Moritz Muehlenhoff
2006-Aug-01 20:25 UTC
[Secure-testing-commits] r4481 - in data: CVE DSA
Author: jmm-guest
Date: 2006-08-01 20:25:00 +0000 (Tue, 01 Aug 2006)
New Revision: 4481
Modified:
data/CVE/list
data/DSA/list
Log:
- Sarge is not affected by livehttpheaders dos and kde lockout
- new mantis DSA - many thanks to Thijs for wading through all this
- older mantis issue was already fixed in previous DSA
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-08-01 14:26:28 UTC (rev 4480)
+++ data/CVE/list 2006-08-01 20:25:00 UTC (rev 4481)
@@ -305,6 +305,7 @@
NOTE: PoC: http://www.sfritsch.de/~stf/CVE-2006-3731.html
NOTE: might still be a firefox issue
- mozilla-livehttpheaders <unfixed> (bug #379050; low)
+ [sarge] - mozilla-livehttpheaders <not-affected>
CVE-2006-3730 (Microsoft Internet Explorer 6 on Windows XP SP2 allows remote
...)
NOT-FOR-US: MSIE
CVE-2006-3729 (DataSourceControl in Internet Explorer 6 on Windows XP SP2 with
Office ...)
@@ -1987,8 +1988,9 @@
CVE-2006-2934 (SCTP conntrack (ip_conntrack_proto_sctp.c) in netfilter for
Linux ...)
- linux-2.6 2.6.17-3
- linux-2.6.16 2.6.16-17
-CVE-2006-2933
+CVE-2006-2933 [kdm dos]
RESERVED
+ [sarge] - kdebase <not-affected> (Only KDE < 3.2 vulnerable)
CVE-2006-2932
RESERVED
CVE-2006-2931 (CMS Mundo before 1.0 build 008 does not properly verify uploaded
image files, ...)
Modified: data/DSA/list
==================================================================---
data/DSA/list 2006-08-01 14:26:28 UTC (rev 4480)
+++ data/DSA/list 2006-08-01 20:25:00 UTC (rev 4481)
@@ -1,3 +1,6 @@
+[01 Aug 2006] DSA-1133-1 mantis - cross site scripting
+ {CVE-2006-0664 CVE-2006-0665 CVE-2006-0841 CVE-2006-1577}
+ [sarge] - mantis 0.19.2-5sarge4.1
[01 Aug 2006] DSA-1132-1 apache2 - buffer overflow
{CVE-2006-3747}
[sarge] - apache2 2.0.54-5sarge1
@@ -704,7 +707,7 @@
NOTE: sarge is also affected, but the uploaded version is greater
NOTE: than the fixed sid version.
[17 Jan 2006] DSA-944-1 mantis - several
- {CVE-2005-4238 CVE-2005-4518 CVE-2005-4519 CVE-2005-4520 CVE-2005-4521
CVE-2005-4522 CVE-2005-4523 CVE-2005-4524}
+ {CVE-2005-4238 CVE-2005-4518 CVE-2005-4519 CVE-2005-4520 CVE-2005-4521
CVE-2005-4522 CVE-2005-4523 CVE-2005-4524 CVE-2006-0840}
[woody] - mantis <not-affected> (Vulnerable code not present)
[sarge] - mantis 0.19.2-5sarge1
NOTE: fixed in testing at time of DSA