thr3ads.net - Secure testing commits - [Secure-testing-commits] r2649

If this information is useful, please help other people find it:
Share via:

Moritz Muehlenhoff

2005-Nov-03 08:29 UTC

[Secure-testing-commits] r2649 - data/CVE

Author: jmm-guest
Date: 2005-11-03 08:29:20 +0000 (Thu, 03 Nov 2005)
New Revision: 2649

Modified:
   data/CVE/list
Log:
acidbase fixed, update on smail


Modified: data/CVE/list
==================================================================---
data/CVE/list	2005-11-03 07:43:45 UTC (rev 2648)
+++ data/CVE/list	2005-11-03 08:29:20 UTC (rev 2649)
@@ -172,7 +172,7 @@
 CVE-2005-3326 (SQL injection vulnerability in usercp.php in MyBulletinBoard
(MyBB) ...)
 	NOT-FOR-US: MyBB
 CVE-2005-3325 (SQL injection vulnerability in base_qry_main.php in Basic
Analysis and ...)
-	- acidbase <unfixed> (bug #335998; bug #336788; medium)
+	- acidbase 1.2.1-1 (bug #335998; bug #336788; medium)
 	NOTE: the fix from 1.2-2 did not address the problem fully
 	- acidlab 0.9.6b20-13
 CVE-2005-3324 (SQL injection vulnerability in chat.php in MWChat 6.8 allows
remote ...)
@@ -9034,11 +9034,13 @@
 CVE-2005-0894 (OpenmosixCollector and OpenMosixView in OpenMosixView 1.5 allow
local ...)
 	- openmosixview 1.5-7
 CVE-2005-0893 (modes.c in smail 3.2.0.120 implements signal handlers with
certain ...)
-	- smail <unfixed> (bug #301428; medium)
-	NOTE: no patch known at this time.
+	- smail <unfixed> (bug #335042; low)
+	NOTE: no patch known at this time, according to upstream impossible to exploit
+	NOTE: OTOH upstream thought the same about CVE-2005-0892, but the attack
vector
+	NOTE: seems in fact quite obscure
 CVE-2005-0892 (Buffer overflow in smail 3.2.0.120 allows remote attackers or
local ...)
 	{DSA-722-1}
-	- smail 3.2.0.115-7
+	- smail 3.2.0.115-7 (bug #301428; high)
 CVE-2005-0891 (Double-free vulnerability in gtk 2 (gtk2) before 2.2.4 allows
remote ...)
 	NOTE: The description is wrong; 2.6 is affected as well
 	- gtk+2.0 2.6.4-1
@@ -12593,7 +12595,7 @@
 	NOT-FOR-US: Netscape Directory Server on HP-UX
 CVE-2004-1235 (Race condition in the (1) load_elf_library and (2) binfmt_aout
...)
 	- linux-2.6 2.6.12-1 (bug #289202; high)
-	- kernel-source-2.4.27 2.4.27-8 (bug #289202; high)
+	- kernel-source-2.4.27 2.4.27-8 (bug #289202; bug #289708; high)
 CVE-2004-1234 (load_elf_binary in Linux before 2.4.26 allows local users to
cause a ...)
 	NOTE: fixed after 2.4.25
 CVE-2004-1233 (Integer overflow in Gadu-Gadu allows remote attackers to cause a
...)

Secure testing commits - Nov 2005 - r2649 - data/CVE

[Secure-testing-commits] r2649 - data/CVE