Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 34ca1383 by Salvatore Bonaccorso at 2025-08-03T19:11:54+02:00 Review first batch of DSA suffixes from 2006 While at it remove as well one left-over no-dsa tagged entry which was included in the DSA for texinfo (DSA-1219-1). Thanks: Utkarsh Gupta Link: https://salsa.debian.org/security-tracker-team/security-tracker/-/merge_requests/224 - - - - - 2 changed files: - data/CVE/list - data/DSA/list Changes: ===================================== data/CVE/list ===================================== @@ -827300,7 +827300,7 @@ CVE-2006-6172 (Buffer overflow in the asmrp_eval function in the RealMedia RTSP - xine-lib 1.1.2+dfsg-2 (medium; bug #401740) - mplayer 1.0~rc1-11 (medium) CVE-2006-6171 (ProFTPD 1.3.0a and earlier does not properly set the buffer size limit ...) - {DSA-1218} + {DSA-1218-1} - proftpd-dfsg 1.3.0-13 (low; bug #399070) CVE-2006-6170 (Buffer overflow in the tls_x509_name_oneline function in the mod_tls m ...) {DSA-1222-1} @@ -827669,7 +827669,7 @@ CVE-2006-6010 (SAP allows remote attackers to obtain potentially sensitive infor CVE-2006-6009 (Unspecified vulnerability in the Java Runtime Environment (JRE) Swing ...) - sun-java5 1.5.0-08-1 CVE-2006-6008 (ftpd in Linux Netkit (linux-ftpd) 0.17, and possibly other versions, d ...) - {DSA-1217} + {DSA-1217-1} - linux-ftpd 0.17-23 CVE-2006-6007 (save_profile.asp in WebEvents (Online Event Registration Template) 2.0 ...) NOT-FOR-US: WebEvents (Online Event Registration Template) @@ -827965,13 +827965,13 @@ CVE-2006-5872 (login.pl in SQL-Ledger before 2.6.21 and LedgerSMB before 1.1.5 a {DSA-1239-1} - sql-ledger 2.6.21-1 CVE-2006-5871 (smbfs in Linux kernel 2.6.8 and other versions, and 2.4.x before 2.4.3 ...) - {DSA-1237-1 DSA-1233} + {DSA-1237-1 DSA-1233-1} - linux-2.6 <not-affected> (Current Linux versions already implement intended behaviour) CVE-2006-5870 (Multiple integer overflows in OpenOffice.org (OOo) 2.0.4 and earlier, ...) {DSA-1246-1} - openoffice.org 2.0.4-1 (medium; bug #405986; bug #405679) CVE-2006-5869 (pstotext before 1.9 allows user-assisted attackers to execute arbitrar ...) - {DSA-1220} + {DSA-1220-1} - pstotext 1.9-4 (bug #356988; medium) CVE-2006-5868 (Multiple buffer overflows in Imagemagick 6.0 before 6.0.6.2, and 6.2 b ...) {DSA-1213} @@ -828231,7 +828231,7 @@ CVE-2006-5752 (Cross-site scripting (XSS) vulnerability in mod_status.c in the m - apache <removed> (low) [etch] - apache 1.3.34-4.1+etch1 CVE-2006-5751 (Integer overflow in the get_fdb_entries function in net/bridge/br_ioct ...) - {DSA-1233} + {DSA-1233-1} - linux-2.6 2.6.18-8 (medium) CVE-2006-5750 (Directory traversal vulnerability in the DeploymentFileRepository clas ...) NOT-FOR-US: JBoss @@ -828460,7 +828460,7 @@ CVE-2006-5651 (list.php in DigiOz Guestbook before 1.7.1 allows remote attackers CVE-2006-5650 (The ICQPhone.SipxPhoneManager ActiveX control in America Online ICQ 5. ...) NOT-FOR-US: ICQPhone.SipxPhoneManager CVE-2006-5649 (Unspecified vulnerability in the "alignment check exception handling" ...) - {DSA-1237-1 DSA-1233} + {DSA-1237-1 DSA-1233-1} - linux-2.6 2.6.18-4 CVE-2006-5648 (Ubuntu Linux 6.10 for the PowerPC (PPC) allows local users to cause a ...) - linux-2.6 2.6.18-1 (low) @@ -828528,7 +828528,7 @@ CVE-2006-5621 (PHP remote file inclusion vulnerability in end.php in ask_rave 0. CVE-2006-5620 (PHP remote file inclusion vulnerability in include/menu_builder.php in ...) NOT-FOR-US: MiniBILL CVE-2006-5619 (The seqfile handling (ip6fl_get_n function in ip6_flowlabel.c) in Linu ...) - {DSA-1233} + {DSA-1233-1} - linux-2.6 2.6.18-4 (low) CVE-2006-5618 (Directory traversal vulnerability in script/cat_for_aff.php in Netref ...) NOT-FOR-US: Netref @@ -829508,7 +829508,7 @@ CVE-2006-5176 (Buffer overflow in NTLM authentication in MailEnable Professional CVE-2006-5175 (Cross-site request forgery (CSRF) vulnerability in the administrative ...) NOT-FOR-US: TeraStation HD-HTGL CVE-2006-5174 (The copy_from_user function in the uaccess code in Linux kernel 2.6 be ...) - {DSA-1237-1 DSA-1233} + {DSA-1237-1 DSA-1233-1} - linux-2.6 2.6.18-5 NOTE: s390 only, fix in 2.6.18-3 was reverted in 2.6.18-4 CVE-2006-5173 (Linux kernel does not properly save or restore EFLAGS during a context ...) @@ -829888,7 +829888,7 @@ CVE-2006-4999 CVE-2006-4998 RESERVED CVE-2006-4997 (The clip_mkip function in net/atm/clip.c of the ATM subsystem in Linux ...) - {DSA-1237-1 DSA-1233} + {DSA-1237-1 DSA-1233-1} - linux-2.6 2.6.18-1 CVE-2006-4996 (Unspecified vulnerability in JoomlaLib (com_joomlalib) before 1.2.2 fo ...) NOT-FOR-US: JoomlaLib (com_joomlalib) for Joomla! @@ -830286,7 +830286,7 @@ CVE-2006-4814 (The mincore function in the Linux kernel before 2.4.33.6 does not - linux-2.6 2.6.18.dfsg.1-9 (low) - kernel-patch-openvz 028.18.1 CVE-2006-4813 (The __block_prepare_write function in fs/buffer.c for Linux kernel 2.6 ...) - {DSA-1233} + {DSA-1233-1} - linux-2.6 2.6.13-1 CVE-2006-4812 (Integer overflow in PHP 5 up to 5.1.6 and 4 before 4.3.0 allows remote ...) - php4 <not-affected> @@ -830296,7 +830296,7 @@ CVE-2006-4811 (Integer overflow in Qt 3.3 before 3.3.7, 4.1 before 4.1.5, and 4. - qt-x11-free 3:3.3.7-1 (bug #394192; bug #394313) - qt4-x11 4.2.1-1 (bug #394192) CVE-2006-4810 (Buffer overflow in the readline function in util/texindex.c, as used b ...) - {DSA-1219} + {DSA-1219-1} - texinfo 4.8.dfsg.1-4 CVE-2006-4809 (Stack-based buffer overflow in loader_pnm.c in imlib2 before 1.2.1, an ...) - imlib2 1.3.0.0debian1-3 (medium; bug #397371) @@ -830318,7 +830318,7 @@ CVE-2006-4802 (Format string vulnerability in the Real Time Virus Scan service i CVE-2006-4801 (Race condition in Deja Vu, as used in Roxio Toast Titanium 7 and possi ...) NOT-FOR-US: Roxio Toast CVE-2006-4800 (Multiple buffer overflows in libavcodec in ffmpeg before 0.4.9_p200605 ...) - {DSA-1215} + {DSA-1215-1} - ffmpeg 0.cvs20060329-1 - xmovie <removed> - xine-lib 1.1.2-1 @@ -830327,7 +830327,7 @@ CVE-2006-4800 (Multiple buffer overflows in libavcodec in ffmpeg before 0.4.9_p2 - mplayer 1.0~rc1-1 NOTE: according to the changelog, libxine (starting from 1.1.2-4) links dynamically against ffmpeg CVE-2006-4799 (Buffer overflow in ffmpeg for xine-lib before 1.1.2 might allow contex ...) - {DSA-1215} + {DSA-1215-1} - xine-lib 1.1.2-1 (bug #369876; medium) NOTE: according to the changelog, libxine (starting from 1.1.2-4) links dynamically against ffmpeg CVE-2006-4798 (SQL-Ledger before 2.4.4 stores a password in a query string, which mig ...) @@ -830345,7 +830345,7 @@ CVE-2006-4793 (Multiple SQL injection vulnerabilities in icerik.asp in TualBLOG CVE-2004-2665 (Unspecified vulnerability in the Address and Routing Parameter Area (A ...) NOT-FOR-US: HP-UX CVE-2006-5778 (ftpd in linux-ftpd 0.17, and possibly other versions, performs a chdir ...) - {DSA-1217} + {DSA-1217-1} - linux-ftpd 0.17-23 (low; bug #384454) CVE-2006-XXXX [ejabberd HTML code injection] - ejabberd 1.1.1-8 @@ -830928,7 +830928,7 @@ CVE-2006-4540 (Cross-site scripting (XSS) vulnerability in learncenter.asp in Le CVE-2006-4539 ((1) includes/widgets/module_company_tickets.php and (2) includes/widge ...) NOT-FOR-US: Cerberus Helpdesk CVE-2006-4538 (Linux kernel 2.6.17 and earlier, when running on IA64 or SPARC platfor ...) - {DSA-1237-1 DSA-1233} + {DSA-1237-1 DSA-1233-1} - linux-2.6 2.6.17-9 CVE-2006-4537 (NET$SESSION_CONTROL.EXE in DECnet-Plus in OpenVMS ALPHA 7.3-2 and Alph ...) NOT-FOR-US: OpenVMS @@ -832828,7 +832828,7 @@ CVE-2006-3742 (The KDE PAM configuration shipped with Fedora Core 5 causes KDM p - kdebase <not-affected> NOTE: only in Fedora CVE-2006-3741 (The perfmonctl system call (sys_perfmonctl) in Linux kernel 2.4.x and ...) - {DSA-1233} + {DSA-1233-1} - linux-2.6 2.6.18-1 CVE-2006-3740 (Integer overflow in the scan_cidfont function in X.Org 6.8.2 and XFree ...) {DSA-1193-1} @@ -835991,7 +835991,7 @@ CVE-2005-4803 (graphviz before 2.2.1 allows local users to overwrite arbitrary f {DSA-857-1} - graphviz 2.2.1-1sarge1 (bug #336985; low) CVE-2005-4802 (Flexbackup 1.2.1 and earlier allows local users to overwrite files and ...) - {DSA-1216} + {DSA-1216-1} - flexbackup 1.2.1-3 (bug #334350; low) CVE-2005-4801 (Multiple cross-site request forgery (CSRF) vulnerabilities in Yet Anot ...) NOT-FOR-US: YaPIG @@ -846452,9 +846452,8 @@ CVE-2005-3013 (Buffer overflow in liby2util in Yet another Setup Tool (YaST) for CVE-2005-3012 (The MasterDataCD::createImage function in masterdatacd.cpp for SimpleC ...) NOT-FOR-US: SimpleCDR-X CVE-2005-3011 (The sort_offline function for texindex in texinfo 4.8 and earlier allo ...) - {DSA-1219} + {DSA-1219-1} - texinfo 4.8-1 (bug #328365; low) - [sarge] - texinfo <no-dsa> (Minor issue, hardly exploitable) CVE-2005-3010 (Direct static code injection vulnerability in the flood protection fea ...) NOT-FOR-US: CuteNews CVE-2005-3009 (Cross-site scripting (XSS) vulnerability in CuteNews allows remote att ...) ===================================== data/DSA/list ===================================== @@ -16136,7 +16136,7 @@ [13 Dec 2006] DSA-1234-1 ruby1.6 {CVE-2006-5467} [sarge] - ruby1.6 1.6.8-12sarge3 -[10 Dec 2006] DSA-1233 kernel-source-2.6.8 - several +[10 Dec 2006] DSA-1233-1 kernel-source-2.6.8 - several {CVE-2006-3741 CVE-2006-4538 CVE-2006-4813 CVE-2006-4997 CVE-2006-5174 CVE-2006-5619 CVE-2006-5649 CVE-2006-5751 CVE-2006-5871} [sarge] - kernel-source-2.6.8 2.6.8-16sarge6 [09 Dec 2006] DSA-1232-1 clamav @@ -16175,22 +16175,22 @@ [30 Nov 2006] DSA-1221-1 libgsf {CVE-2006-4514} [sarge] - libgsf 1.11.1-1sarge1 -[27 Nov 2006] DSA-1220 pstotext +[27 Nov 2006] DSA-1220-1 pstotext {CVE-2006-5869} [sarge] - pstotext 1.9-1sarge2 -[27 Nov 2006] DSA-1219 texinfo +[27 Nov 2006] DSA-1219-1 texinfo {CVE-2005-3011 CVE-2006-4810} [sarge] - texinfo 4.7-2.2sarge2 -[21 Nov 2006] DSA-1218 proftpd +[21 Nov 2006] DSA-1218-1 proftpd {CVE-2006-6171} [sarge] - proftpd 1.2.10-15sarge2 -[20 Nov 2006] DSA-1217 linux-ftpd +[20 Nov 2006] DSA-1217-1 linux-ftpd {CVE-2006-5778 CVE-2006-6008} [sarge] - linux-ftpd 0.17-20sarge2 -[20 Nov 2006] DSA-1216 flexbackup +[20 Nov 2006] DSA-1216-1 flexbackup {CVE-2005-4802} [sarge] - flexbackup 1.2.1-2sarge1 -[20 Nov 2006] DSA-1215 xine-lib +[20 Nov 2006] DSA-1215-1 xine-lib {CVE-2006-4799 CVE-2006-4800} [sarge] - xine-lib 1.0.1-1sarge4 [20 Nov 2006] DSA-1214 gv View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/34ca1383387a0fde27f25d90cf0985c84112aecb -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/34ca1383387a0fde27f25d90cf0985c84112aecb You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
