Moritz Muehlenhoff
2006-Feb-10 11:52 UTC
[Secure-testing-commits] r3453 - in data: CVE DSA
Author: jmm-guest
Date: 2006-02-10 11:52:09 +0000 (Fri, 10 Feb 2006)
New Revision: 3453
Modified:
data/CVE/list
data/DSA/list
Log:
new elog DSA
new tcc issue
some no-dsa
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-02-10 09:14:19 UTC (rev 3452)
+++ data/CVE/list 2006-02-10 11:52:09 UTC (rev 3453)
@@ -17,7 +17,8 @@
CVE-2006-0636 (desktop.php in eyeOS 0.8.9 and earlier tests for the existence
of the ...)
TODO: check
CVE-2006-0635 (Tiny C Compiler (TCC) 0.9.23 (aka TinyCC) evaluates the ...)
- TODO: check
+ - tcc <unfixed> (bug filed; medium)
+ NOTE: Sarge status not yet analysed
CVE-2006-0634 (Borland C++Builder 6 (BCB6) with Update Pack 4 Enterprise
edition ...)
TODO: check
CVE-2006-0633 (The make_password function in ipsclass.php in Invision Power
Board ...)
@@ -5301,6 +5302,7 @@
NOT-FOR-US: Sun Java System Directory Server
CVE-2005-3268 (yiff server (yiff-server) 2.14.2 on Debian GNU/Linux runs as
root and ...)
- yiff 2.14.2-8 (bug #334616; low)
+ [sarge] - yiff <no-dsa> (Only a minor privacy leak)
CVE-2005-3267 (Integer overflow in Skype client before 1.4.x.84 on Windows,
before ...)
NOT-FOR-US: Skype
CVE-2005-3266
@@ -5740,11 +5742,8 @@
- mpack 1.6-1 (bug #216566)
CVE-2005-XXXX [coreutils ignores umask when using -m in mkdir, mkfifo and
mknod]
- coreutils 5.93-1 (bug #306076; low)
- [woody] - fileutils <unfixed> (low)
- NOTE: Sarge is affected
-CVE-2005-XXXX [gossip names windows potentially confusing, which might lead to
inform. disclosure]
- - gossip <unfixed> (bug #305419; low)
- NOTE: This looks quite strange, should be followed up, whether it''s
really reproducible
+ [sarge] - coreutils <no-dsa> (Minor issue, hardly exploitable)
+ [woody] - coreutils <no-dsa> (Minor issue, hardly exploitable)
CVE-2005-XXXX [tar''s rmt command may have undesired side effects]
- tar <unfixed> (bug #290435; low)
CVE-2005-XXXX [clamav''s VERSION command does not return the currently
loaded version]
@@ -13555,8 +13554,8 @@
CVE-2005-1106 (PictureViewer in QuickTime for Windows 6.5.2 allows remote
attackers ...)
NOT-FOR-US: Windows
CVE-2005-1105 (Directory traversal vulnerability in the
MimeBodyPart.getFileName ...)
- NOTE: api vulnerablity
- libgnumail-java <unfixed> (bug #304712; low)
+ [sarge] - libgnumail <no-dsa> (Only user in Sarge is ant, which
isn''t affected)
CVE-2005-1104 (Multiple cross-site scripting (XSS) vulnerabilities in Centra 7
...)
NOT-FOR-US: Centra
CVE-2005-1103 (Sygate Security Agent (SSA) in Sygate Secure Enterprise 3.5
through ...)
@@ -13694,8 +13693,8 @@
- netapplet <not-affected> (Not vulerable, see bug #310833)
CVE-2005-1039 (Race condition in Core Utilities (coreutils) 5.2.1, when (1)
mkdir, ...)
- coreutils <unfixed> (bug #304556; low)
- [woody] - fileutils <unfixed> (bug #304556; low)
- NOTE: Sarge is affected
+ [sarge] - coreutils <no-dsa> (Minor issue, hardly exploitable)
+ [woody] - coreutils <no-dsa> (Minor issue, hardly exploitable)
CVE-2005-1038 (crontab in Vixie cron 4.1, when running with the -e option,
allows ...)
NOTE: long fixed in Debian''s cron
CVE-2005-1037 (Unknown vulnerability in AIX 5.3.0, when configured as an NIS
client, ...)
Modified: data/DSA/list
==================================================================---
data/DSA/list 2006-02-10 09:14:19 UTC (rev 3452)
+++ data/DSA/list 2006-02-10 11:52:09 UTC (rev 3453)
@@ -1,3 +1,7 @@
+[10 Feb 2006] DSA-967-1 elog - several
+ {CVE-2006-4439 CVE-2006-0347 CVE-2006-0348 CVE-2006-0597 CVE-2006-0598
CVE-2006-0599 CVE-2006-0600}
+ [sarge] - elog 2.5.7+r1558-4+sarge2
+ NOTE: fixed in testing at time of DSA
[09 Feb 2006] DSA-966-1 adzapper - denial of service
{CVE-2006-0046}
[sarge] - adzapper 20050316-1sarge1