Moritz Muehlenhoff
2005-Dec-08 10:54 UTC
[Secure-testing-commits] r2983 - in data: CVE DSA
Author: jmm-guest
Date: 2005-12-08 10:53:56 +0000 (Thu, 08 Dec 2005)
New Revision: 2983
Modified:
data/CVE/list
data/DSA/list
Log:
new courier DSA
Modified: data/CVE/list
==================================================================---
data/CVE/list 2005-12-08 10:43:16 UTC (rev 2982)
+++ data/CVE/list 2005-12-08 10:53:56 UTC (rev 2983)
@@ -1408,8 +1408,9 @@
RESERVED
CVE-2005-3533
RESERVED
-CVE-2005-3532
+CVE-2005-3532 [courier-authdaemon grants access to deactivated user accounts]
RESERVED
+ - courier 0.47-12 (bug #211920; medium)
CVE-2005-3531 (fusermount in FUSE before 2.4.1, if installed setuid root,
allows ...)
- fuse <unfixed> (bug #340398; medium)
CVE-2005-3530 (Cross-site scripting (XSS) vulnerability in Antville 1.1 allows
remote ...)
Modified: data/DSA/list
==================================================================---
data/DSA/list 2005-12-08 10:43:16 UTC (rev 2982)
+++ data/DSA/list 2005-12-08 10:53:56 UTC (rev 2983)
@@ -1,3 +1,8 @@
+[08 Dec 2005] DSA-917-1 courier - programming error
+ {CVE-2005-3532}
+ [woody] - courier 0.37.3-2.8
+ [sarge] - courier 0.47-4sarge4
+ NOTE: not fixed in testing at time of DSA (waiting on GCC)
[07 Dec 2005] DSA-916-1 inkscape - buffer overflow
{CVE-2005-3737 CVE-2005-3885}
[sarge] - inkscape 0.41-4.99.sarge2