Secure testing commits - Mar 2006 - r3556 - data/CVE

Author: jmm-guest
Date: 2006-03-05 12:05:57 +0000 (Sun, 05 Mar 2006)
New Revision: 3556

Modified:
   data/CVE/list
Log:
bugnums


Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-03-04 22:33:24 UTC (rev 3555)
+++ data/CVE/list	2006-03-05 12:05:57 UTC (rev 3556)
@@ -1159,7 +1159,7 @@
 	RESERVED
 CVE-2006-0455 (gpgv in GnuPG 1.4.x before 1.4.2.1, when using unattended
signature ...)
 	{DSA-978-1}
-	- gnupg <unfixed> (bug #353017; bug #353019; medium)
+	- gnupg <unfixed> (bug #353017; bug #353019; bug #354620; medium)
 	[woody] - gnupg 1.0.6-4woody4
 	[sarge] - gnupg 1.4.1-1sarge1
 	NOTE: http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000211.html
indicates that
@@ -1738,11 +1738,11 @@
 	NOT-FOR-US: TankLogger
 CVE-2006-0208 (Multiple cross-site scripting (XSS) vulnerabilities in PHP
5.1.1, when ...)
 	- php5 5.1.2-1
-	- php4 4:4.4.2-1
+	- php4 4:4.4.2-1 (bug #354682)
 	NOTE: html_errors shouldn''t be used, probably no-dsa
 CVE-2006-0207 (Multiple HTTP response splitting vulnerabilities in PHP 5.1.1
allow ...)
 	- php5 5.1.2-1
-	- php4 4:4.4.2-1
+	- php4 4:4.4.2-1 (bug #354683)
 	NOTE: According to Hardened PHP advisory PHP4 isn''t affected, but
upstream changelog
 	NOTE: is a bit ambigious, if might be affected after all
 	TODO: Ping maintainers, Hardened PHP or upstream
@@ -5520,22 +5520,22 @@
 	{DSA-885-1}
 	- openvpn 2.0.5-1 (bug #336751; medium)
 CVE-2005-3392 (Unspecified vulnerability in PHP before 4.4.1, when using the
virtual ...)
-	- php4 4:4.4.2-1 (bug #336645; low)
+	- php4 4:4.4.2-1 (bug #336645; bug #354681; low)
 	- php5 5.1.1-1 (bug #336654; low)
 	NOTE: According to CVE, this is a safe mode violation,
 	NOTE: therefore low impact.  (According to SuSE, it''s an
 	NOTE: information leak.)
 CVE-2005-3391 (Multiple vulnerabilities in PHP before 4.4.1 allow remote
attackers to ...)
-	- php4 4:4.4.2-1 (bug #336645; low)
+	- php4 4:4.4.2-1 (bug #336645; bug #354678; low)
 	- php5 5.1.1-1 (bug #336654; low)
 	NOTE: This is a safe mode violation, therefore low impact.
 CVE-2005-3390 (The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x
up to ...)
-	- php4 4:4.4.2-1 (bug #336645; low)
+	- php4 4:4.4.2-1 (bug #336645; bug #354680; low)
 	- php5 5.1.1-1 (bug #336654; high)
 	NOTE: http://www.hardened-php.net/advisory_202005.79.html
 	NOTE: http://www.hardened-php.net/globals-problem
 CVE-2005-3389 (The parse_str function in PHP 4.x up to 4.4.0 and 5.x up to
5.0.5, ...)
-	- php4 4:4.4.2-1 (bug #336645; low)
+	- php4 4:4.4.2-1 (bug #336645; bug #354690; low)
 	- php5 5.1.1-1 (bug #336654; low)
 	NOTE: http://www.hardened-php.net/advisory_192005.78.html
 CVE-2005-3388 (Cross-site scripting (XSS) vulnerability in the phpinfo function
in ...)
@@ -5736,7 +5736,7 @@
 CVE-2005-3320 (Cross-site scripting (XSS) vulnerability in SiteTurn Domain
Manager ...)
 	NOT-FOR-US: SiteTurn Domain Manager
 CVE-2005-3319 (The apache2handler SAPI (sapi_apache2.c) in the Apache module
...)
-	- php4 4:4.4.2-1 (bug #336004; low)
+	- php4 4:4.4.2-1 (bug #336004; bug #354684; low)
 	- php5 5.1.1-1 (bug #336005; low)
 CVE-2005-3318 (Buffer overflow in the _chm_decompress_block function in CHM lib
...)
 	{DSA-886-1}
@@ -6653,7 +6653,7 @@
 	- kernel-source-2.4.27 <not-affected>
 	[sarge] - kernel-source-2.6.8 <unfixed> (bug #332596)
 CVE-2005-3054 (fopen_wrappers.c in PHP 4.4.0, and possibly other versions, does
not ...)
-	- php4 4:4.4.0-3 (bug #353585; medium)
+	- php4 4:4.4.0-3 (bug #353585; bug #354685; medium)
 	- php5 5.0.5-2 (bug #353585; medium)
 CVE-2005-3053 (The sys_set_mempolicy function in mempolicy.c in Linux kernel
2.6.x ...)
 	- linux-2.6 2.6.12-3 (bug #330343; bug #330353; medium)
@@ -17764,7 +17764,7 @@
 	- less <not-affected> (Red Hat specific less bug)
 CVE-2005-0085 (Cross-site scripting (XSS) vulnerability in ht://dig (htdig)
before ...)
 	{DSA-680-1}
-	- htdig 1:3.1.6-11
+	- htdig 1:3.1.6-11 (bug #305996)
 CVE-2005-0084 (Buffer overflow in the X11 dissector in Ethereal 0.8.10 through
0.10.8 ...)
 	{DSA-653-1}
 	- ethereal 0.10.9-1