thr3ads.net - Secure testing commits - [Secure-testing-commits] r5200

If this information is useful, please help other people find it:
Share via:

Moritz Muehlenhoff

2006-Dec-30 03:58 UTC

[Secure-testing-commits] r5200 - data/CVE

Author: jmm-guest
Date: 2006-12-30 03:58:16 +0100 (Sat, 30 Dec 2006)
New Revision: 5200

Modified:
   data/CVE/list
Log:
some unimportant and no-dsa issues


Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-12-29 11:04:37 UTC (rev 5199)
+++ data/CVE/list	2006-12-30 02:58:16 UTC (rev 5200)
@@ -589,7 +589,8 @@
 CVE-2006-6516 (Multiple PHP remote file inclusion vulnerabilities in KDPics
1.16 and ...)
 	NOT-FOR-US: KDPics
 CVE-2006-6515 (Mantis before 1.1.0a2 sets the default value of ...)
-	- mantis <unfixed>
+	- mantis <unfixed> (unimportant)
+	NOTE: I don''t see how this has security implications?
 CVE-2006-6514 (Winamp Web Interface (Wawi) 7.5.13 and earlier uses an
insufficient ...)
 	NOT-FOR-US: Winamp Web Interface (Wawi)
 CVE-2006-6513 (The CControl::Download function (/dl URI) in Winamp Web
Interface ...)
@@ -20472,8 +20473,9 @@
 	- gtk+2.0 2.6.10-2 (bug #339431; low)
 CVE-2005-2974 (libungif library before 4.1.0 allows attackers to cause a denial
of ...)
 	{DSA-890-1}
-	- libungif4 4.1.3-4 (bug #337972; medium)
-	- giflib 4.1.4-1 (bug #395382)
+	- libungif4 4.1.3-4 (bug #337972; unimportant)
+	- giflib 4.1.4-1 (bug #395382; unimportant)
+	NOTE: Just a bug, hardly security implications
 CVE-2005-2973 (The udp_v6_get_port function in udp.c in Linux 2.6 before
2.6.14-rc5, ...)
 	{DSA-1018-1 DSA-1017-1}
 	- linux-2.6 2.6.13+2.6.14-rc4-0experimental.1 (low)
@@ -28789,9 +28791,9 @@
 	NOTE: Does only affect imagemagick releases prior to 6
 CVE-2005-0758 (zgrep in gzip before 1.3.5 does not properly sanitize arguments,
which ...)
 	NOTE: see http://bugs.gentoo.org/show_bug.cgi?id=90626
-	- gzip 1.3.5-10
-	- bzip2 1.0.2-8.1 (bug #321286; medium)
-	NOTE: Sarge and Woody bzip2 are both affected, gzip only affected in Woody
(has new enough version in Sarge)
+	- gzip 1.3.5-10 (low)
+	- bzip2 1.0.2-8.1 (bug #321286; low)
+	[sarge] - bzip2 <no-dsa> (Minor issue)
 CVE-2005-0757 (The xattr file system code, as backported in Red Hat Enterprise
Linux ...)
 	{DSA-922-1 DSA-921-1}
 	- kernel-source-2.4.27 2.4.27-11 (bug #311164)

Secure testing commits - Dec 2006 - r5200 - data/CVE

[Secure-testing-commits] r5200 - data/CVE