Moritz Muehlenhoff
2006-Mar-21 08:58 UTC
[Secure-testing-commits] r3654 - in data: CVE DSA
Author: jmm-guest
Date: 2006-03-21 08:57:53 +0000 (Tue, 21 Mar 2006)
New Revision: 3654
Modified:
data/CVE/list
data/DSA/list
Log:
DSAs
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-03-20 21:14:23 UTC (rev 3653)
+++ data/CVE/list 2006-03-21 08:57:53 UTC (rev 3654)
@@ -3652,13 +3652,10 @@
CVE-2005-4418 [Default policy in util-vserver prior to 0.30.208 trusted unknown
capabilities]
RESERVED
- util-vserver 0.30.208-1
- [sarge] - util-vserver 0.30.204-5sarge3 (medium)
CVE-2005-4347 [Improper barrier code allows for chroot escape]
RESERVED
- - util-vserver 0.30.208-1
+ - util-vserver 0.30.208-1 (bug #329090; medium)
- kernel-patch-vserver 2.3 (bug #329087; medium)
- [sarge] - kernel-patch-vserver 1.9.5.4 (bug #329087; medium)
- [sarge] - util-vserver 0.30.204-5sarge3 (bug #329090; medium)
NOTE: both util-vserver and the kernel-patch-vserver need to be upgraded to
fix this vulnerability
CVE-2005-4346 (Invalid SQL syntax error in blog.php in phpBB Blog 2.2.2 and
earlier ...)
NOT-FOR-US: phpBB Blog
Modified: data/DSA/list
==================================================================---
data/DSA/list 2006-03-20 21:14:23 UTC (rev 3653)
+++ data/DSA/list 2006-03-21 08:57:53 UTC (rev 3654)
@@ -1,3 +1,13 @@
+[21 Mar 2006] DSA-1012-1 unzip - buffer overflow
+ {CVE-2005-4667}
+ [woody] - unzip 5.50-1woody6
+ [sarge] - unzip 5.52-1sarge4
+ NOTE: not fixed in testing at time of DSA (too young)
+[21 Mar 2006] DSA-1011-1 kernel-patch-server, util-vserver - missing attribute
support
+ {CVE-2005-4347 CVE-2005-4418}
+ [sarge] - kernel-patch-vserver 1.9.5.4
+ [sarge] - util-vserver 0.30.204-5sarge3
+ NOTE: not fixed in testing at the time of DSA
[21 Mar 2006] DSA-1010-1 ilohamail - missing input sanitising
{CVE-2006-1236}
[sarge] - ilohamail 0.8.14-0rc3sarge1