Moritz Muehlenhoff
2006-Oct-23 20:01 UTC
[Secure-testing-commits] r4870 - in data: CVE DSA
Author: jmm-guest
Date: 2006-10-23 20:00:27 +0000 (Mon, 23 Oct 2006)
New Revision: 4870
Modified:
data/CVE/list
data/DSA/list
Log:
three new DSAs
qt fixed
one old tetex not-affected
rewrite php non-issues to unimportant severity
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-10-22 20:18:02 UTC (rev 4869)
+++ data/CVE/list 2006-10-23 20:00:27 UTC (rev 4870)
@@ -1,4 +1,4 @@
-CVE-2006-XXXX [unspecified steam cache vulnerability]
+VE-2006-XXXX [unspecified steam cache vulnerability]
- steam 2.2.31-1
[sarge] - steam <not-affected> (Sarge version doesn''t implement
caching)
CVE-2006-5381 (Contenido CMS stores sensitive data under the web root with ...)
@@ -1196,7 +1196,7 @@
- php5 <unfixed> (bug #391586)
CVE-2006-4811 [qt pixmap overflow]
RESERVED
- - qt-x11-free <unfixed> (bug #394192)
+ - qt-x11-free 3:3.3.7-1 (bug #394192: bug #394313)
- qt4-x11 <unfixed> (bug #394192)
CVE-2006-4810
RESERVED
@@ -5265,10 +5265,9 @@
CVE-2006-3012 (SQL injection vulnerability in phpBannerExchange before 2.0
Update 6 ...)
NOT-FOR-US: phpBannerExchange
CVE-2006-3011 (The error_log function in basic_functions.c in PHP before 4.4.4
and ...)
- - php4 4:4.4.4-1 (low)
- - php5 5.1.6-1 (low)
- [sarge] - php4 <no-dsa> (Safe mode not supported)
- NOTE: only safe mode bypass
+ - php4 4:4.4.4-1 (unimportant)
+ - php5 5.1.6-1 (unimportant)
+ NOTE: Safe mode violations are not supported
CVE-2003-1303 (Buffer overflow in the imap_fetch_overview function in the IMAP
...)
NOT-FOR-US: Microsoft Internet Explore
CVE-2003-1302 (The IMAP functionality in PHP before 4.3.1 allows remote
attackers to ...)
@@ -5510,6 +5509,7 @@
CVE-2006-2906 (The LZW decoding in the gdImageCreateFromGifPtr function in the
Thomas ...)
{DSA-1117}
- libgd2 2.0.33-5 (bug #372912; low)
+ - tetex-bin <not-affected> (Links dynamically, see #382506)
CVE-2006-2905 (Partial Links 1.2.2 allows remote attackers to obtain sensitive
...)
NOT-FOR-US: Partial Links
CVE-2006-2904 (SQL injection vulnerability in index.php in Partial Links 1.2.2
allows ...)
@@ -6111,15 +6111,14 @@
{DSA-1095-1}
- freetype 2.2.1-1 (medium)
CVE-2006-2660 (Buffer consumption vulnerability in the tempnam function in PHP
5.1.4 ...)
- - php4 4:4.4.4-1 (low)
- [sarge] - php4 <no-dsa> (not worth an update, see NOTE by Sean)
+ - php4 4:4.4.4-1 (unimportant)
+ - php5 5.1.6-1 (unimportant)
NOTE: using a long enough path (>MAXPATHLEN) allows you to have
NOTE: tempnam create a file without the temp extension. sounds like
NOTE: another shoot yourself in the foot issue, since the local user
NOTE: could just as easily create the file manually, and if the
NOTE: tempnam function is taking unsanitized input, it''s an
NOTE: application error
- - php5 5.1.6-1 (low)
CVE-2006-2658 (Directory traversal vulnerability in the xsp component in
mod_mono in ...)
- xsp 1.1.15-1
CVE-2006-2657
@@ -6345,9 +6344,9 @@
CVE-2006-2564 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
in ...)
NOT-FOR-US: Alstrasoft Article Manager Pro
CVE-2006-2563 (The cURL library (libcurl) in PHP 4.4.2 and 5.1.4 allows
attackers to ...)
- - php4 4:4.4.4-1 (bug #370166; low)
- [sarge] - php4 <no-dsa> (Safe mode violations not supported)
- - php5 5.1.6-1 (bug #370165; low)
+ - php4 4:4.4.4-1 (bug #370166; unimportant)
+ - php5 5.1.6-1 (bug #370165; unimportant)
+ NOTE: Safe mode violations are not supported
CVE-2006-2562 (ZyXEL P-335WT router allows remote attackers to bypass access
...)
NOT-FOR-US: ZyXEL P-335WT router
CVE-2006-2561 (Edimax BR-6104K router allows remote attackers to bypass access
...)
@@ -8671,9 +8670,9 @@
CVE-2006-1609 (Unspecified vulnerability in Hitachi XFIT/S, XFIT/S/JCA,
XFIT/S/ZGN, ...)
NOT-FOR-US: Hitachi XFIT
CVE-2006-1608 (The copy function in file.c in PHP 4.4.2 and 5.1.2 allows local
users ...)
- - php4 4:4.4.4-1 (bug #361856)
- [sarge] - php4 <no-dsa> (Safe mode violations not supported)
- - php5 5.1.4-0.1 (bug #361915)
+ - php4 4:4.4.4-1 (bug #361856; unimportant)
+ - php5 5.1.4-0.1 (bug #361915; unimportant)
+ NOTE: Safe mode violations not supported
CVE-2006-1607 (Unspecified vulnerability in the banner module in Exponent CMS
before ...)
NOT-FOR-US: Exponent CMS
CVE-2006-1606 (Unspecified vulnerability in the image module in Exponent CMS
before ...)
@@ -9013,9 +9012,9 @@
CVE-2006-1495 (SQL injection vulnerability in general/sendpassword.php in (1)
...)
NOT-FOR-US: PHPCollab / NetOffice
CVE-2006-1494 (Directory traversal vulnerability in file.c in PHP 4.4.2 and
5.1.2 ...)
- - php4 4:4.4.4-1 (bug #361855)
- - php5 5.1.4-0.1 (bug #361916)
- [sarge] - php4 <no-dsa> (open_basedir violations not supported)
+ - php4 4:4.4.4-1 (bug #361855; unimportant)
+ - php5 5.1.4-0.1 (bug #361916; unimportant)
+ NOTE: open_basedir violations are not supported
CVE-2006-1493 (Cross-site scripting (XSS) vulnerability in dir.php in Explorer
XP ...)
NOT-FOR-US: Explorer XP
CVE-2006-1492 (Directory traversal vulnerability in dir.php in Explorer XP
allows ...)
@@ -10168,9 +10167,9 @@
CVE-2006-0997 (The SSL server implementation in NILE.NLM in Novell NetWare 6.5
and ...)
NOT-FOR-US: Novell
CVE-2006-0996 (Cross-site scripting (XSS) vulnerability in phpinfo (info.c) in
PHP ...)
- - php4 4:4.4.4-1 (bug #361853; low)
- - php5 5.1.4-0.1 (bug #361914)
- [sarge] - php4 <no-dsa> (not worth an update)
+ - php4 4:4.4.4-1 (bug #361853; unimportant)
+ - php5 5.1.4-0.1 (bug #361914; unimportant)
+ NOTE: Non-issue, explicit debug feature
CVE-2006-0995 (EMC Dantz Retrospect 7 backup client 7.0.107, and other versions
...)
NOT-FOR-US: EMC Dantz Retrospect
CVE-2006-0994 (Multiple Sophos Anti-Virus products, including Anti-Virus for
Windows ...)
Modified: data/DSA/list
==================================================================---
data/DSA/list 2006-10-22 20:18:02 UTC (rev 4869)
+++ data/DSA/list 2006-10-23 20:00:27 UTC (rev 4870)
@@ -1,3 +1,12 @@
+[22 Oct 2006] DSA-1197-1 python2.4
+ {CVE-2006-4980}
+ [sarge] - python2.4 2.4.1-2sarge1
+[19 Oct 2006] DSA-1196-1 clamav
+ {CVE-2006-4182 CVE-2006-5295}
+ [sarge] - clamav 0.84-2.sarge.11
+[19 Oct 2006] DSA-1196-1 clamav
+ {CVE-2006-4182 CVE-2006-5295}
+ [sarge] - clamav 0.84-2.sarge.11
[10 Oct 2006] DSA-1195-1 openssl096
{CVE-2006-2940 CVE-2006-3738 CVE-2006-4343}
[sarge] - openssl096 0.9.6m-1sarge4