Secure testing commits - Jul 2006 - r4459 - data/CVE

Author: stef-guest
Date: 2006-07-27 16:29:17 +0000 (Thu, 27 Jul 2006)
New Revision: 4459

Modified:
   data/CVE/list
Log:
- CVE-2006-2898: some part of the fix seems to have been lost in asterisk
1:1.2.10.dfsg-1
- ethereal is now wireshark which fixes CVE-2006-3627 to -3632



Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-07-26 21:44:24 UTC (rev 4458)
+++ data/CVE/list	2006-07-27 16:29:17 UTC (rev 4459)
@@ -420,17 +420,23 @@
 CVE-2006-3633
 	RESERVED
 CVE-2006-3632 (Buffer overflow in Wireshark (aka Ethereal) 0.8.16 to 0.99.0
...)
-	- ethereal <unfixed> (bug #378745; high)
+	- ethereal <removed> (bug #378745; high)
+	- wireshark 0.99.2-1 (high)
 CVE-2006-3631 (Unspecified vulnerability in the SSH dissector in Wireshark (aka
...)
-	- ethereal <unfixed> (bug #378745; high)
+	- ethereal <removed> (bug #378745; high)
+	- wireshark 0.99.2-1 (high)
 CVE-2006-3630 (Multiple off-by-one errors in Wireshark (aka Ethereal) 0.9.7 to
...)
-	- ethereal <unfixed> (bug #378745; high)
+	- ethereal <removed> (bug #378745; high)
+	- wireshark 0.99.2-1 (high)
 CVE-2006-3629 (Unspecified vulnerability in the MOUNT dissector in Wireshark
...)
-	- ethereal <unfixed> (bug #378745; high)
+	- ethereal <removed> (bug #378745; high)
+	- wireshark 0.99.2-1 (high)
 CVE-2006-3628 (Multiple format string vulnerabilities in Wireshark (aka
Ethereal) ...)
-	- ethereal <unfixed> (bug #378745; high)
+	- ethereal <removed> (bug #378745; high)
+	- wireshark 0.99.2-1 (high)
 CVE-2006-3627 (Unspecified vulnerability in the GSM BSSMAP dissector in
Wireshark ...)
-	- ethereal <unfixed> (bug #378745; high)
+	- ethereal <removed> (bug #378745; high)
+	- wireshark 0.99.2-1 (high)
 	[sarge] - ethereal <no-dsa> (Vulnerable code not present)
 CVE-2006-3625 (FLV Players 8 allows remote attackers to obtain sensitive
information ...)
 	NOT-FOR-US: FLV Players
@@ -1952,7 +1958,7 @@
 CVE-2006-2899 (Unspecified vulnerability in ESTsoft InternetDISK versions
before ...)
 	NOT-FOR-US: ESTsoft InternetDISK
 CVE-2006-2898 (The IAX2 channel driver (chan_iax2) for Asterisk 1.2.x before
1.2.9 ...)
-	- asterisk 1:1.2.7.1.dfsg-3
+	- asterisk 1:1.2.10.dfsg-2 (bug #380054)
 	- iax 0.2.2-5
 	- iaxmodem 0.1.8.dfsg-2
 CVE-2006-2897 (Cross-site scripting (XSS) vulnerability in FunkBoard 0.71
allows ...)