Author: jmm-guest
Date: 2006-04-05 14:37:37 +0000 (Wed, 05 Apr 2006)
New Revision: 3754
Modified:
data/CVE/list
Log:
merge recent shadow/base-config issue, remove mysterious
reference to reserved old CVE ID
no-dsa for minor honeyd leak
kaffeine fixed in experimental
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-04-05 10:19:28 UTC (rev 3753)
+++ data/CVE/list 2006-04-05 14:37:37 UTC (rev 3754)
@@ -1,3 +1,5 @@
+CVE-2006-XXXX [openvpn missing setenv sanitising]
+ - openvpn <unfixed> (bug #360559; medium)
CVE-2006-1614 [clamav 0.88.1 integer overflow]
- clamav 0.88.1-1
CVE-2006-XXXX [clamav 0.88.1 fix possible crash in cli_bitset_test()]
@@ -506,7 +508,8 @@
CVE-2006-1377 (Cross-site scripting (XSS) vulnerability in img.php in (1)
EasyMoblog ...)
NOT-FOR-US: EasyMoblog
CVE-2006-1376 (The installation of Debian GNU/Linux 3.1r1 from the network
install CD ...)
- - passwd 1:4.0.14-9 (bug #358210; bug #356939)
+ - shadow 1:4.0.14-9 (bug #358210; bug #356939)
+ - base-config 2.68 (bug #254068; low)
CVE-2006-1375 (AdMan 1.0.20051221 and earlier allows remote attackers to obtain
the ...)
NOT-FOR-US: AdMan
CVE-2006-1374 (SQL injection vulnerability in viewStatement.php in AdMan
1.0.20051221 ...)
@@ -1858,6 +1861,7 @@
NOT-FOR-US: Microsoft
CVE-2006-0752 (Niels Provos Honeyd before 1.5 replies to certain illegal IP
packet ...)
- honeyd <unfixed> (bug #353064; low)
+ [sarge] - honeyd <no-dsa> (Too insignificant)
CVE-2006-0751 (Multiple unspecified vulnerabilities in the (1) Filesystem in
...)
TODO: check
CVE-2006-0750 (SQL injection vulnerability in index.php in supersmashbrothers
(SSB) ...)
@@ -3749,8 +3753,9 @@
- libimager-perl <unfixed> (bug #359661)
CVE-2006-0052 (The attachment scrubber (Scrubber.py) in Mailman 2.1.5 and
earlier, ...)
- mailman <unfixed> (bug #358892)
-CVE-2006-0051
+CVE-2006-0051 [kaffeine ram buffer overflow]
RESERVED
+ - kaffeine 0.8-1
CVE-2006-0050 (snmptrapfmt in Debian 3.0 allows local users to overwrite
arbitrary ...)
{DSA-1013-1}
- snmptrapfmt 1.10
@@ -11431,10 +11436,8 @@
NOT-FOR-US: Online Recruitment Agency
CVE-2004-2155 (Online-bookmarks before 0.4.6 allows remote attackers to bypass
its ...)
NOT-FOR-US: Online-bookmarks
-CVE-2005-2348 [base-config log should not be world readable]
+CVE-2005-2348
RESERVED
- - base-config 2.68 (bug #254068; low)
- NOTE: Sarge and Woody affected
CVE-2005-2169 (Directory traversal vulnerability in source.php in Quick
& Dirty ...)
NOT-FOR-US: PHPSource Printer
CVE-2005-2168 (delete.php in Plague News System 0.6 and earlier allows remote
...)