Moritz Muehlenhoff
2006-Aug-27 20:11 UTC
[Secure-testing-commits] r4642 - in data: CVE DSA
Author: jmm-guest
Date: 2006-08-27 20:10:47 +0000 (Sun, 27 Aug 2006)
New Revision: 4642
Modified:
data/CVE/list
data/DSA/list
Log:
three new DSAs
no-dsa for slash and binutils as buffer overflows
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-08-27 18:53:39 UTC (rev 4641)
+++ data/CVE/list 2006-08-27 20:10:47 UTC (rev 4642)
@@ -289,8 +289,10 @@
NOT-FOR-US: Peoplebook Component for Mambo (com_peoplebook)
CVE-2005-4808 (Buffer overflow in reset_vars in config/tc-crx.c in the GNU as
(gas) ...)
- binutils 2.17-1 (low)
+ [sarge] - binutils <no-dsa> (Only a security-problems in far-fetched
configurations)
CVE-2005-4807 (Stack-based buffer overflow in messages.c in the GNU as (gas)
...)
- binutils 2.17-1 (low)
+ [sarge] - binutils <no-dsa> (Only a security-problems in far-fetched
configurations)
CVE-2004-2663 (The (1) SetDebugging and (2) RunEgatherer methods in IBM Access
...)
NOT-FOR-US: IBM
CVE-2004-2662 (Soft3304 04WebServer before 1.41 allows remote attackers to
cause a ...)
@@ -17615,6 +17617,7 @@
NOT-FOR-US: Autogalaxy
CVE-2001-1535 (Slashcode 2.0 creates new accounts with an 8-character random
...)
- slash <unfixed> (bug #328927; low)
+ [sarge] - slash <no-dsa> (Lack of a security feature, minor security
problem)
CVE-2001-1534 (mod_usertrack in Apache 1.3.11 through 1.3.20 generates session
ID''s ...)
- apache (bug #328919; unimportant)
- apache2 <unfixed> (unimportant)
@@ -22800,6 +22803,7 @@
- squirrelmail 1:1.2.3
CVE-2002-1647 (The quick login feature in Slash Slashcode does not redirect the
user ...)
- slash <unfixed> (bug #160579; low)
+ [sarge] - slash <no-dsa> (Minor security implications)
CVE-2002-1646 (SSH Secure Shell for Servers 3.0.0 to 3.1.1 allows remote
attackers to ...)
NOT-FOR-US: commercial ssh
CVE-2002-1645 (Buffer overflow in the URL catcher feature for SSH Secure Shell
for ...)
Modified: data/DSA/list
==================================================================---
data/DSA/list 2006-08-27 18:53:39 UTC (rev 4641)
+++ data/DSA/list 2006-08-27 20:10:47 UTC (rev 4642)
@@ -1,3 +1,12 @@
+[27 Aug 2006] DSA-1158 streamripper
+ {CVE-2006-3124}
+ [sarge] - streamripper1.61.7-1sarge1
+[27 Aug 2006] DSA-1157 ruby1.8
+ {CVE-2006-3694 CVE-2006-1931}
+ [sarge] - ruby1.8 1.8.2-7sarge4
+[27 Aug 2006] DSA-1156 kdebase
+ {CVE-2006-2449}
+ [sarge] - kdebase 3.3.2-1sarge3
[24 Aug 2006] DSA-1155 sendmail - programming error
{CVE-2006-1173}
[sarge] - sendmail 8.13.4-3sarge2