Moritz Muehlenhoff
2006-Jan-23 15:37 UTC
[Secure-testing-commits] r3347 - in data: CVE DSA
Author: jmm-guest
Date: 2006-01-23 15:37:00 +0000 (Mon, 23 Jan 2006)
New Revision: 3347
Modified:
data/CVE/list
data/DSA/list
Log:
new libapache-auth-ldap DSA
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-01-23 13:41:11 UTC (rev 3346)
+++ data/CVE/list 2006-01-23 15:37:00 UTC (rev 3347)
@@ -422,7 +422,6 @@
NOTE: a white list approach of known to be safe env vars.
CVE-2006-0150 (Multiple format string vulnerabilities in the
auth_ldap_log_reason ...)
- libapache-auth-ldap <removed> (bug #347416)
- NOTE: DSA in preparation
CVE-2006-0149 (Cross-site scripting (XSS) vulnerability in SimpBook 1.0, with
...)
NOT-FOR-US: SimpBook
CVE-2006-0148 (NetSarang Xlpd 2.1 allows remote attackers to cause a denial of
...)
Modified: data/DSA/list
==================================================================---
data/DSA/list 2006-01-23 13:41:11 UTC (rev 3346)
+++ data/DSA/list 2006-01-23 15:37:00 UTC (rev 3347)
@@ -1,3 +1,8 @@
+[23 Jan 2006] DSA-952-1 libapache-auth-ldap - format string vulnerability
+ {CVE-2006-0150}
+ [sarge] - libapache-auth-ldap 1.6.0-3.1
+ [sarge] - libapache-auth-ldap 1.6.0-8.1
+ NOTE: fixed in testing at time of DSA (no longer present in testing/sid)
[23 Jan 2006] DSA-951-1 trac - missing input sanitising
{CVE-2005-4065 CVE-2005-4644}
[sarge] - trac 0.8.1-3sarge3