Moritz Muehlenhoff
2006-May-31 12:55 UTC
[Secure-testing-commits] r4101 - in data: CVE DSA
Author: jmm-guest
Date: 2006-05-31 12:54:38 +0000 (Wed, 31 May 2006)
New Revision: 4101
Modified:
data/CVE/list
data/DSA/list
Log:
two new DSAs
oftpd already fixed
no-dsa for thunderbird
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-05-31 07:42:50 UTC (rev 4100)
+++ data/CVE/list 2006-05-31 12:54:38 UTC (rev 4101)
@@ -1479,9 +1479,8 @@
CVE-2006-1993 (Mozilla Firefox 1.5.0.2, when designMode is enabled, allows
remote ...)
{DSA-1055-1 DSA-1053-1}
- firefox 1.5.dfsg+1.5.0.3-1 (bug #364810; high)
- [sarge] - mozilla-firefox 1.0.4-2sarge7 (high)
- [sarge] - mozilla 1.7.8-1sarge6 (high)
- mozilla <unfixed> (high)
+ [sarge] - mozilla-thunderbird <no-dsa> (Not directly exploitable in
Thunderbird)
CVE-2006-XXXX [typo3 mailforms can be abused to send spam]
- typo3-src <unfixed> (bug #364350)
CVE-2006-XXXX [moinmoin XSS]
@@ -3788,7 +3787,6 @@
CVE-2006-1053
RESERVED
CVE-2006-1052 (The selinux_ptrace logic in hooks.c in SELinux for Linux 2.6.6
allows ...)
- TODO: check sarge
- linux-2.6 2.6.15+2.6.16-rc5-0experimental.1 (low)
CVE-2006-1051 (SQL injection vulnerability in Akarru Social BookMarking Engine
before ...)
NOT-FOR-US: Akurru Social BookMarking Engine
@@ -13814,7 +13812,8 @@
{DSA-1003-1}
- xpvm 1.2.5-8 (bug #318285; medium)
CVE-2005-2239 (oftpd 0.3.7 allows remote attackers to cause a denial of service
via a ...)
- - oftpd <removed> (bug #318286; medium)
+ - oftpd 20040304-1 (bug #318286; medium)
+ NOTE: This was fixed in the patch set maintained by Werner Koch, it''s
included
CVE-2005-2238 (ftpd in IBM AIX 5.1, 5.2 and 5.3 allows remote authenticated
users to ...)
NOT-FOR-US: AIX
CVE-2005-2237 (Format string vulnerability in the swcons command in IBM AIX
5.3, and ...)
Modified: data/DSA/list
==================================================================---
data/DSA/list 2006-05-31 07:42:50 UTC (rev 4100)
+++ data/DSA/list 2006-05-31 12:54:38 UTC (rev 4101)
@@ -1,3 +1,10 @@
+[31 May 2006] DSA-1083-1 motor - buffer overflow
+ {CVE-2005-3863}
+ [woody] - motor 3.2.2-2woody1
+ [sarge] - motor 3.4.0-2sarge1
+[29 May 2006] DSA-1082-1 kernel-source-2.4.17 - several vulnerabilities
+ {CVE-2003-0984 CVE-2004-0138 CVE-2004-0394 CVE-2004-0427 CVE-2004-0447
CVE-2004-0554 CVE-2004-0565 CVE-2004-0685 CVE-2004-0883 CVE-2004-0949
CVE-2004-0997 CVE-2004-1016 CVE-2004-1017 CVE-2004-1068 CVE-2004-1070
CVE-2004-1071 CVE-2004-1072 CVE-2004-1073 CVE-2004-1074 CVE-2004-1234
CVE-2004-1235 CVE-2004-1333 CVE-2004-1335 CVE-2005-0001 CVE-2005-0003
CVE-2005-0124 CVE-2005-0135 CVE-2005-0384 CVE-2005-0489 CVE-2005-0504
CVE-2005-0528}
+ [woody] - kernel-source-2.4.17 2.4.17-1woody4
[29 May 2006] DSA-1081-1 libextractor - buffer overflow
{CVE-2006-2458}
[sarge] - libextractor 0.4.2-2sarge5