Moritz Muehlenhoff
2006-Apr-07 07:49 UTC
[Secure-testing-commits] r3767 - in data: CVE DSA
Author: jmm-guest
Date: 2006-04-07 07:48:08 +0000 (Fri, 07 Apr 2006)
New Revision: 3767
Modified:
data/CVE/list
data/DSA/list
Log:
added missing CVE IDs to latest koffice DSA
openvpn fixed
horde fixed
older freeradius issues already fixed
checked some older sarge issues
bugnums
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-04-06 23:15:45 UTC (rev 3766)
+++ data/CVE/list 2006-04-07 07:48:08 UTC (rev 3767)
@@ -86,7 +86,7 @@
CVE-2002-2210 (The installation of OpenOffice 1.0.1 allows local users to
overwrite ...)
TODO: check
CVE-2006-XXXX [openvpn missing setenv sanitising]
- - openvpn <unfixed> (bug #360559; medium)
+ - openvpn 2.0.6-1 (bug #360559; medium)
CVE-2006-1614 [clamav 0.88.1 integer overflow]
RESERVED
{DSA-1024-1}
@@ -117,7 +117,7 @@
CVE-2006-1578 (Multiple SQL injection vulnerabilities in Keystone Digital
Library ...)
NOT-FOR-US: Keystone Digital Library Suite
CVE-2006-1577 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- - mantis <unfixed>
+ - mantis <unfixed> (bug #361138)
CVE-2006-1576 (Direct static code injection vulnerability in QLnews 1.2 allows
remote ...)
NOT-FOR-US: QLnews
CVE-2006-1575 (Multiple cross-site scripting (XSS) vulnerabilities in news.php
in ...)
@@ -300,7 +300,7 @@
CVE-2006-1506 (Unspecified vulnerability in rsh in Sun Microsystems Sun Grid
Engine ...)
NOT-FOR-US: Sun Microsystems Sun Grid Engine 5.3
CVE-2006-1505 (base_maintenance.php in Basic Analysis and Security Engine
(BASE) ...)
- - acidbase <unfixed>
+ - acidbase <unfixed> (bug #361139)
CVE-2006-1504 (Multiple cross-site scripting (XSS) vulnerabilities in Arab
Portal 2.0 ...)
NOT-FOR-US: Arab Portal
CVE-2006-1503 (PHP remote file inclusion vulnerability in ...)
@@ -352,7 +352,7 @@
- mediawiki 1.4.15-1
- mediawiki1.5 1.5.8-1
CVE-2006-1491 (Eval injection vulnerability in Horde Application Framework
versions ...)
- - horde3 <unfixed>
+ - horde3 3.1.1-1
CVE-2006-1490 (PHP before 5.1.3-RC1 might allow remote attackers to obtain
portions ...)
- php5 <unfixed> (bug #359904; low)
- php4 <unfixed> (bug #359907; low)
@@ -547,11 +547,11 @@
CVE-2005-4747 (Cross-site scripting (XSS) vulnerability in WebHost Automation
Ltd ...)
TODO: check
CVE-2005-4746 (Multiple buffer overflows in FreeRADIUS 1.0.3 and 1.0.4 allow
remote ...)
- TODO: check
+ - freeradius 1.0.5-1
CVE-2005-4745 (SQL injection vulnerability in the rlm_sqlcounter module in
FreeRADIUS ...)
- TODO: check
+ - freeradius 1.0.5-1
CVE-2005-4744 (Off-by-one error in the sql_error function in sql_unixodbc.c in
...)
- TODO: check
+ - freeradius 1.0.5-1
CVE-1999-1587 (/usr/ucb/ps in Sun Microsystems Solaris 8 and 9, and certain
earlier ...)
TODO: check
CVE-2006-1396 (Multiple cross-site scripting (XSS) vulnerabilities in Cholod
MySQL ...)
@@ -6474,6 +6474,8 @@
NOTE: First patch had regressions
CVE-2005-3538 (hfaxd in HylaFAX 4.2.3, when PAM support is disabled, accepts
...)
- hylafax 2:4.2.4-1
+ [sarge] - hylagax <not-affected> (Affected only 4.2.3)
+ [woody] - hylagax <not-affected> (Affected only 4.2.3)
CVE-2005-3537 (A "missing request validation" error in phpBB
2 before 2.0.18 allows ...)
{DSA-925-1}
- phpbb2 2.0.18-1 (bug #336582; medium)
@@ -8047,6 +8049,8 @@
- fuzz 0.6-7.1 (bug #183047)
CVE-2005-XXXX [DoS triggering endless loops in findutils -follow option]
- findutils 4.2.22-1 (bug #313081)
+ [woody] - findutils <not-affected> (Only code between 4.2.18 and 4.2.22
affected)
+ [sarge] - findutils <not-affected> (Only code between 4.2.18 and 4.2.22
affected)
CVE-2005-3138 (Bugzilla 2.18rc1 through 2.18.3, 2.19 through 2.20rc2, and 2.21
allows ...)
[woody] - bugzilla <not-affected> (Only Bugzilla >= 2.18 is affected)
[sarge] - bugzilla <not-affected> (Only Bugzilla >= 2.18 is affected)
@@ -8158,7 +8162,8 @@
CVE-2005-3071 (Unspecified vulnerability in Unix File System (UFS) on Solaris 8
and ...)
NOT-FOR-US: Solaris
CVE-2005-3070 (HylaFax 4.2.1 and earlier does not create or verify ownership of
the ...)
- - hylafax 1:4.2.2+rc1 (bug #329384; low)
+ - hylafax 1:4.2.2+rc1 (bug #329384; unimportant)
+ NOTE: This was judged non-exploitable
CVE-2005-3069 (xferfaxstats in HylaFax 4.2.1 and earlier allows local users to
...)
{DSA-865-1}
- hylafax 1:4.2.2+rc1 (bug #329384; low)
Modified: data/DSA/list
==================================================================---
data/DSA/list 2006-04-06 23:15:45 UTC (rev 3766)
+++ data/DSA/list 2006-04-07 07:48:08 UTC (rev 3767)
@@ -27,7 +27,7 @@
{CVE-2006-0459}
[sarge] - flex 2.5.31-31sarge1
[24 Mar 2006] DSA-1019-1 koffice - several
- {CVE-2006-1244}
+ {CVE-2006-1244 CVE-2006-3192 CVE-2006-0301}
[sarge] - koffice 1.3.5-4.sarge.3
[24 Mar 2006] DSA-1018-1 kernel-source-2.4.27 - several
{CVE-2004-0887 CVE-2004-1058 CVE-2004-2607 CVE-2005-0449 CVE-2005-1761
CVE-2005-2457 CVE-2005-2555 CVE-2005-2709 CVE-2005-2973 CVE-2005-3257
CVE-2005-3783 CVE-2005-3806 CVE-2005-3848 CVE-2005-3857 CVE-2005-3858
CVE-2005-4618}