Moritz Muehlenhoff
2006-Nov-21 19:19 UTC
[Secure-testing-commits] r4989 - in data: CVE DSA
Author: jmm-guest
Date: 2006-11-21 19:19:19 +0100 (Tue, 21 Nov 2006)
New Revision: 4989
Modified:
data/CVE/list
data/DSA/list
Log:
five new DSAs
bugnums
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-11-21 18:14:31 UTC (rev 4988)
+++ data/CVE/list 2006-11-21 18:19:19 UTC (rev 4989)
@@ -331,7 +331,7 @@
CVE-2006-5816 (Multiple PHP remote file inclusion vulnerabilities in Dmitry
Sheiko ...)
NOT-FOR-US: Business Card Web Builder
CVE-2006-5815 (Unspecified vulnerability in ProFTPD allows remote attackers to
...)
- - proftpd-dfsg 1.3.0-13
+ - proftpd-dfsg 1.3.0-13 (bug #399070)
- proftpd <removed>
CVE-2006-5814 (Unspecified vulnerability in Novell eDirectory allows remote
attackers ...)
NOT-FOR-US: Novell eDirectory
@@ -1147,7 +1147,7 @@
CVE-2006-5445 (Unspecified vulnerability in the SIP channel driver ...)
- asterisk 1:1.2.13~dfsg-1 (medium; bug #395080)
CVE-2006-5444 (Integer overflow in the get_input function in the Skinny channel
...)
- - asterisk 1:1.2.13~dfsg-1 (medium; bug #395080)
+ - asterisk 1:1.2.13~dfsg-1 (medium; bug #395080; #394025)
CVE-2006-5443 (Unspecified vulnerability in XIAO Gang WWW Interactive
Mathematics ...)
- wims 3.60-1 (bug #395102)
CVE-2006-5442 (ViewVC 1.0.2 and earlier does not specify a charset in its HTTP
...)
@@ -3009,7 +3009,7 @@
- wireshark 0.99.4-1 (bug #396258; medium)
CVE-2006-4573 (Multiple unspecified vulnerabilities in the "utf8
combining characters ...)
{DSA-1202-1}
- - screen 4.0.3-0.1 (bug #395225; medium)
+ - screen 4.0.3-0.1 (bug #395225; bug #395999; medium)
CVE-2006-4572 (ip6_tables in netfilter in the Linux kernel before 2.6.16.31
allows ...)
- linux-2.6 <unfixed>
CVE-2006-4571 (Multiple unspecified vulnerabilities in Firefox before 1.5.0.7,
...)
@@ -5892,7 +5892,7 @@
CVE-2006-3335 (Unspecified vulnerability in mkdir in HP-UX B.11.00, B.11.04,
B.11.11, ...)
NOT-FOR-US: HP-UX
CVE-2006-3334 (Buffer overflow in the png_decompress_chunk function in
pngrutil.c in ...)
- - libpng 1.2.8rel-5.2 (bug #377298; unimportant)
+ - libpng 1.2.8rel-5.2 (bug #377298; bug #397892; unimportant)
NOTE: A static 50 char array consumes 13 machine words on 32bit archs, so the
overflow
NOTE: cannot overwrite other memory sections
CVE-2006-3333 (Cross-site scripting (XSS) vulnerability in index.php in Zorum
Forum ...)
@@ -9756,7 +9756,7 @@
CVE-2005-4773 (The configuration of VMware ESX Server 2.x, 2.0.x, 2.1.x, and
2.5.x ...)
NOT-FOR-US: VMware
CVE-2004-2656 (Multiple cross-site scripting (XSS) vulnerabilities in Slashdot
Like ...)
- - slash <not-affected> (Vulnerable code introduced in 2002, while
Debian''s is older!)
+ - slash <not-affected> (Vulnerable code introduced in 2002, while
Debian''s is older!, see #390469)
CVE-2006-XXXX [firebird local DoS]
- firebird2 1.5.3.4870-4 (bug #362001)
[sarge] - firebird2 <no-dsa> (Minor issue)
Modified: data/DSA/list
==================================================================---
data/DSA/list 2006-11-21 18:14:31 UTC (rev 4988)
+++ data/DSA/list 2006-11-21 18:19:19 UTC (rev 4989)
@@ -1,3 +1,18 @@
+[21 Nov 2006] DSA-1218 proftpd
+ {CVE-2006-5815}
+ [sarge] - proftpd 1.2.10-15sarge2
+[20 Nov 2006] DSA-1217 linux-ftpd
+ {CVE-2006-5778}
+ [sarge] - linux-ftpd 0.17-20sarge2
+[20 Nov 2006] DSA-1216 flexbackup
+ {CVE-2006-4802}
+ [sarge] - flexbackup 1.2.1-2sarge1
+[20 Nov 2006] DSA-1215 xine-lib
+ {CVE-2006-4799 CVE-2006-4800}
+ [sarge] - xine-lib 1.0.1-1sarge4
+[20 Nov 2006] DSA-1214 gv
+ {CVE-2006-5864}
+ [sarge] - gv 3.6.1-10sarge1
[19 Nov 2006] DSA-1213 imagemagick
{CVE-2006-0082 CVE-2006-4144 CVE-2006-5456 CVE-2006-5868}
[sarge] - imagemagick 6:6.0.6.2-2.8