Moritz Muehlenhoff
2005-Nov-13 21:59 UTC
[Secure-testing-commits] r2726 - in data: CVE DSA
Author: jmm-guest
Date: 2005-11-13 21:58:59 +0000 (Sun, 13 Nov 2005)
New Revision: 2726
Modified:
data/CVE/list
data/DSA/list
Log:
new kernel dos, more DSA conversion work
Modified: data/CVE/list
==================================================================---
data/CVE/list 2005-11-13 21:14:21 UTC (rev 2725)
+++ data/CVE/list 2005-11-13 21:58:59 UTC (rev 2726)
@@ -1,3 +1,6 @@
+CVE-2005-XXXX [kernel: NFS leases mem leak]
+ - linux-2.6 <unfixed>
+ NOTE: Pinged Horms
CVE-2002-0683 (Directory traversal vulnerability in Carello 1.3 allows remote
...)
TODO: check
CVE-2005-XXXX [user logout in drupal has no effect]
@@ -12030,9 +12033,8 @@
- kernel-source-2.6.9 2.6.9-6
- kernel-source-2.6.10 2.6.10-6
CVE-2005-0176 (The shmctl function in Linux 2.6.9 and earlier allows local
users to ...)
- NOTE: see USN-82-1
- NOTE: only affects 2.6.9
- - kernel-source-2.6.9 2.6.9-6
+ NOTE: see USN-82-1, only affects 2.6.9
+ - linux-2.6 2.6.12-1
CVE-2004-1392 (PHP 4.0 with cURL functions allows remote attackers to bypass
the ...)
- php4 4:4.3.10-3
CVE-2004-1391 (Untrusted execution path vulnerability in the PPPoE daemon
(PPPoEd) in ...)
@@ -14775,6 +14777,7 @@
RESERVED
CVE-2004-0448 (Format string vulnerability in the log function for jftpgw
0.13.4 and ...)
{DSA-510}
+ - jftpgw 0.13.4-1
CVE-2004-0447 (Unknown vulnerability in Linux before 2.4.26 for IA64 allows
local ...)
NOTE: fixed in linux 2.4.26
CVE-2004-0446
@@ -14958,6 +14961,7 @@
NOT-FOR-US: CDE
CVE-2004-0367 (Ethereal 0.10.1 to 0.10.2 allows remote attackers to cause a
denial of ...)
- ethereal 0.10.3 (bug #239576)
+ [woody] - ethereal <not-affected> (Not vulnerable per DSA-511)
CVE-2004-0366 (SQL injection vulnerability in the libpam-pgsql library before
0.5.2 ...)
{DSA-469}
NOTE: Changes probably too intrusive during freeze, maintainer did not yet ask
@@ -14965,6 +14969,7 @@
- pam-pgsql 0.5.2-9
CVE-2004-0365 (The dissect_attribute_value_pairs function in packet-radius.c
for ...)
- ethereal 0.10.3 (bug #239576)
+ [woody] - ethereal <not-affected> (Not vulnerable per DSA-511)
CVE-2004-0364 (The WrapNISUM ActiveX component (WrapUM.dll) in Norton Internet
...)
NOT-FOR-US: WrapNISUM ActiveX
CVE-2004-0363 (Stack-based buffer overflow in the SymSpamHelper ActiveX
component ...)
Modified: data/DSA/list
==================================================================---
data/DSA/list 2005-11-13 21:14:21 UTC (rev 2725)
+++ data/DSA/list 2005-11-13 21:58:59 UTC (rev 2726)
@@ -1554,13 +1554,13 @@
[woody] - gallery 1.2.5-8woody2
[30 May 2004] DSA-511 ethereal - buffer overflows
{CVE-2004-0176}
- - ethereal 0.10.3-1
+ [woody] - ethereal 0.9.4-1woody7
[29 May 2004] DSA-510 jftpgw - format string
{CVE-2004-0448}
- - jftpgw 0.13.4-1
+ [woody] - jftpgw 0.13.1-1woody1
[29 May 2004] DSA-509 gatos - privilege escalation
{CVE-2004-0395}
- - gatos 0.0.5-12
+ [woody] - gatos 0.0.5-6woody1
[22 May 2004] DSA-508 xpcd - buffer overflow
{CVE-2004-0402}
- xpcd 2.08-10