thr3ads.net - Secure testing team - [Secure-testing-commits] r5803

If this information is useful, please help other people find it:
Share via:

Noah Meyerhans

2007-May-07 14:55 UTC

[Secure-testing-commits] r5803 - data/CVE

Author: noahm-guest
Date: 2007-05-07 14:55:42 +0000 (Mon, 07 May 2007)
New Revision: 5803

Modified:
   data/CVE/list
Log:
DSA-1287-1 fixes ldap-account-manager issues

Modified: data/CVE/list
==================================================================---
data/CVE/list	2007-05-06 20:53:19 UTC (rev 5802)
+++ data/CVE/list	2007-05-07 14:55:42 UTC (rev 5803)
@@ -1392,7 +1392,9 @@
 CVE-2007-XXXX [initramfs-tools creates /dev/root world-readable]
 	- initramfs-tools 0.85g (low; bug #417995)
 CVE-2007-1840 (lib/modules.inc in LDAP Account Manager (LAM) before 1.3.0 does
not ...)
+	{DSA-1287-1}
 	- ldap-account-manager 1.1.1-2 (medium; bug #415379)
+	[sarge] - ldap-account-manager 0.4.9-2sarge1
 CVE-2007-1839 (Multiple PHP remote file inclusion vulnerabilities in CodeBB
1.1b3 and ...)
 	NOT-FOR-US: CodeBB
 CVE-2007-1838 (SQL injection vulnerability in view.php in the Friendfinder 3.3
and ...)
@@ -1512,7 +1514,9 @@
 CVE-2007-1783
 	RESERVED
 CVE-2006-7191 (Untrusted search path vulnerability in lamdaemon.pl in LDAP
Account ...)
+	{DSA-1287-1}
 	- ldap-account-manager 1.0.0-1 (medium)
+	[sarge] - ldap-account-manager 0.4.9-2sarge1
 CVE-2006-7190 (Cross-site scripting (XSS) vulnerability in
cgi-bin/user-lib/topics.pl ...)
 	NOT-FOR-US: WebAPP
 CVE-2006-7189 (Cross-site scripting (XSS) vulnerability in
cgi-bin/admin/logs.cgi in ...)

Florian Weimer

2007-May-07 15:34 UTC

head link

[Secure-testing-team] Re: [Secure-testing-commits] r5803 - data/CVE

* Noah Meyerhans:
> Modified:
>    data/CVE/list
> Log:
> DSA-1287-1 fixes ldap-account-manager issues
Is there are particular reason why you edit CVE/list instead of DSA/list?
Just wondering.

Moritz Muehlenhoff

2007-May-07 18:21 UTC

head link

[Secure-testing-team] Re: [Secure-testing-commits] r5803 - data/CVE

Florian Weimer wrote:> * Noah Meyerhans:
> 
> > Modified:
> >    data/CVE/list
> > Log:
> > DSA-1287-1 fixes ldap-account-manager issues
> 
> Is there are particular reason why you edit CVE/list instead of DSA/list?
> Just wondering.
Noah,
there''s an easier way to add DSAs: Simply add them to DSA/list and
they''re
added to CVE list by a script, which performs cross-references. I''ve
converted
the entry in revision 5805 for reference. This has a couple of advantages:
- A canonical list of DSA identifiers (DSA mapping are done with DSA/list
  as the unique identifier)
- Changes to affected CVEs/versions only need to be changed in one place

Cheers,
        Moritz

Secure testing team - May 2007 - r5803 - data/CVE

[Secure-testing-commits] r5803 - data/CVE

[Secure-testing-team] Re: [Secure-testing-commits] r5803 - data/CVE

[Secure-testing-team] Re: [Secure-testing-commits] r5803 - data/CVE