thr3ads.net - Secure testing commits - [Secure-testing-commits] r4453

If this information is useful, please help other people find it:
Share via:

Moritz Muehlenhoff

2006-Jul-25 10:06 UTC

[Secure-testing-commits] r4453 - data/CVE

Author: jmm-guest
Date: 2006-07-25 10:05:18 +0000 (Tue, 25 Jul 2006)
New Revision: 4453

Modified:
   data/CVE/list
Log:
new shadow issue, maintainers already aware


Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-07-24 18:37:04 UTC (rev 4452)
+++ data/CVE/list	2006-07-25 10:05:18 UTC (rev 4453)
@@ -738,7 +738,7 @@
 	{DSA-1119}
 	- hiki 0.8.6-1 (bug #378059; low)
 CVE-2006-3378 (passwd command in shadow in Ubuntu 5.04 through 6.06 LTS, when
called ...)
-	TODO: check
+	- shadow <unfixed> 
 CVE-2006-3377 (Cross-site scripting (XSS) vulnerability in JMB Software
AutoRank PHP ...)
 	NOT-FOR-US: JMB Software AutoRank PHP
 CVE-2006-3376 (Integer overflow in player.c in libwmf 0.2.8.4, as used in
multiple ...)
@@ -16732,6 +16732,7 @@
 	- dar <not-affected> (zlib not used on unstrusted input, see #317989)
 	[woody] - bacula <not-affected> (Woody contains zlib 1.1, which is not
affected)
 	- bacula 1.36.3-2 (bug #318014; medium)
+	[sarge] - bacula <no-dsa> (Backups do not contain untrusted data)
 	[woody] - sash <not-affected> (Woody contains zlib 1.1, which is not
affected)
 	- sash 3.7-6 (bug #318246; bug #318069; medium)
 	[woody] - libphysfs <not-affected> (Woody contains zlib 1.1, which is
not affected)

Secure testing commits - Jul 2006 - r4453 - data/CVE

[Secure-testing-commits] r4453 - data/CVE