Moritz Muehlenhoff
2006-Mar-10 12:19 UTC
[Secure-testing-commits] r3580 - in data: CVE DSA
Author: jmm-guest
Date: 2006-03-10 12:19:18 +0000 (Fri, 10 Mar 2006)
New Revision: 3580
Modified:
data/CVE/list
data/DSA/list
Log:
new ffmpeg and zoo DSAs
update on curl DSA
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-03-10 10:25:34 UTC (rev 3579)
+++ data/CVE/list 2006-03-10 12:19:18 UTC (rev 3580)
@@ -3963,7 +3963,7 @@
CVE-2005-4008 (SQL injection vulnerability in jax_calendar.php in Jax Calendar
1.34 ...)
NOT-FOR-US: Jax Calendar
CVE-2005-4077 (Multiple off-by-one errors in the cURL library (libcurl) 7.11.2
...)
- {DSA-919-1}
+ {DSA-919-2}
- curl 7.15.1-1 (bug #342339; bug #342696; medium)
[sarge] - curl 7.13.2-2sarge4 (medium)
[woody] - curl <not-affected> (Only curl >= 7.11 is vulnerable)
@@ -6630,7 +6630,6 @@
CVE-2005-XXXX [xscreensaver does not maintain screen locks during upgrade]
- xscreensaver 4.23-2 (bug #334193; low)
CVE-2005-3185 (Stack-based buffer overflow in the ntlm_output function in
http-ntlm.c ...)
- {DSA-919-1}
- wget 1.10.2-1 (medium)
[sarge] - wget <not-affected> (Does not contain NTML authentication
code)
[woody] - wget <not-affected> (Does not contain NTML authentication
code)
Modified: data/DSA/list
==================================================================---
data/DSA/list 2006-03-10 10:25:34 UTC (rev 3579)
+++ data/DSA/list 2006-03-10 12:19:18 UTC (rev 3580)
@@ -1,3 +1,12 @@
+[10 Mar 2006] DSA-992-1 ffmpeg - buffer overflow
+ {CVE-2005-4048}
+ [sarge] - ffmpeg 0.cvs20050313-2sarge1
+ NOTE: fixed in testing at the time of DSA
+[10 Mar 2006] DSA-991-1 zoo - buffer overflow
+ {CVE-2006-0855}
+ [woody] - zoo 2.10-9woody0
+ [sarge] - zoo 2.10-11sarge0
+ NOTE: not fixed in testing at the time of DSA (too young)
[10 Mar 2006] DSA-990-1 bluez-hcidump - programming error
{CVE-2006-0670}
[sarge] - bluez-hcidump 1.17-1sarge1
@@ -340,11 +349,12 @@
[woody] - ethereal 0.9.4-1woody14
[sarge] - ethereal 0.10.10-2sarge3
NOTE: not fixed in testing at time of DSA (unfixed in sid)
-[12 Dec 2005] DSA-919-1 curl - buffer overflow
- {CVE-2005-4077 CVE-2005-3185}
- [woody] - curl 7.9.5-1woody1
- [sarge] - curl 7.13.2-2sarge4
+[12 Dec 2005] DSA-919-2 curl - buffer overflow
+ {CVE-2005-4077}
+ [woody] - curl 7.9.5-1woody2
+ [sarge] - curl 7.13.2-2sarge5
NOTE: partially fixed in testing at time of DSA
+ NOTE: Initial -1 DSA was incomplete
[09 Dec 2005] DSA-918-1 osh - programming error
{CVE-2005-3346 CVE-2005-3533}
[woody] - osh 1.7-11woody2