Moritz Muehlenhoff
2006-Dec-17 16:41 UTC
[Secure-testing-commits] r5135 - in data: CVE DSA
Author: jmm-guest
Date: 2006-12-17 16:41:04 +0100 (Sun, 17 Dec 2006)
New Revision: 5135
Modified:
data/CVE/list
data/DSA/list
Log:
new DSAs
smail and php basedir/safemode unimportant
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-12-17 14:31:32 UTC (rev 5134)
+++ data/CVE/list 2006-12-17 15:41:04 UTC (rev 5135)
@@ -379,7 +379,9 @@
CVE-2006-6384 (Absolute path traversal vulnerability in abitwhizzy.php before
...)
TODO: check
CVE-2006-6383 (PHP 5.2.0 and 4.4 allows local users to bypass safe_mode and
...)
- TODO: check
+ - php5 <unfixed> (unimportant)
+ - php4 <unfixed> (unimportant)
+ NOTE: safe-mode and basedir violations not treated as security issues
CVE-2006-6382 (The control panel for Positive Software H-Sphere before 2.5.0
RC3 ...)
TODO: check
CVE-2006-6381 (Directory traversal vulnerability in getfile.asp in Ultimate
HelpDesk ...)
@@ -661,7 +663,7 @@
CVE-2006-6249 (Cross-site scripting (XSS) vulnerability in Chama Cargo 4.36 and
...)
NOT-FOR-US: Chama Cargo
CVE-2006-6248 (index.php in GPhotos 1.5 allows remote attackers to obtain
sensitive ...)
- TODO: check
+ NOT-FOR-US: GPhotos
CVE-2006-6247 (Multiple SQL injection vulnerabilities in Uapplication
UPhotoGallery ...)
NOT-FOR-US: UPhotoGallery
CVE-2006-6246 (Photo Organizer 2.32b and earlier does not properly check the
...)
@@ -27776,10 +27778,8 @@
CVE-2005-0894 (OpenmosixCollector and OpenMosixView in OpenMosixView 1.5 allow
local ...)
- openmosixview 1.5-7
CVE-2005-0893 (modes.c in smail 3.2.0.120 implements signal handlers with
certain ...)
- - smail <unfixed> (bug #335042; low)
- NOTE: no patch known at this time, according to upstream impossible to exploit
- NOTE: OTOH upstream thought the same about CVE-2005-0892, but the attack
vector
- NOTE: seems in fact quite obscure
+ - smail <unfixed> (bug #335042; unimportant)
+ NOTE: cording to upstream impossible to exploit
CVE-2005-0892 (Buffer overflow in smail 3.2.0.120 allows remote attackers or
local ...)
{DSA-722-1}
- smail 3.2.0.115-7 (bug #301428; high)
Modified: data/DSA/list
==================================================================---
data/DSA/list 2006-12-17 14:31:32 UTC (rev 5134)
+++ data/DSA/list 2006-12-17 15:41:04 UTC (rev 5135)
@@ -1,3 +1,9 @@
+[17 Dec 2006] DSA-1239-1 sql-ledger
+ {CVE-2006-4244 CVE-2006-4731 CVE-2006-5872}
+ [sarge] - sql-ledger 2.4.7-2sarge1
+[17 Dec 2006] DSA-1238-1 clamav
+ {CVE-2006-6406 CVE-2006-6481}
+ [sarge] - clamav 0.84-2.sarge.13
[17 Dec 2006] DSA-1237 kernel-source-2.4.27 - several
{CVE-2006-4093 CVE-2006-4538 CVE-2006-4997 CVE-2006-5174 CVE-2006-5649
CVE-2006-5871}
[sarge] - kernel-source-2.6.8 2.6.8-16sarge6