Moritz Muehlenhoff
2006-Feb-14 11:41 UTC
[Secure-testing-commits] r3477 - in data: . CVE DSA
Author: jmm-guest
Date: 2006-02-14 11:40:47 +0000 (Tue, 14 Feb 2006)
New Revision: 3477
Modified:
data/CVE/list
data/DSA/list
data/embedded-code-copies
Log:
new xpdf issue
remove mydns dupe
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-02-14 09:47:16 UTC (rev 3476)
+++ data/CVE/list 2006-02-14 11:40:47 UTC (rev 3477)
@@ -806,8 +806,6 @@
- mediawiki <unfixed> (low)
CVE-2005-4666 (Cross-site scripting (XSS) vulnerability in PHlyMail before 3.3
Beta1 ...)
NOT-FOR-US: PHlyMail
-CVE-2006-XXXX [mydns remote DoS]
- - mydns 1.1.0+pre-3 (medium)
CVE-2006-0353 (unix_random.c in lshd for lsh 2.0.1 leaks file descriptors
related to ...)
{DSA-956-1}
- lsh-utils 2.0.1cdbs-4 (low; bug #349303)
@@ -3718,7 +3716,7 @@
- helix-player <unfixed> (unknown)
NOTE: http://service.real.com/help/faq/security/security111605.html
CVE-2005-XXXX [maradns risk mitigation against AES side channel attacks by
Shamir et al.]
- - maradns 1.0.35-1
+ - maradns 1.0.35-1 (unimportant)
CVE-2005-3731 (Unspecified vulnerability in yaSSL before 1.0.6 has unknown
impact and ...)
NOT-FOR-US: yaSSL
CVE-2005-3730 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
Modified: data/DSA/list
==================================================================---
data/DSA/list 2006-02-14 09:47:16 UTC (rev 3476)
+++ data/DSA/list 2006-02-14 11:40:47 UTC (rev 3477)
@@ -1,3 +1,7 @@
+[14 Feb 2006] DSA-971-1 xpdf - buffer overflow
+ {CVE-2006-0301}
+ [sarge] - xpdf 3.00-13.5
+ NOTE: fixed in testing at time of DSA
[14 Feb 2006] DSA-970-1 kronolith - missing input sanitising
{CVE-2005-4189}
[sarge] - kronolith 1.1.4-2sarge1
Modified: data/embedded-code-copies
==================================================================---
data/embedded-code-copies 2006-02-14 09:47:16 UTC (rev 3476)
+++ data/embedded-code-copies 2006-02-14 11:40:47 UTC (rev 3477)
@@ -6,7 +6,7 @@
gpdf
pdftohtml
kdegraphics/kpdf
-tetex-bin (the very latest tetex-bin started to use poppler)
+tetex-bin (links to poppler since 3.0-12)
cupsys (only older releases, recent ones use xpdf-utils, it''s still
present in the src, though)
poppler
koffice
Florian Weimer
2006-Mar-13 12:28 UTC
[Secure-testing-team] Re: [Secure-testing-commits] r3477 - in data: . CVE DSA
* Moritz Muehlenhoff:> remove mydns dupe> -CVE-2006-XXXX [mydns remote DoS] > - - mydns 1.1.0+pre-3 (medium) > CVE-2006-0353 (unix_random.c in lshd for lsh 2.0.1 leaks file descriptors related to ...) > {DSA-956-1} > - lsh-utils 2.0.1cdbs-4 (low; bug #349303) > @@ -3718,7 +3716,7 @@ > - helix-player <unfixed> (unknown) > NOTE: http://service.real.com/help/faq/security/security111605.html > CVE-2005-XXXX [maradns risk mitigation against AES side channel attacks by Shamir et al.] > - - maradns 1.0.35-1 > + - maradns 1.0.35-1 (unimportant)Ahem, mydns is not maradns, I think.
Moritz Muehlenhoff
2006-Mar-13 12:28 UTC
[Secure-testing-team] Re: [Secure-testing-commits] r3477 - in data: . CVE DSA
Florian Weimer wrote:> > remove mydns dupe > > > -CVE-2006-XXXX [mydns remote DoS] > > - - mydns 1.1.0+pre-3 (medium) > > CVE-2006-0353 (unix_random.c in lshd for lsh 2.0.1 leaks file descriptors related to ...) > > {DSA-956-1} > > - lsh-utils 2.0.1cdbs-4 (low; bug #349303) > > @@ -3718,7 +3716,7 @@ > > - helix-player <unfixed> (unknown) > > NOTE: http://service.real.com/help/faq/security/security111605.html > > CVE-2005-XXXX [maradns risk mitigation against AES side channel attacks by Shamir et al.] > > - - maradns 1.0.35-1 > > + - maradns 1.0.35-1 (unimportant) > > Ahem, mydns is not maradns, I think.That is certainly true, but mydns is already covered here: CVE-2006-0351 (Unspecified "critical denial-of-service vulnerability" in MyDNS before ...) {DSA-963-1} [sarge] - mydns 1.0.0-4sarge1 - mydns 1.1.0+pre-3 (medium; bug #348826) Cheers, Moritz