Secure-testing-commits] r4934 - in data: CVE DSA
