Moritz Muehlenhoff
2005-Nov-07 17:30 UTC
[Secure-testing-commits] r2686 - in data: CVE DSA
Author: jmm-guest
Date: 2005-11-07 17:30:10 +0000 (Mon, 07 Nov 2005)
New Revision: 2686
Modified:
data/CVE/list
data/DSA/list
Log:
new chmlib dsa, bugnums
Modified: data/CVE/list
==================================================================---
data/CVE/list 2005-11-07 12:59:27 UTC (rev 2685)
+++ data/CVE/list 2005-11-07 17:30:10 UTC (rev 2686)
@@ -11,7 +11,7 @@
{DTSA-21-1}
- clamav 0.87.1-1 (medium)
CVE-2005-XXXX [Multiple security issues in Scorched 3D]
- - scorched3d <unfixed> (bug filed; medium)
+ - scorched3d <unfixed> (bug #337403; medium)
CVE-2005-3482 (Cisco 1200, 1131, and 1240 series Access Points, when operating
in ...)
NOT-FOR-US: Cisco hardware
CVE-2005-3481 (Cisco IOS 12.0 to 12.4 might allow remote attackers to execute
...)
@@ -368,8 +368,8 @@
CVE-2005-3324 (SQL injection vulnerability in chat.php in MWChat 6.8 allows
remote ...)
NOT-FOR-US: MWChat
CVE-2005-3323 (docutils in Zope 2.6, 2.7 before 2.7.8, and 2.8 before 2.8.2
allows ...)
- - zope2.8 2.8.1-7 (bug #334055; high)
- - zope2.7 2.7.8-1 (bug #334055; high)
+ - zope2.8 2.8.1-7 (bug #334055; bug #334054; high)
+ - zope2.7 2.7.8-1 (bug #334055; bug #334054; high)
CVE-2005-3322 (Unspecified vulnerability in Squid on SUSE Linux 9.0 allows
remote ...)
TODO: check
CVE-2005-3321 (chkstat in SuSE Linux 9.0 through 10.0 allows local users to
modify ...)
@@ -1630,7 +1630,7 @@
- wine 0.0.20050830-1 (bug #327261; bug #327262; high)
CVE-2005-2920 (Buffer overflow in libclamav/upx.c in Clam AntiVirus (ClamAV)
before ...)
{DSA-824-1 DTSA-19-1}
- - clamav 0.87-1 (bug #328660; medium)
+ - clamav 0.87-1 (bug #328660; bug #329280; medium)
CVE-2005-2919 (libclamav/fsg.c in Clam AntiVirus (ClamAV) before 0.87 allows
remote ...)
{DSA-824-1 DTSA-19-1}
- clamav 0.87-1 (bug #328660; medium)
@@ -1665,7 +1665,6 @@
- chmlib 0.36-1 (bug #327431)
CVE-2005-2802
REJECTED
- NOTE: rejected, initially ipt_recent related
CVE-2005-2878 (Format string vulnerability in search.c in the imap4d server in
GNU ...)
{DSA-841-1 DTSA-20-1}
- mailutils 1:0.6.90-3 (bug #327424; high)
@@ -2156,8 +2155,9 @@
CVE-2005-2660 (apachetop 0.12.5 and earlier, when running in debug mode, allows
local ...)
{DSA-839-1}
- apachetop 0.12.5-3 (unknown)
-CVE-2005-2659
+CVE-2005-2659 [Buffer overflow in chmlib''s LZX decompressor]
RESERVED
+ - chmlib 0.37-2 (unknown)
CVE-2005-2658 (Buffer overflow in utility.cpp in Turquoise SuperStat (turqstat)
2.2.4 ...)
{DSA-812-1}
- turqstat 2.2.4-1 (medium)
Modified: data/DSA/list
==================================================================---
data/DSA/list 2005-11-07 12:59:27 UTC (rev 2685)
+++ data/DSA/list 2005-11-07 17:30:10 UTC (rev 2686)
@@ -1,3 +1,7 @@
+[07 Nov 2005] DSA-886-1 chmlib - several
+ {CVE-2005-2659 CVE-2005-2930 CVE-2005-3318}
+ [sarge] - chmlib 0.35-6sarge1
+ NOTE: not fixed in testing at time of DSA (not built on all archs)
[07 Nov 2005] DSA-885-1 openvpn - several
{CVE-2005-3393 CVE-2005-3409}
[sarge] - openvpn 2.0-1sarge2