Secure testing commits - Jan 2006 - r3259 - in data: CVE DSA

Author: micah
Date: 2006-01-10 17:22:41 +0000 (Tue, 10 Jan 2006)
New Revision: 3259

Modified:
   data/CVE/list
   data/DSA/list
Log:
DSA-933-1 and DSA-934-1


Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-01-10 14:00:16 UTC (rev 3258)
+++ data/CVE/list	2006-01-10 17:22:41 UTC (rev 3259)
@@ -2859,6 +2859,7 @@
 	{DSA-929-1}
 	- petris <unfixed>
 CVE-2005-3539 (Multiple eval injection vulnerabilities in HylaFAX 4.2.3 and
earlier ...)
+	{DSA-933-1}
 	- hylafax 2:4.2.4-2
 	NOTE: First patch had regressions
 CVE-2005-3538 (hfaxd in HylaFAX 4.2.3, when PAM support is disabled, accepts
...)
@@ -3921,6 +3922,7 @@
 	- pavuk 0.9.33-1 (bug #264684; high)
 	NOTE: second hole mentioned in bug report
 CVE-2005-3751 (HTTP request smuggling vulnerability in Pound before 1.9.4
allows ...)
+	{DSA-934-1}
 	[sarge] - pound 1.8.2-1sarge1
 	- pound 1.9.4-1 (low)
 	NOTE: see
http://www.apsis.ch/pound/pound_list/archive/2005/2005-10/1129827166000/index_html?fullMode=1#1129827166000
@@ -11384,6 +11386,7 @@
 CVE-2005-1392 (The SQL install script in phpMyAdmin 2.6.2 is created with ...)
 	- phpmyadmin <not-affected> (Only part of examples that an admin would
need to modify anyway)
 CVE-2005-1391 (Buffer overflow in the add_port function in APSIS Pound 1.8.2
and ...)
+        {DSA-934-1}
 	[sarge] - pound 1.8.2-1sarge1
 	- pound 1.8.2-1.1 (bug #307852; bug #311548; medium)
 CVE-2005-1390

Modified: data/DSA/list
==================================================================---
data/DSA/list	2006-01-10 14:00:16 UTC (rev 3258)
+++ data/DSA/list	2006-01-10 17:22:41 UTC (rev 3259)
@@ -1,3 +1,12 @@
+[09 Jan 2006] DSA-934-1 pound - remote
+	{CVE-2005-1391 CVE-2005-3751}
+	[sarge] - pound 1.8.2-1sarge1
+	NOTE: Fixed in testing at time of DSA
+[09 Jan 2006] DSA-933-1 hylafax - arbitrary command execution
+	{CVE-2005-3539}
+	[woody] - hylafax 4.1.1-4woody1
+	[sarge] - hylafax 4.2.1-5sarge3
+	NOTE: Not fixed in testing at time of DSA (Valid candidate should sync today)
 [09 Jan 2006] DSA-932-1 kdegraphics - buffer overflows
         {CVE-2005-3191 CVE-2005-3192 CVE-2005-3193 CVE-2005-3624 CVE-2005-3625
CVE-2005-3626 CVE-2005-3627 CVE-2005-3628}
         [sarge] - kdegraphics 3.3.2-2sarge3
@@ -2950,4 +2959,4 @@
 	[woody] - openssl 0.9.6c-2.woody.1
 [02 Jul 2002] DSA-135 libapache-mod-ssl -- buffer overflow / DoS
 	{CVE-2002-0653}
-	[woody] - libapache-mod-ssl 2.8.9-2
\ No newline at end of file
+	[woody] - libapache-mod-ssl 2.8.9-2