Moritz Muehlenhoff
2006-Mar-15 09:25 UTC
[Secure-testing-commits] r3617 - in data: . CVE DSA
Author: jmm-guest
Date: 2006-03-15 09:24:59 +0000 (Wed, 15 Mar 2006)
New Revision: 3617
Modified:
data/CVE/list
data/DSA/list
data/flex-affected-sarge.txt
Log:
webcalendar DSA
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-03-14 21:14:28 UTC (rev 3616)
+++ data/CVE/list 2006-03-15 09:24:59 UTC (rev 3617)
@@ -4223,11 +4223,11 @@
CVE-2005-3985 (The Internet Key Exchange version 1 (IKEv1) implementation in
Astaro ...)
NOT-FOR-US: Astaro Security Linux
CVE-2005-3984 (SQL injection vulnerability in WebCalendar 1.0.1 allows remote
...)
- - webcalendar <unfixed> (bug #342090)
+ - webcalendar 1.0.2-1 (bug #342090)
CVE-2005-3983 (Unknown vulnerability in the login page for HP Systems Insight
Manager ...)
NOT-FOR-US: HP Systems Insight Manager
CVE-2005-3982 (CRLF injection vulnerability in layers_toggle.php in WebCalendar
1.0.1 ...)
- - webcalendar <unfixed> (bug #342090)
+ - webcalendar 1.0.2-1 (bug #342090)
CVE-2005-3981 (** DISPUTED ** ...)
NOT-FOR-US: Windows
CVE-2005-3980 (SQL injection vulnerability in the ticket query module in
Edgewall ...)
@@ -4394,7 +4394,7 @@
CVE-2006-0018
REJECTED
CVE-2005-3961 (export_handler.php in WebCalendar 1.0.1 allows remote attackers
to ...)
- - webcalendar <unfixed> (bug #341208; medium)
+ - webcalendar 1.0.2-1 (bug #341208; medium)
CVE-2005-3960 (Kadu 0.4.2 and 0.5.0pre allows remote attackers to cause a
denial of ...)
NOT-FOR-US: Kadu
CVE-2005-3959 (Multiple cross-site scripting (XSS) vulnerabilities in
FreeWebStat 1.0 ...)
@@ -4418,7 +4418,7 @@
CVE-2005-3950 (nuauth in NuFW 1.0.x before 1.0.16 and 1.1 allows authenticated
users ...)
- nufw 1.0.16-1 (bug #341544; medium)
CVE-2005-3949 (Multiple SQL injection vulnerabilities in WebCalendar 1.0.1
allow ...)
- - webcalendar <unfixed> (bug #341208; medium)
+ - webcalendar 1.0.2-1 (bug #341208; medium)
CVE-2005-3948 (Directory traversal vulnerability in main.php in PHPAlbum 0.2.3
and ...)
NOT-FOR-US: PHPAlbum
CVE-2005-3947 (Directory traversal vulnerability in index.php in PHP Upload
Center ...)
Modified: data/DSA/list
==================================================================---
data/DSA/list 2006-03-14 21:14:28 UTC (rev 3616)
+++ data/DSA/list 2006-03-15 09:24:59 UTC (rev 3617)
@@ -1,3 +1,7 @@
+[15 Mar 2006] DSA-1002-1 webcalendar - several
+ {CVE-2005-3949 CVE-2005-3961 CVE-2005-3982}
+ [sarge] - webcalendar 0.9.45-4sarge3
+ NOTE: not fixed in testing at the time of DSA (too young)
[14 Mar 2006] DSA-1001-1 crossfire - buffer overflow
{CVE-2006-1010}
[woody] - crossfire 1.1.0-1woody1
Modified: data/flex-affected-sarge.txt
==================================================================---
data/flex-affected-sarge.txt 2006-03-14 21:14:28 UTC (rev 3616)
+++ data/flex-affected-sarge.txt 2006-03-15 09:24:59 UTC (rev 3617)
@@ -23,7 +23,9 @@
kdeadmin
keynote
loki
-mdk
+mdk AFFECTED
+ Could potentially be exploited by sending manipulated mix assembly to
+ someone
mmorph
monit
nco
@@ -31,7 +33,8 @@
openoffice.org
plotutils
python-bibtex
-regina
+regina AFFECTED
+ Could potentially be exploited through crafted REXX files
rtai
saods9
source-highlight