Moritz Muehlenhoff
2006-Apr-05 08:21 UTC
[Secure-testing-commits] r3752 - in data: . CVE DSA
Author: jmm-guest
Date: 2006-04-05 08:20:25 +0000 (Wed, 05 Apr 2006)
New Revision: 3752
Modified:
data/CVE/list
data/DSA/list
data/ID_pending
Log:
record kernel DSA update
clamav partially CVEfied and fully fixed
bugnum
remove non-issue
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-04-04 21:07:42 UTC (rev 3751)
+++ data/CVE/list 2006-04-05 08:20:25 UTC (rev 3752)
@@ -1,7 +1,9 @@
-CVE-2006-XXXX [clamav 0.88.1 integer overflow]
- - clamav <unfixed>
+CVE-2006-1614 [clamav 0.88.1 integer overflow]
+ - clamav 0.88.1-1
CVE-2006-XXXX [clamav 0.88.1 fix possible crash in cli_bitset_test()]
- - clamav <unfixed>
+ - clamav 0.88.1-1
+CVE-2006-1615 [clamav 0.88.1 format string flaws]
+ - clamav 0.88.1-1
CVE-2006-1586 (SQL injection vulnerability in admin_login.asp in ISP of Egypt
SiteMan ...)
NOT-FOR-US: Egypt SiteMan
CVE-2006-1585 (Multiple SQL injection vulnerabilities in MonAlbum 0.8.7 allow
remote ...)
@@ -5607,7 +5609,7 @@
CVE-2005-3788 (Race condition in Cisco Adaptive Security Appliance (ASA)
7.0(0), ...)
NOT-FOR-US: Cisco appliance
CVE-2005-3787 (Multiple cross-site scripting (XSS) vulnerabilities in
phpMyAdmin ...)
- - phpmyadmin 4:2.6.4-pl4-1
+ - phpmyadmin 4:2.6.4-pl4-1 (bug #360726)
CVE-2005-3786 (Novell ZENworks for Desktops 4.0.1, ZENworks for Servers 3.0.2,
and ...)
NOT-FOR-US: Novell ZENworks
CVE-2005-3785 (Second-order symlink vulnerability in eix-sync.in in Ebuild
IndeX ...)
@@ -14731,8 +14733,6 @@
NOTE: stored in user''s home directories instead.
TODO: check possibility of exploitation via scripting language,
TODO: as mentioned in the bug report as a separate issue
-CVE-2005-XXXX [Insecure handling of gpg passphrases in gabber]
- - gabber <unfixed> (bug #177776; low)
CVE-2005-1470 (Multiple unknown vulnerabilities in the (1) TZSP, (2) MGCP, (3)
ISUP, ...)
- ethereal 0.10.10-2sarge2
CVE-2005-1469 (Unknown vulnerability in the GSM dissector in Ethereal before
0.10.11 ...)
Modified: data/DSA/list
==================================================================---
data/DSA/list 2006-04-04 21:07:42 UTC (rev 3751)
+++ data/DSA/list 2006-04-05 08:20:25 UTC (rev 3752)
@@ -14,6 +14,7 @@
[24 Mar 2006] DSA-1018-1 kernel-source-2.4.27 - several
{CVE-2004-0887 CVE-2004-1058 CVE-2004-2607 CVE-2005-0449 CVE-2005-1761
CVE-2005-2457 CVE-2005-2555 CVE-2005-2709 CVE-2005-2973 CVE-2005-3257
CVE-2005-3783 CVE-2005-3806 CVE-2005-3848 CVE-2005-3857 CVE-2005-3858
CVE-2005-4618}
[sarge] - kernel-source-2.4.27 2.4.27-10sarge2
+ NOTE: An update 1018-2 was issued later, but it doesn''t contain
noteworthy data
[23 Mar 2006] DSA-1017-1 kernel-source-2.6.8 - several
{CVE-2004-1017 CVE-2005-0124 CVE-2005-0449 CVE-2005-2457 CVE-2005-2490
CVE-2005-2555 CVE-2005-2709 CVE-2005-2800 CVE-2005-2973 CVE-2005-3044
CVE-2005-3053 CVE-2005-3055 CVE-2005-3180 CVE-2005-3181 CVE-2005-3257
CVE-2005-3356 CVE-2005-3358 CVE-2005-3783 CVE-2005-3784 CVE-2005-3806
CVE-2005-3847 CVE-2005-3848 CVE-2005-3857 CVE-2005-3858 CVE-2005-4605
CVE-2005-4618 CVE-2006-0095 CVE-2006-0096 CVE-2006-0482 CVE-2006-1066}
[sarge] - kernel-source-2.6.8 2.6.8-16sarge2
Modified: data/ID_pending
==================================================================---
data/ID_pending 2006-04-04 21:07:42 UTC (rev 3751)
+++ data/ID_pending 2006-04-05 08:20:25 UTC (rev 3752)
@@ -333,8 +333,6 @@
TODO: as mentioned in the bug report as a separate issue
CVE-2005-XXXX [Less secure default setting in pwgen or the lack documentation
about it]
- pwgen 2.04-1
-CVE-2005-XXXX [Insecure handling of gpg passphrases in gabber]
- - gabber <unfixed> (bug #177776; low)
CVE-2005-XXXX [Missing input validation in xtradius]
- xtradius 1.2.1-beta2-2 (bug #307796; unimportant)
CVE-2005-XXXX [fai tempfile vulnerability]