Moritz Muehlenhoff
2006-Jan-20 14:53 UTC
[Secure-testing-commits] r3326 - in data: CVE DSA
Author: jmm-guest
Date: 2006-01-20 14:53:26 +0000 (Fri, 20 Jan 2006)
New Revision: 3326
Modified:
data/CVE/list
data/DSA/list
Log:
two new DSAs
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-01-20 11:24:15 UTC (rev 3325)
+++ data/CVE/list 2006-01-20 14:53:26 UTC (rev 3326)
@@ -1035,8 +1035,9 @@
[sarge] - kernel-source-2.4.27 <not-affected> (Vulnerable code not
present)
CVE-2006-0035 (The netlink_rcv_skb function in af_netlink.c in Linux kernel
2.6.15 ...)
- linux-2.6 <unfixed>
-CVE-2006-0019
+CVE-2006-0019 [kjs heap overflow]
RESERVED
+ - kdelibs <unfixed> (medium)
CVE-2005-4474 (Buffer overflow in the "Add to archive"
command in WinRAR 3.51 allows ...)
NOT-FOR-US: WinRAR
CVE-2005-4473 (Unspecified vulnerability in Macromedia JRun 4 web server (JWS)
allows ...)
Modified: data/DSA/list
==================================================================---
data/DSA/list 2006-01-20 11:24:15 UTC (rev 3325)
+++ data/DSA/list 2006-01-20 14:53:26 UTC (rev 3326)
@@ -1,3 +1,11 @@
+[20 Jan 2006] DSA-948-1 kdelibs - heap overflow
+ {CVE-2006-0019}
+ [sarge] - kdelibs 3.3.2-6.4
+ NOTE: not fixed in testing at time of DSA (unfixed in sid)
+[20 Jan 2006] DSA-947-1 clamav - heap overflow
+ {CVE-2006-0162}
+ [sarge] - clamav 0.84-2.sarge.7
+ NOTE: fixed in testing at time of DSA
[20 Jan 2006] DSA-946-1 sudo - missing input sanitising
{CVE-2005-4158 CVE-2006-0151}
[woody] - sudo 1.6.6-1.5