Author: stef-guest
Date: 2006-12-19 20:45:28 +0100 (Tue, 19 Dec 2006)
New Revision: 5146
Modified:
data/CVE/list
Log:
- CVE-2006-5680: new libarchive issue fixed
- new minor fai issue fixed
- new minor dsniff issue fixed
- new minor archivemail issue fixed
- zope-cmfplone fixed
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-12-18 17:02:33 UTC (rev 5145)
+++ data/CVE/list 2006-12-19 19:45:28 UTC (rev 5146)
@@ -1,3 +1,11 @@
+CVE-2006-XXXX [dsniff urlsnarf missing output sanitization]
+ - dsniff 2.4b1+debian-16 (low; bug #400624)
+ [sarge] - dsniff <no-dsa> (minor issue)
+CVE-2006-XXXX [archivemail insecure temporary file issues]
+ - archivemail 0.6.2-2
+ [sarge] - archivemail <no-dsa> (minor issue)
+CVE-2006-XXXX [fai leaves root password hash in world readable logfile]
+ - fai 3.1.3 (low)
CVE-2006-XXXX [pythonpaste chroot esacpe]
- paste 1.0.1-1
NOTE: http://pythonpaste.org/archives/message/20061218.050654.e8997561.en.html
@@ -1904,7 +1912,7 @@
CVE-2006-5681
RESERVED
CVE-2006-5680 (The libarchive library in FreeBSD 6-STABLE after 2006-09-05 and
before ...)
- NOT-FOR-US: FreeBSD libarchive, pinged maintainer
+ - libarchive 1.3.1-1
CVE-2006-5679 (Integer overflow in the ffs_mountfs function in FreeBSD 6.1
allows ...)
- kfreebsd-5 <unfixed>
[etch] - kfreebsd-5 <no-dsa> (no security support for freebsd)
@@ -5090,7 +5098,7 @@
RESERVED
- man-db 2.4.3-5
CVE-2006-4249 (Unspecified vulnerability in PlonePAS in Plone 2.5 and 2.5.1,
when ...)
- - zope-cmfplone <unfixed> (bug #401796)
+ - zope-cmfplone 2.5.1-3 (bug #401796)
[sarge] - zope-cmfplone <not-affected> (Vulnerable code not present)
CVE-2006-4248 (thttpd on Debian GNU/Linux, and possibly other distributions,
allows ...)
{DSA-1205-1}