Moritz Muehlenhoff
2006-Mar-27 23:26 UTC
[Secure-testing-commits] r3701 - in data: . CVE DSA
Author: jmm-guest
Date: 2006-03-27 23:25:11 +0000 (Mon, 27 Mar 2006)
New Revision: 3701
Modified:
data/CVE/list
data/DSA/list
data/ID_pending
Log:
new flex DSA
another CVE ID for older bugzilla issue
one real issue didn''t affect helix after all
remove non-issue
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-03-27 16:30:14 UTC (rev 3700)
+++ data/CVE/list 2006-03-27 23:25:11 UTC (rev 3701)
@@ -259,6 +259,7 @@
NOT-FOR-US: Inprotect
CVE-2006-1269 (Buffer overflow in the parse function in parse.c in zoo 2.10
might ...)
- zoo <unfixed> (low)
+ [sarge] - zoo <no-dsa> (Attack vector very far-fetched, hardly
exploitable)
CVE-2006-1268 (The Internet Key Exchange implementation in Funkwerk X2300 7.2.1
...)
NOT-FOR-US: Funkwerk X2300
CVE-2006-1267 (Invision Power Board 2.1.4 allows remote attackers to hijack
sessions ...)
@@ -1058,7 +1059,9 @@
[woody] - bugzilla <not-affected> (Only 2.17 and above are affected)
[sarge] - bugzilla <not-affected> (Only 2.17 and above are affected)
CVE-2006-0913 (SQL injection vulnerability in whineatnews.pl in Bugzilla 2.17
through ...)
- TODO: check
+ - bugzilla <unfixed> (bug #354457)
+ [woody] - bugzilla <not-affected> (Only 2.17 and above are affected)
+ [sarge] - bugzilla <not-affected> (Only 2.17 and above are affected)
CVE-2006-0912 (Oreka before 0.5 allows remote attackers to cause a denial of
service ...)
TODO: check
CVE-2006-0911 (NmService.exe in Ipswitch WhatsUp Professional 2006 allows
remote ...)
@@ -2461,7 +2464,7 @@
CVE-2006-0324 (SQL injection vulnerability in WebspotBlogging 3.0 allows remote
...)
NOT-FOR-US: WebspotBlogging
CVE-2006-0323 (Buffer overflow in multiple RealNetworks products and versions
...)
- - helix-player <unfixed> (bug #358754; medium)
+ NOT-FOR-US: Real Player (initial advisory claimed Helix affected, which is
incorrect
CVE-2006-0322 (Unspecified vulnerability the edit comment formatting
functionality in ...)
- mediawiki <unfixed> (low)
CVE-2005-4666 (Cross-site scripting (XSS) vulnerability in PHlyMail before 3.3
Beta1 ...)
@@ -10199,8 +10202,6 @@
NOT-FOR-US: AppWeb HTTP server
CVE-2004-2213 (Mbedthis AppWeb HTTP server before 1.1.3 allows remote attackers
to ...)
NOT-FOR-US: AppWeb HTTP server
-CVE-2005-XXXX [strobe reads file from unsafe directory]
- - netdiag 0.7-7.1 (bug #206905; low)
CVE-2005-XXXX [Integer overflow in ffmpeg''s MPEG encoding]
- ffmpeg 0.cvs20050811-1 (bug #320150; medium)
CVE-2005-XXXX [xgalaga score file segfault]
Modified: data/DSA/list
==================================================================---
data/DSA/list 2006-03-27 16:30:14 UTC (rev 3700)
+++ data/DSA/list 2006-03-27 23:25:11 UTC (rev 3701)
@@ -1,3 +1,6 @@
+[28 Mar 2006] DSA-1020-1 flex - buffer overflow
+ {CVE-2006-0459}
+ [sarge] - flex 2.5.31-31sarge1
[24 Mar 2006] DSA-1019-1 koffice - several
{CVE-2006-1244}
[sarge] - koffice 1.3.5-4.sarge.3
Modified: data/ID_pending
==================================================================---
data/ID_pending 2006-03-27 16:30:14 UTC (rev 3700)
+++ data/ID_pending 2006-03-27 23:25:11 UTC (rev 3701)
@@ -147,8 +147,6 @@
CVE-2005-XXXX [microcode.ctl downloads microcode w/o user confirmation]
- microcode.ctl <unfixed> (bug #282583; unimportant)
NOTE: The validity of the microcode is ensure inside the CPU
-CVE-2005-XXXX [Unsafe user of snprintf() in icebreaker''s highscore
list]
- - icebreaker 1.21-9.1 (bug #297644; low)
CVE-2001-XXXX [gnupg: inproper flagging of signatures as being local]
- gnupg 1.0.7-1 (bug #107374)
CVE-2003-XXXX [Insecure temp files in lilo]