Author: jmm-guest Date: 2006-01-22 21:22:29 +0000 (Sun, 22 Jan 2006) New Revision: 3344 Modified: data/CVE/list Log: new lsh issue vlc fixed no-dsa for dump/CVE-2005-2096 Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-01-22 21:14:22 UTC (rev 3343) +++ data/CVE/list 2006-01-22 21:22:29 UTC (rev 3344) @@ -1,3 +1,5 @@ +CVE-2006-0353 [fd leak in lsh] + - lsh-utils 2.0.1cdbs-4 (low) CVE-2006-0283 (Unspecified vulnerability in Oracle Database Server 10.1.0.4.2, ...) TODO: check CVE-2006-0321 [fetchmail: segfault after bouncing a message] @@ -1960,7 +1962,7 @@ - gst-ffmpeg 0.8.7-5 (bug #343503; medium) - kino <unfixed> (medium) - smilutils <unfixed> (medium) - - vlc <unfixed> (medium) + - vlc 0.8.4.debian-2 (medium) - motion <unfixed> (medium) NOTE: kino, smilutils, motion and vlc link statically against libavcodec, need a recompile once ffmpeg is fixed CVE-2005-4047 (Cross-site scripting (XSS) vulnerability in kb.asp in IISWorks ...) @@ -8615,7 +8617,8 @@ NOTE: Sarge is affected - zsync 0.4.0-2 (bug #317968; medium) [woody] - dump <not-affected> (Woody contains zlib 1.1, which is not affected) - - dump 0.4b40-1 (bug #317966; medium) + [sarge] - dump <no-dsa> (Backups do not contain untrusted data) + - dump 0.4b40-1 (bug #317966; low) [woody] - aide <not-affected> (Woody contains zlib 1.1, which is not affected) - aide 0.10-6.1.1 (bug #317523; medium) [woody] - amd64-libs <not-affected> (Woody contains zlib 1.1, which is not affected)