thr3ads.net - Secure testing commits - [Secure-testing-commits] r4159

If this information is useful, please help other people find it:
Share via:
Moritz Muehlenhoff
2006-Jun-06 22:11 UTC
[Secure-testing-commits] r4159 - in data: CVE DSA

Author: jmm-guest
Date: 2006-06-06 22:10:05 +0000 (Tue, 06 Jun 2006)
New Revision: 4159

Modified:
   data/CVE/list
   data/DSA/list
Log:
squirrelmail non-issue
openldap non-issue
tiffsplit not very severe
no-dsa for php-curl
kernel dupe


Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-06-06 21:47:01 UTC (rev 4158)
+++ data/CVE/list	2006-06-06 22:10:05 UTC (rev 4159)
@@ -1,3 +1,6 @@
+CVE-2006-2842 [squirrelmail remote file inclusion]
+	- squirrelmail <unfixed> (unimportant)
+	NOTE: Only exploitable with register_globals enabled
 CVE-2006-XXXX [XSS vulnerability in dokuwikis''s "Fullname"
and "E-Mail" fields]
 	- dokuwiki <unfixed> (medium)
 CVE-2006-XXXX [PHP injection vulnerability in dokuwiki via curly braces]
@@ -177,7 +180,8 @@
 CVE-2006-2755 (Cross-site scripting (XSS) vulnerability in index.php in
UBBThreads ...)
 	TODO: check
 CVE-2006-2754 (Stack-based buffer overflow in st.c in slurpd for OpenLDAP
before ...)
-	TODO: check
+	- openldap2.3 <unfixed> (unimportant)
+	NOTE: File is only written and read by slurpd, only editable by root
 CVE-2006-2752 (The RedCarpet /etc/ximian/rcd.conf configuration file in Novell
Linux ...)
 	TODO: check
 CVE-2006-2751 (Cross-site scripting (XSS) vulnerability in Open Searchable
Image ...)
@@ -409,7 +413,7 @@
 CVE-2006-2659 (libs/comverp.c in Courier MTA before 0.53.2 allows attackers to
cause ...)
 	- courier 0.53.2-1 (bug #368834)
 CVE-2006-2656 (Stack-based buffer overflow in the tiffsplit command in libtiff
3.8.2 ...)
-	- tiff 3.8.2-3 (bug #369819; medium)
+	- tiff 3.8.2-3 (bug #369819; low)
 CVE-2006-2643 (Cross-site scripting (XSS) vulnerability in index.php in Monster
Top ...)
 	NOT-FOR-US: Monster Top List
 CVE-2006-2642 (** UNVERIFIABLE ** ...)
@@ -587,8 +591,9 @@
 CVE-2006-2564 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
in ...)
 	NOT-FOR-US: Alstrasoft Article Manager Pro
 CVE-2006-2563 (The cURL library (libcurl) in PHP 4.4.2 and 5.1.4 allows
attackers to ...)
-	- php4-curl <unfixed> (bug #370166; medium)
-	- php5-curl <unfixed> (bug #370165; medium)
+	- php4 <unfixed> (bug #370166; low)
+	[sarge] - php4 <no-dsa> (Safe mode violations not supported)
+	- php5 <unfixed> (bug #370165; low)
 CVE-2006-2562 (ZyXEL P-335WT router allows remote attackers to bypass access
...)
 	NOT-FOR-US: ZyXEL P-335WT router
 CVE-2006-2561 (Edimax BR-6104K router allows remote attackers to bypass access
...)
@@ -20493,10 +20498,9 @@
 	[sarge] - kernel-source-2.6.8 2.6.8-14
 	TODO: 2.4.27 seems to be unaffected, check back with kernel patch tracker
 	TODO: check, when this was fixed in 2.6
-CVE-2005-0528 [mremap kernel issue]
+CVE-2005-0528
 	REJECTED
-	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
-	TODO: Fixed for Woody, check 2.4 and 2.6
+	NOTE: This was a dupe of the mremap kernel issue CVE-2003-0985
 CVE-2005-0527 (Firefox 1.0 allows remote attackers to execute arbitrary code
via ...)
 	- mozilla-firefox 1.0.1
 	NOTE: didn''t other with YA mozilla-browser bug, it has enough for
1.7.6 already..

Modified: data/DSA/list
==================================================================---
data/DSA/list	2006-06-06 21:47:01 UTC (rev 4158)
+++ data/DSA/list	2006-06-06 22:10:05 UTC (rev 4159)
@@ -25,7 +25,7 @@
         [woody] - motor 2:3.2.2-2woody1
         [sarge] - motor 2:3.4.0-2sarge1
 [29 May 2006] DSA-1082-1 kernel-source-2.4.17 - several vulnerabilities
-        {CVE-2003-0984 CVE-2004-0138 CVE-2004-0394 CVE-2004-0427 CVE-2004-0447
CVE-2004-0554 CVE-2004-0565 CVE-2004-0685 CVE-2004-0883 CVE-2004-0949
CVE-2004-0997 CVE-2004-1016 CVE-2004-1017 CVE-2004-1068 CVE-2004-1070
CVE-2004-1071 CVE-2004-1072 CVE-2004-1073 CVE-2004-1074 CVE-2004-1234
CVE-2004-1235 CVE-2004-1333 CVE-2004-1335 CVE-2005-0001 CVE-2005-0003
CVE-2005-0124 CVE-2005-0135 CVE-2005-0384 CVE-2005-0489 CVE-2005-0504
CVE-2005-0528}
+        {CVE-2003-0984 CVE-2004-0138 CVE-2004-0394 CVE-2004-0427 CVE-2004-0447
CVE-2004-0554 CVE-2004-0565 CVE-2004-0685 CVE-2004-0883 CVE-2004-0949
CVE-2004-0997 CVE-2004-1016 CVE-2004-1017 CVE-2004-1068 CVE-2004-1070
CVE-2004-1071 CVE-2004-1072 CVE-2004-1073 CVE-2004-1074 CVE-2004-1234
CVE-2004-1235 CVE-2004-1333 CVE-2004-1335 CVE-2005-0001 CVE-2005-0003
CVE-2005-0124 CVE-2005-0135 CVE-2005-0384 CVE-2005-0489 CVE-2005-0504}
 	[woody] - kernel-source-2.4.17 2.4.17-1woody4
 [29 May 2006] DSA-1081-1 libextractor - buffer overflow
         {CVE-2006-2458}
@@ -61,19 +61,19 @@
         {CVE-2006-0903 CVE-2006-1516 CVE-2006-1517 CVE-2006-1518}
         [woody] - mysql 3.23.49-8.15
 [21 May 2006] DSA-1070-1 kernel-source-2.4.19 - several vulnerabilities
-        {CVE-2003-0984 CVE-2004-0138 CVE-2004-0394 CVE-2004-0427 CVE-2004-0447
CVE-2004-0554 CVE-2004-0565 CVE-2004-0685 CVE-2004-0883 CVE-2004-0949
CVE-2004-0997 CVE-2004-1016 CVE-2004-1017 CVE-2004-1068 CVE-2004-1070
CVE-2004-1071 CVE-2004-1072 CVE-2004-1073 CVE-2004-1074 CVE-2004-1234
CVE-2004-1235 CVE-2004-1333 CVE-2004-1335 CVE-2005-0001 CVE-2005-0003
CVE-2005-0124 CVE-2005-0135 CVE-2005-0384 CVE-2005-0489 CVE-2005-0504
CVE-2005-0528}
+        {CVE-2003-0984 CVE-2004-0138 CVE-2004-0394 CVE-2004-0427 CVE-2004-0447
CVE-2004-0554 CVE-2004-0565 CVE-2004-0685 CVE-2004-0883 CVE-2004-0949
CVE-2004-0997 CVE-2004-1016 CVE-2004-1017 CVE-2004-1068 CVE-2004-1070
CVE-2004-1071 CVE-2004-1072 CVE-2004-1073 CVE-2004-1074 CVE-2004-1234
CVE-2004-1235 CVE-2004-1333 CVE-2004-1335 CVE-2005-0001 CVE-2005-0003
CVE-2005-0124 CVE-2005-0135 CVE-2005-0384 CVE-2005-0489 CVE-2005-0504}
         [woody] - kernel-image-sparc-2.4 26woody1
         [woody] - kernel-patch-2.4.19-mips 2.4.19-0.020911.1.woody5
         [woody] - kernel-source-2.4.19 2.4.19-4.woody3
 [20 May 2006] DSA-1069-1 kernel-source-2.4.18 - several
-	{CVE-2004-0427 CVE-2005-0489 CVE-2004-0394 CVE-2004-0447 CVE-2004-0554
CVE-2004-0565 CVE-2004-0685 CVE-2005-0001 CVE-2004-0883 CVE-2004-0949
CVE-2004-1016 CVE-2004-1333 CVE-2004-0997 CVE-2004-1335 CVE-2004-1017
CVE-2005-0124 CVE-2005-0528 CVE-2003-0984 CVE-2004-1070 CVE-2004-1071
CVE-2004-1072 CVE-2004-1073 CVE-2004-1074 CVE-2004-0138 CVE-2004-1068
CVE-2004-1234 CVE-2005-0003 CVE-2004-1235 CVE-2005-0504 CVE-2005-0384
CVE-2005-0135}
+	{CVE-2004-0427 CVE-2005-0489 CVE-2004-0394 CVE-2004-0447 CVE-2004-0554
CVE-2004-0565 CVE-2004-0685 CVE-2005-0001 CVE-2004-0883 CVE-2004-0949
CVE-2004-1016 CVE-2004-1333 CVE-2004-0997 CVE-2004-1335 CVE-2004-1017
CVE-2005-0124 CVE-2003-0984 CVE-2004-1070 CVE-2004-1071 CVE-2004-1072
CVE-2004-1073 CVE-2004-1074 CVE-2004-0138 CVE-2004-1068 CVE-2004-1234
CVE-2005-0003 CVE-2004-1235 CVE-2005-0504 CVE-2005-0384}
 	[woody] - kernel-source-2.4.18 2.4.18-14.4
 [20 May 2006] DSA-1068-1 fbi - insecure temporary file
 	{CVE-2006-1695}
 	[woody] - fbi 1.23woody1
 	[sarge] - fbi 2.01-1.2sarge1
 [20 May 2006] DSA-1067-1 kernel-source-2.4.16 - several
-	{CVE-2004-0427 CVE-2005-0489 CVE-2004-0394 CVE-2004-0447 CVE-2004-0554
CVE-2004-0565 CVE-2004-0685 CVE-2005-0001 CVE-2004-0883 CVE-2004-0949
CVE-2004-1016 CVE-2004-1333 CVE-2004-0997 CVE-2004-1335 CVE-2004-1017
CVE-2005-0124 CVE-2005-0528 CVE-2003-0984 CVE-2004-1070 CVE-2004-1071
CVE-2004-1072 CVE-2004-1073 CVE-2004-1074 CVE-2004-0138 CVE-2004-1068
CVE-2004-1234 CVE-2005-0003 CVE-2004-1235 CVE-2005-0504 CVE-2005-0384
CVE-2005-0135}
+	{CVE-2004-0427 CVE-2005-0489 CVE-2004-0394 CVE-2004-0447 CVE-2004-0554
CVE-2004-0565 CVE-2004-0685 CVE-2005-0001 CVE-2004-0883 CVE-2004-0949
CVE-2004-1016 CVE-2004-1333 CVE-2004-0997 CVE-2004-1335 CVE-2004-1017
CVE-2005-0124 CVE-2003-0984 CVE-2004-1070 CVE-2004-1071 CVE-2004-1072
CVE-2004-1073 CVE-2004-1074 CVE-2004-0138 CVE-2004-1068 CVE-2004-1234
CVE-2005-0003 CVE-2004-1235 CVE-2005-0504 CVE-2005-0384 CVE-2005-0135}
 	[woody] - kernel-source-2.4.16 2.4.16-1woody2
 [19 May 2006] DSA-1066-1 phpbb2 - missing input sanitising
 	{CVE-2006-1896}
Secure testing commits - Jun 2006 - r4159 - in data: CVE DSA

[Secure-testing-commits] r4159 - in data: CVE DSA
