Moritz Muehlenhoff
2006-Apr-03 07:53 UTC
[Secure-testing-commits] r3732 - in data: CVE DSA
Author: jmm-guest
Date: 2006-04-03 07:52:14 +0000 (Mon, 03 Apr 2006)
New Revision: 3732
Modified:
data/CVE/list
data/DSA/list
Log:
three new issues in struts
new kernel dos
corrected DSA
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-04-03 07:25:35 UTC (rev 3731)
+++ data/CVE/list 2006-04-03 07:52:14 UTC (rev 3732)
@@ -1,3 +1,9 @@
+CVE-2006-1548 [struts xss]
+ - libstruts1.2-java <unfixed> (bug filed)
+CVE-2006-1547 [struts dos]
+ - libstruts1.2-java <unfixed> (bug filed)
+CVE-2006-1546 [struts validation bypass]
+ - libstruts1.2-java <unfixed> (bug filed)
CVE-2006-1545 (Direct static code injection vulnerability in admin/config.php
in ...)
TODO: check
CVE-2006-1544 (Multiple cross-site scripting (XSS) vulnerabilities in news.php
in ...)
@@ -1091,8 +1097,9 @@
RESERVED
CVE-2006-1056
RESERVED
-CVE-2006-1055
+CVE-2006-1055 [local DoS in kernel''s sysfs code]
RESERVED
+ - linux-2.6 <unfixed>
CVE-2006-1054
RESERVED
CVE-2006-1053
@@ -3899,7 +3906,7 @@
NOTE: nfs-utils (kernel NFS server) is not affected
NOTE: (it uses PATH_MAX for the buffer passed to realpath).
CVE-2006-0042 (Unspecified vulnerability in (1) apreq_parse_headers and (2)
...)
- {DSA-1000-1}
+ {DSA-1000-2}
- libapreq2 2.07-1
CVE-2006-0041
RESERVED
Modified: data/DSA/list
==================================================================---
data/DSA/list 2006-04-03 07:25:35 UTC (rev 3731)
+++ data/DSA/list 2006-04-03 07:52:14 UTC (rev 3732)
@@ -85,10 +85,9 @@
[woody] - crossfire 1.1.0-1woody1
[sarge] - crossfire 1.6.0.dfsg.1-4sarge1
NOTE: not fixed in testing at the time of DSA (too young)
-[14 Mar 2006] DSA-1000-1 libapreq2-perl - design error
+[14 Mar 2006] DSA-1000-2 libapreq2-perl - design error
{CVE-2006-0042}
- [sarge] - libapreq2-perl 2.04-dev-1sarge1
- NOTE: fixed in testing at the time of DSA (removed from sid)
+ [sarge] - libapreq2-perl 2.04-dev-1sarge2
[14 Mar 2006] DSA-999-1 lurker - several
{CVE-2006-1062 CVE-2006-1063 CVE-2006-1064}
[sarge] - lurker 1.2-5sarge1