Moritz Muehlenhoff
2006-Mar-20 10:45 UTC
[Secure-testing-commits] r3647 - in data: CVE DSA
Author: jmm-guest
Date: 2006-03-20 10:44:53 +0000 (Mon, 20 Mar 2006)
New Revision: 3647
Modified:
data/CVE/list
data/DSA/list
Log:
ilohamail finally fixed
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-03-20 10:35:22 UTC (rev 3646)
+++ data/CVE/list 2006-03-20 10:44:53 UTC (rev 3647)
@@ -15019,7 +15019,7 @@
{DSA-726-1}
- oops 1.5.23.cvs-2.2 (bug #307360; high)
CVE-2005-1120 (Multiple cross-site scripting (XSS) vulnerabilities in IlohaMail
...)
- - ilohamail <unfixed> (bug #304525; medium)
+ - ilohamail 0.8.14-0rc3sarge1 (bug #304525; medium)
CVE-2005-1119 (Sudo VISudo 1.6.8 and earlier allows local users to corrupt
arbitrary ...)
- sudo <unfixed> (bug #283161; unimportant)
NOTE: That''s a policy violation, but not a security problem
Modified: data/DSA/list
==================================================================---
data/DSA/list 2006-03-20 10:35:22 UTC (rev 3646)
+++ data/DSA/list 2006-03-20 10:44:53 UTC (rev 3647)
@@ -1,3 +1,7 @@
+[21 Mar 2006] DSA-1010-1 ilohamail - missing input sanitising
+ {CVE-2006-1236}
+ [sarge] - ilohamail 0.8.14-0rc3sarge1
+ NOTE: not fixed in testing at the time of DSA (too young)
[21 Mar 2006] DSA-1009-1 crossfire - buffer overflow
{CVE-2006-1236}
[woody] - crossfire 1.1.0-1woody2