Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 2b509f31 by Salvatore Bonaccorso at 2025-08-03T19:25:09+02:00 Review a small set of 2006 DSAs for correct suffix Link: https://salsa.debian.org/security-tracker-team/security-tracker/-/merge_requests/224 - - - - - 2 changed files: - data/CVE/list - data/DSA/list Changes: ===================================== data/CVE/list ===================================== @@ -827974,7 +827974,7 @@ CVE-2006-5869 (pstotext before 1.9 allows user-assisted attackers to execute arb {DSA-1220-1} - pstotext 1.9-4 (bug #356988; medium) CVE-2006-5868 (Multiple buffer overflows in Imagemagick 6.0 before 6.0.6.2, and 6.2 b ...) - {DSA-1213} + {DSA-1213-1} - imagemagick 7:6.2.4.5.dfsg1-0.11 CVE-2006-5867 (fetchmail before 6.3.6-rc4 does not properly enforce TLS and may trans ...) {DSA-1259-1} @@ -828904,7 +828904,7 @@ CVE-2006-5458 (PHP remote file inclusion vulnerability in common.php in Hinton D CVE-2006-5457 (Multiple cross-site scripting (XSS) vulnerabilities in the registratio ...) NOT-FOR-US: Casino Script (Masvet) CVE-2006-5456 (Multiple buffer overflows in GraphicsMagick before 1.1.7 and ImageMagi ...) - {DSA-1213} + {DSA-1213-1} - graphicsmagick 1.1.7-9 (medium) - imagemagick 7:6.2.4.5.dfsg1-0.11 (bug #393025) CVE-2006-5455 (Cross-site request forgery (CSRF) vulnerability in editversions.cgi in ...) @@ -829775,7 +829775,7 @@ CVE-2006-5052 (Unspecified vulnerability in portable OpenSSH before 4.4, when ru [etch] - openssh <no-dsa> (Minor issue) - openssh 1:4.6p1-1 (low) CVE-2006-5051 (Signal handler race condition in OpenSSH before 4.4 allows remote atta ...) - {DSA-1638-1 DSA-1212 DSA-1189-1} + {DSA-1638-1 DSA-1212-1 DSA-1189-1} - openssh 1:4.6p1-1 (low) - openssh-krb5 <removed> (high) NOTE: From my analysis only openssh with Kerberos support should be vulnerable @@ -830057,7 +830057,7 @@ CVE-2006-4925 (packet.c in ssh in OpenSSH allows remote attackers to cause a den - openssh 1:5.1p1-5 (unimportant) NOTE: That's a non-issue CVE-2006-4924 (sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, all ...) - {DSA-1212 DSA-1189-1} + {DSA-1212-1 DSA-1189-1} - openssh 1:4.3p2-4 (low; bug #389995) - openssh-krb5 <unfixed> (low) CVE-2006-4923 (Cross-site scripting (XSS) vulnerability in search.php in eSyndiCat Po ...) @@ -830825,7 +830825,7 @@ CVE-2006-4573 (Multiple unspecified vulnerabilities in the "utf8 combining chara CVE-2006-4572 (ip6_tables in netfilter in the Linux kernel before 2.6.16.31 allows re ...) - linux-2.6 2.6.18.dfsg.1-9 (medium) CVE-2006-4571 (Multiple unspecified vulnerabilities in Firefox before 1.5.0.7, Thunde ...) - {DSA-1210 DSA-1192-1 DSA-1191-1} + {DSA-1210-1 DSA-1192-1 DSA-1191-1} NOTE: MFSA-2006-64 - mozilla <removed> (high) - firefox 1.5.dfsg+1.5.0.7-1 (high) @@ -830843,7 +830843,7 @@ CVE-2006-4569 (The popup blocker in Mozilla Firefox before 1.5.0.7 opens the "bl - thunderbird 1.5.0.7-1 [sarge] - mozilla-firefox <not-affected> (Regression only affecting 1.5) CVE-2006-4568 (Mozilla Firefox before 1.5.0.7 and SeaMonkey before 1.0.5 allows remot ...) - {DSA-1210 DSA-1192-1 DSA-1191-1} + {DSA-1210-1 DSA-1192-1 DSA-1191-1} NOTE: MFSA-2006-61 - mozilla <removed> (low) - firefox 1.5.dfsg+1.5.0.7-1 (low) @@ -830857,14 +830857,14 @@ CVE-2006-4567 (Mozilla Firefox before 1.5.0.7 and Thunderbird before 1.5.0.7 mak [sarge] - mozilla-thunderbird <unfixed> (unimportant) NOTE: The internal update mechanism is disabled in Debian CVE-2006-4566 (Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMon ...) - {DSA-1210 DSA-1192-1 DSA-1191-1} + {DSA-1210-1 DSA-1192-1 DSA-1191-1} NOTE: MFSA-2006-57 - mozilla <removed> (high) - firefox 1.5.dfsg+1.5.0.7-1 (high) - thunderbird 1.5.0.7-1 (low) - xulrunner 1.8.0.7-1 (high) CVE-2006-4565 (Heap-based buffer overflow in Mozilla Firefox before 1.5.0.7, Thunderb ...) - {DSA-1210 DSA-1192-1 DSA-1191-1} + {DSA-1210-1 DSA-1192-1 DSA-1191-1} NOTE: MFSA-2006-57 - mozilla <removed> (high) - firefox 1.5.dfsg+1.5.0.7-1 (high) @@ -831384,7 +831384,7 @@ CVE-2006-4342 (The kernel in Red Hat Enterprise Linux 3, when running on SMP sys CVE-2006-4341 REJECTED CVE-2006-4340 (Mozilla Network Security Service (NSS) library before 3.11.3, as used ...) - {DSA-1210 DSA-1192-1 DSA-1191-1} + {DSA-1210-1 DSA-1192-1 DSA-1191-1} NOTE: MFSA-2006-60, this is the similar to CVE-2006-4339 - mozilla <removed> (high) - firefox 1.5.dfsg+1.5.0.7-1 (high) @@ -831609,7 +831609,7 @@ CVE-2006-4252 (PowerDNS Recursor 3.1.3 and earlier allows remote attackers to ca - pdns-recursor 3.1.4-1 (bug #398559) - pdns <not-affected> (Recursor module has been moved to pdns-recursor) CVE-2006-4251 (Buffer overflow in PowerDNS Recursor 3.1.3 and earlier might allow rem ...) - {DSA-1211} + {DSA-1211-1} - pdns-recursor 3.1.4-1 (bug #398557; high) - pdns 2.9.20-4 NOTE: Recursor module has been moved to pdns-recursor @@ -832017,7 +832017,7 @@ CVE-2006-4073 (Multiple PHP remote file inclusion vulnerabilities in Fabian Hain CVE-2006-4072 (Multiple SQL injection vulnerabilities in Club-Nuke [XP] 2.0 LCID 2048 ...) NOT-FOR-US: Club-Nuke [XP] CVE-2006-4144 (Integer overflow in the ReadSGIImage function in sgi.c in ImageMagick ...) - {DSA-1213} + {DSA-1213-1} - imagemagick 7:6.2.4.5.dfsg1-0.10 (medium; bug #383314) - graphicsmagick 1.1.7-7 (medium; bug #383333) CVE-2006-XXXX [crash in the certificate verification logic] @@ -834963,7 +834963,7 @@ CVE-2006-2789 (Evolution 2.2.x and 2.3.x in GNOME 2.7 and 2.8, when "load images NOTE: Verified that the patch has been applied in 2.4.0-1, NOTE: may have been fixed earlier. CVE-2006-2788 (Double free vulnerability in the getRawDER function for nsIX509Cert in ...) - {DSA-1210 DSA-1192-1 DSA-1191-1} + {DSA-1210-1 DSA-1192-1 DSA-1191-1} - mozilla <removed> (high) - firefox 1.5.dfsg+1.5.0.4 (high) - xulrunner 1.8.0.4-1 (high) @@ -841755,7 +841755,7 @@ CVE-2006-0106 (gdi/driver.c and gdi/printdrv.c in Wine 20050930, and other versi {CVE-2005-4560 DSA-954-1} - wine 0.9.2-1 (bug #346197; medium) CVE-2006-0082 (Format string vulnerability in the SetImageInfo function in image.c fo ...) - {DSA-1213} + {DSA-1213-1} - imagemagick 6:6.2.4.5-0.6 (bug #345876) CVE-2005-XXXX [World-readable config file with sensitive data in b2evolution] - b2evolution 0.9.1b-4 (bug #344000) ===================================== data/DSA/list ===================================== @@ -16199,16 +16199,16 @@ [20 Nov 2006] DSA-1214-1 gv {CVE-2006-5864} [sarge] - gv 1:3.6.1-10sarge1 -[19 Nov 2006] DSA-1213 imagemagick +[19 Nov 2006] DSA-1213-1 imagemagick {CVE-2006-0082 CVE-2006-4144 CVE-2006-5456 CVE-2006-5868} [sarge] - imagemagick 6:6.0.6.2-2.8 -[15 Nov 2006] DSA-1212 openssh +[15 Nov 2006] DSA-1212-1 openssh {CVE-2006-4924 CVE-2006-5051} [sarge] - openssh 1:3.8.1p1-8.sarge.6 -[14 Nov 2006] DSA-1211 pdns +[14 Nov 2006] DSA-1211-1 pdns {CVE-2006-4251} [sarge] - pdns 2.9.17-13sarge3 -[14 Nov 2006] DSA-1210 mozilla-firefox +[14 Nov 2006] DSA-1210-1 mozilla-firefox {CVE-2006-2788 CVE-2006-4340 CVE-2006-4565 CVE-2006-4566 CVE-2006-4568 CVE-2006-4571} [sarge] - mozilla-firefox 1.0.4-2sarge12 [12 Nov 2006] DSA-1209 trac View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b509f31b95e1f74f7e9287d30dd445bf4005365 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b509f31b95e1f74f7e9287d30dd445bf4005365 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
