Moritz Muehlenhoff
2005-Dec-02 21:16 UTC
[Secure-testing-commits] r2921 - in data: CVE DSA
Author: jmm-guest
Date: 2005-12-02 08:58:04 +0000 (Fri, 02 Dec 2005)
New Revision: 2921
Modified:
data/CVE/list
data/DSA/list
Log:
new helix dsa
Modified: data/CVE/list
==================================================================---
data/CVE/list 2005-12-01 23:16:28 UTC (rev 2920)
+++ data/CVE/list 2005-12-02 08:58:04 UTC (rev 2921)
@@ -3781,9 +3781,9 @@
CVE-2005-2631 (Cisco Clean Access (CCA) 3.3.0 to 3.3.9, 3.4.0 to 3.4.5, and
3.5.0 to ...)
NOT-FOR-US: Cisco
CVE-2005-2630 (Heap-based buffer overflow in DUNZIP32.DLL for RealPlayer 8, 10,
and ...)
- - helix-player <unfixed> (bug #340270)
+ - helix-player <not-affected> (Only Windows version of Real are
affected)
CVE-2005-2629 (Integer overflow in RealNetworks RealPlayer 8, 10, and 10.5,
RealOne ...)
- - helix-player <unfixed> (bug #340270)
+ - helix-player 1.0.6-1 (bug #340270; medium)
CVE-2005-2628 (Macromedia Flash 6 and 7 (Flash.ocx) allows remote attackers to
...)
- flashplugin-nonfree 7.0.61-1 (bug #339290; high)
CVE-2005-2627 (Multiple integer underflows in Kismet before 2005-08-R1 allow
remote ...)
@@ -14753,9 +14753,7 @@
- kernel-patch-2.4.27-mips 2.4.27-8.040815-1
- kernel-patch-powerpc-2.4.27 2.4.27-3
- kernel-image-2.4.27-sparc 2.4.27-2
- NOTE: above should cover 2.4
- kernel-source-2.6.8 2.6.8-11
- NOTE: and the binaries built from it
CVE-2004-1055 (Multiple cross-site scripting (XSS) vulnerabilities in
phpMyAdmin ...)
- phpmyadmin 2:2.6.0-pl3-1
CVE-2004-1054 (Untrusted execution path vulnerability in invscout in IBM AIX
5.1.0, ...)
Modified: data/DSA/list
==================================================================---
data/DSA/list 2005-12-01 23:16:28 UTC (rev 2920)
+++ data/DSA/list 2005-12-02 08:58:04 UTC (rev 2921)
@@ -1,3 +1,7 @@
+[02 Dec 2005] DSA-915-1 helix-player - buffer overflow
+ {CVE-2005-2629}
+ [sarge] - helix-player 1.0.4-1sarge2
+ NOTE: fixed in testing at time of DSA (not in testing due to RC bugs)
[01 Dec 2005] DSA-914-1 horde2 - missing input sanitising
{CVE-2005-3570}
[sarge] - horde2 2.2.8-1sarge1