Moritz Muehlenhoff
2006-Mar-27 07:30 UTC
[Secure-testing-commits] r3696 - in data: CVE DSA
Author: jmm-guest
Date: 2006-03-27 07:29:32 +0000 (Mon, 27 Mar 2006)
New Revision: 3696
Modified:
data/CVE/list
data/DSA/list
Log:
add missing CVE ID to netpbm DSA
correct CVE ID from trac DSA
remove temp phpldapadmin entry, already CVEfied
record minor leafnode issue fixed through s-p-u
no-dsa for a minor old mutt issue
remove old pwgen entry, not worth keeping
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-03-26 20:19:22 UTC (rev 3695)
+++ data/CVE/list 2006-03-27 07:29:32 UTC (rev 3696)
@@ -8604,14 +8604,12 @@
- maildrop 1.5.3-2 (bug #325135; medium)
CVE-2005-2654 (phpldapadmin before 0.9.6c allows remote attackers to gain
anonymous ...)
{DSA-790-1}
- - phpldapadmin 0.9.6c-5 (medium)
+ - phpldapadmin 0.9.6c-5 (bug #322423; medium)
- egroupware <not-affected> (copy included is older and not vulnerable;
bug #339583)
CVE-2005-XXXX [cplay - still unsafe temporary file handling vulnerable to
symlink attacks]
- cplay 1.49-8 (bug #324913; low)
[woody] - cplay <not-affected> (CPLAY_TMP doesn''t exist in this
version)
NOTE: Sarge is affected
-CVE-2005-XXXX [$servers[$i][''disable_anon_bind''] = true
doesn''t prevent anonymous to access ldap directory]
- - phpldapadmin 0.9.6c-5 (bug #322423; low)
CVE-2005-2672 (pwmconfig in LM_sensors before 2.9.1 creates temporary files
...)
{DSA-814-1 DTSA-17-1}
- lm-sensors 1:2.9.1-7 (bug #324193; medium)
@@ -12324,7 +12322,7 @@
REJECTED
CVE-2005-1911 (The fetchnews NNTP client in leafnode 1.11.2 and earlier can
hang ...)
- leafnode 1.11.3.rel-1 (bug #338886; low)
- [sarge] - leafnode <no-dsa> (Very minor issue, not worth a fix)
+ [sarge] - leafnode 1.11.2.rel-1.0sarge0
CVE-2005-1910 (SQL injection vulnerability in login.asp for WWWeb Concepts
Events ...)
NOT-FOR-US: WWWeb Concepts Events System
CVE-2005-1909 (The web server control panel in 602LAN SUITE 2004 allows remote
...)
@@ -12796,6 +12794,7 @@
CVE-2005-2351 [Minor DoS condition in mutt due to preditable tempfiles]
RESERVED
- mutt <unfixed> (bug #311296; low)
+ [sarge] <no-dsa> (Minor annoyance, not a real DoS)
CVE-2005-XXXX [gforge arbitrary code execution through viewFile.php]
NOTE: viewFile.php has been removed along with other files in -26, so Debian
is
NOTE: no longer affected.
@@ -14246,8 +14245,6 @@
NOTE: stored in user''s home directories instead.
TODO: check possibility of exploitation via scripting language,
TODO: as mentioned in the bug report as a separate issue
-CVE-2005-XXXX [Less secure default setting in pwgen or the lack documentation
about it]
- - pwgen 2.04-1
CVE-2005-XXXX [Insecure handling of gpg passphrases in gabber]
- gabber <unfixed> (bug #177776; low)
CVE-2005-1470 (Multiple unknown vulnerabilities in the (1) TZSP, (2) MGCP, (3)
ISUP, ...)
Modified: data/DSA/list
==================================================================---
data/DSA/list 2006-03-26 20:19:22 UTC (rev 3695)
+++ data/DSA/list 2006-03-27 07:29:32 UTC (rev 3696)
@@ -531,7 +531,7 @@
[sarge] - mantis 0.19.2-4.1
NOTE: fixed in testing at time of DSA
[21 Nov 2005] DSA-904-1 netpbm-free - buffer overflows
- {CVE-2005-3632}
+ {CVE-2005-3632 CVE-2005-3662}
[woody] - netpbm-free 2:9.20-8.5
[sarge] - netpbm-free 2:10.0-8sarge2
NOTE: not fixed in testing at time of DSA (unfixed in sid)
@@ -1298,7 +1298,7 @@
NOTE: anything statically linking zlib needs rebuild
NOTE: not fixed in testing at time of DSA (embargoed disclosure)
[06 Jul 2005] DSA-739-1 trac - missing input sanitising
- {CVE-2005-2007}
+ {CVE-2005-2147}
[sarge] - trac 0.8.1-3sarge2 (medium)
NOTE: fixed in testing at time of DSA
[19 May 2005] DSA-725-2 ppxp - missing privilege release