Moritz Muehlenhoff
2006-Mar-20 10:36 UTC
[Secure-testing-commits] r3646 - in data: CVE DSA
Author: jmm-guest
Date: 2006-03-20 10:35:22 +0000 (Mon, 20 Mar 2006)
New Revision: 3646
Modified:
data/CVE/list
data/DSA/list
Log:
new curl issue
new crossfire DSA
update on libmail-audit-perl DSA
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-03-20 09:14:23 UTC (rev 3645)
+++ data/CVE/list 2006-03-20 10:35:22 UTC (rev 3646)
@@ -535,8 +535,11 @@
CVE-2006-1062 (Unspecified vulnerability in lurker.cgi for Lurker 2.0 and
earlier ...)
{DSA-999-1}
- lurker 2.1-1
-CVE-2006-1061
+CVE-2006-1061 [curl tftp buffer overflow]
RESERVED
+ - curl <unfixed>
+ [woody] - curl <not-affected>
+ [sarge] - curl <not-affected>
CVE-2006-1060
RESERVED
CVE-2006-1059
@@ -3212,7 +3215,7 @@
CVE-2005-4537
RESERVED
CVE-2005-4536 (Mail::Audit module in libmail-audit-perl 2.1-5, when logging is
...)
- {DSA-960-2 DSA-960-1}
+ {DSA-960-3}
- libmail-audit-perl 2.1-5.1 (bug #344029; medium)
CVE-2005-4535
RESERVED
Modified: data/DSA/list
==================================================================---
data/DSA/list 2006-03-20 09:14:23 UTC (rev 3645)
+++ data/DSA/list 2006-03-20 10:35:22 UTC (rev 3646)
@@ -1,3 +1,8 @@
+[21 Mar 2006] DSA-1009-1 crossfire - buffer overflow
+ {CVE-2006-1236}
+ [woody] - crossfire 1.1.0-1woody2
+ [sarge] - crossfire 1.6.0.dfsg.1-4sarge2
+ NOTE: fixed in testing at the time of DSA
[17 Mar 2006] DSA-1008-1 kpdf - buffer overflow
{CVE-2006-0746}
[sarge] - 3.3.2-2sarge4
@@ -208,15 +213,11 @@
{CVE-2005-3191 CVE-2005-3192 CVE-2005-3193 CVE-2005-3624 CVE-2005-3625
CVE-2005-3626 CVE-2005-3627 CVE-2005-3628}
[sarge] - pdfkit.framework 0.8-2sarge1
NOTE: not fixed in testing at time of DSA (unfixed in sid)
-[31 Jan 2006] DSA-960-2 libmail-audit-perl - insecure temporary file creation
+[31 Jan 2006] DSA-960-3 libmail-audit-perl - insecure temporary file creation
{CVE-2005-4536}
- [sarge] - libmail-audit-perl 2.1-5sarge2
- NOTE: This update only corrects the update for sarge, the version in woody is
correct.
-[31 Jan 2006] DSA-960-1 libmail-audit-perl - insecure temporary file creation
- {CVE-2005-4536}
- [woody] - libmail-audit-perl 2.0-4woody1
- [sarge] - libmail-audit-perl 2.1-5sarge1
- NOTE: not fixed in testing at time of DSA (unfixed in sid)
+ [woody] - libmail-audit-perl 2.0-4woody3
+ [sarge] - libmail-audit-perl 2.1-5sarge4
+ NOTE: 960-1 and 960-2 had regressions
[30 Jan 2006] DSA-959-1 unalz - buffer overflow
{CVE-2005-3862}
[sarge] - unalz 0.30.1