thr3ads.net - Secure testing commits - [Secure-testing-commits] r3373

If this information is useful, please help other people find it:
Share via:

Florian Weimer

2006-Jan-26 10:59 UTC

[Secure-testing-commits] r3373 - in data: CVE DSA

Author: fw
Date: 2006-01-26 10:59:18 +0000 (Thu, 26 Jan 2006)
New Revision: 3373

Modified:
   data/CVE/list
   data/DSA/list
Log:
DSA-956-1: lsh-utils


Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-01-26 09:27:19 UTC (rev 3372)
+++ data/CVE/list	2006-01-26 10:59:18 UTC (rev 3373)
@@ -229,6 +229,7 @@
 	- mydns 1.1.0+pre-3 (medium)
 CVE-2006-0353 (unix_random.c in lshd for lsh 2.0.1 leaks file descriptors
related to ...)
 	- lsh-utils 2.0.1cdbs-4 (low; bug #349303)
+	NOTE: woody seems to be vulnerable as well (looking at the source code).
 CVE-2006-0283 (Unspecified vulnerability in Oracle Database Server 10.1.0.4.2,
...)
 	NOT-FOR-US: Oracle
 CVE-2006-0321 (fetchmail 6.3.0 and other versions before 6.3.2 allows remote
...)

Modified: data/DSA/list
==================================================================---
data/DSA/list	2006-01-26 09:27:19 UTC (rev 3372)
+++ data/DSA/list	2006-01-26 10:59:18 UTC (rev 3373)
@@ -1,3 +1,7 @@
+[26 Jan 2006] DSA-956-1 lsh-server - filedescriptor leak
+        {CVE-2006-0353}
+        [sarge] - lsh-utils 2.0.1-3sarge1
+	NOTE: not fixed in testing at time of DSA (not yet built)
 [25 Jan 2006] DSA-955-1 mailman - DoS
 	{CVE-2005-3573 CVE-2005-4153}
 	[woody] - mailman <not-affected> (Vulnerable code not present)

Secure testing commits - Jan 2006 - r3373 - in data: CVE DSA

[Secure-testing-commits] r3373 - in data: CVE DSA