Moritz Muehlenhoff
2006-Jan-23 09:44 UTC
[Secure-testing-commits] r3345 - in data: CVE DSA
Author: jmm-guest
Date: 2006-01-23 09:43:45 +0000 (Mon, 23 Jan 2006)
New Revision: 3345
Modified:
data/CVE/list
data/DSA/list
Log:
two new DSAs
new tor issue
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-01-22 21:22:29 UTC (rev 3344)
+++ data/CVE/list 2006-01-23 09:43:45 UTC (rev 3345)
@@ -1,3 +1,5 @@
+CVE-2006-XXXX [tor discovery of hidden services]
+ - tor <unfixed> (bug #349283)
CVE-2006-0353 [fd leak in lsh]
- lsh-utils 2.0.1cdbs-4 (low)
CVE-2006-0283 (Unspecified vulnerability in Oracle Database Server 10.1.0.4.2,
...)
@@ -388,7 +390,7 @@
CVE-2005-4645 (SQL injection vulnerability in index.php in 3CFR allows remote
...)
NOT-FOR-US: 3CFR
CVE-2005-4644 (Cross-site scripting (XSS) vulnerability in the HTML
WikiProcessor in ...)
- NOT-FOR-US: HTML WikiProcessor
+ - trac 0.9.3-1
CVE-2005-4643 (SQL injection vulnerability in index.php in Antharia OnContent
// CMS ...)
NOT-FOR-US: Antharia OnContent
CVE-2005-4642 (Multiple cross-site scripting (XSS) vulnerabilities in HydroBB
1.0.0 ...)
Modified: data/DSA/list
==================================================================---
data/DSA/list 2006-01-22 21:22:29 UTC (rev 3344)
+++ data/DSA/list 2006-01-23 09:43:45 UTC (rev 3345)
@@ -1,3 +1,12 @@
+[23 Jan 2006] DSA-951-1 trac - missing input sanitising
+ {CVE-2005-4065 CVE-2005-4644}
+ [sarge] - trac 0.8.1-3sarge3
+ NOTE: fixed in testing at time of DSA
+[23 Jan 2006] DSA-950-1 cupsys - buffer overflow
+ {CVE-2005-3191 CVE-2005-3192 CVE-2005-3193 CVE-2005-3624 CVE-2005-3625
CVE-2005-3626 CVE-2005-3627 CVE-2005-3628}
+ [woody] - cupsys 1.1.14-5woody14
+ [sarge] - cupsys <not-affected> (Cups uses xpdf-utils in Sarge)
+ NOTE: fixed in testing at time of DSA
[20 Jan 2006] DSA-949-1 crawl - insecure program execution
{CVE-2006-0045}
[woody] - crawl 4.0.0beta23-2woody2