Moritz Muehlenhoff
2006-Oct-03 11:12 UTC
[Secure-testing-commits] r4802 - in data: CVE DSA
Author: jmm-guest
Date: 2006-10-03 11:12:26 +0000 (Tue, 03 Oct 2006)
New Revision: 4802
Modified:
data/CVE/list
data/DSA/list
Log:
openssl DSA has been updated
busybox from sarge not affected by path traversal
libmikmod int overflow doesn''t apply to Debian''s version
bugnums
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-10-03 09:14:22 UTC (rev 4801)
+++ data/CVE/list 2006-10-03 11:12:26 UTC (rev 4802)
@@ -195,6 +195,7 @@
NOTE: However, we''ll fix openssh as well just to make sure
CVE-2006-5050 (Directory traversal vulnerability in httpd in Rob Landley
BusyBox ...)
- busybox <unfixed> (bug #390555; low)
+ [sarge] - busybox <not-affected> (Vulnerable code not present)
CVE-2006-5049 (Unspecified vulnerability in Classifieds (com_classifieds)
component ...)
NOT-FOR-US: Classifieds (com_classifieds) component for Joomla!
CVE-2006-5048 (Unspecified vulnerability in Security Images
(com_securityimages) ...)
@@ -2779,7 +2780,7 @@
CVE-2006-3880 (** DISPUTED ** ...)
NOT-FOR-US: Zen Cart
CVE-2006-3879 (Integer overflow in the loadChunk function in loaders/load_gt2.c
in ...)
- - libmikmod2 <unfixed> (bug #381379)
+ - libmikmod2 <not-affected> (Debian''s 3.1.1 version
doesn''t have GT2 support)
CVE-2006-3878 (Opsware Network Automation System (NAS) 6.0 installs
/etc/init.d/mysql ...)
NOT-FOR-US: Opsware Network Automation System
CVE-2006-3877
@@ -5197,7 +5198,7 @@
CVE-2005-2460 (Multiple cross-site scripting (XSS) vulnerabilities in Kayako
...)
NOT-FOR-US: Kayako liveResponse
CVE-2006-2842 (** DISPUTED ** ...)
- - squirrelmail 2:1.4.7-1 (unimportant)
+ - squirrelmail 2:1.4.7-1 (unimportant; bug #373731)
NOTE: Only exploitable with register_globals enabled
CVE-2006-XXXX [XSS vulnerability in dokuwikis''s "Fullname"
and "E-Mail" fields]
- dokuwiki <unfixed> (medium)
@@ -8419,8 +8420,8 @@
- mysql <removed> (bug #365939; low)
CVE-2006-1516 (The check_connection function in sql_parse.cc in MySQL 4.0.x up
to ...)
{DSA-1079-1 DSA-1073-1 DSA-1071-1}
- - mysql-dfsg-5.0 5.0.21-1 (bug #365939; low)
- - mysql-dfsg-4.1 <removed> (bug #365939; low)
+ - mysql-dfsg-5.0 5.0.21-1 (bug #365939; bug #365938; low)
+ - mysql-dfsg-4.1 <removed> (bug #365939; bug #366043; low)
- mysql-dfsg <removed> (bug #365939; bug #356751; low)
- mysql <removed> (bug #365939; low)
CVE-2006-1515 (Buffer overflow in the addnewword function in typespeed 0.4.4
and ...)
Modified: data/DSA/list
==================================================================---
data/DSA/list 2006-10-03 09:14:22 UTC (rev 4801)
+++ data/DSA/list 2006-10-03 11:12:26 UTC (rev 4802)
@@ -4,9 +4,10 @@
[30 Sep 2006] DSA-1186-1 cscope
{CVE-2006-4262}
[sarge] - cscope 15.5-1.1sarge2
-[28 Sep 2006] DSA-1185-1 openssl
+[28 Sep 2006] DSA-1185-2 openssl
{CVE-2006-2940 CVE-2006-3738 CVE-2006-4343 CVE-2006-2937}
- [sarge] - openssl 0.9.7e-3sarge3
+ [sarge] - openssl 0.9.7e-3sarge4
+ NOTE: First DSA had a minor regression
[22 Sep 2006] DSA-1182-1 gnutls11
{CVE-2006-4790}
[sarge] - gnutls11 1.0.16-13.2sarge2