Author: jmm-guest
Date: 2006-01-22 21:22:29 +0000 (Sun, 22 Jan 2006)
New Revision: 3344
Modified:
data/CVE/list
Log:
new lsh issue
vlc fixed
no-dsa for dump/CVE-2005-2096
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-01-22 21:14:22 UTC (rev 3343)
+++ data/CVE/list 2006-01-22 21:22:29 UTC (rev 3344)
@@ -1,3 +1,5 @@
+CVE-2006-0353 [fd leak in lsh]
+ - lsh-utils 2.0.1cdbs-4 (low)
CVE-2006-0283 (Unspecified vulnerability in Oracle Database Server 10.1.0.4.2,
...)
TODO: check
CVE-2006-0321 [fetchmail: segfault after bouncing a message]
@@ -1960,7 +1962,7 @@
- gst-ffmpeg 0.8.7-5 (bug #343503; medium)
- kino <unfixed> (medium)
- smilutils <unfixed> (medium)
- - vlc <unfixed> (medium)
+ - vlc 0.8.4.debian-2 (medium)
- motion <unfixed> (medium)
NOTE: kino, smilutils, motion and vlc link statically against
libavcodec, need a recompile once ffmpeg is fixed
CVE-2005-4047 (Cross-site scripting (XSS) vulnerability in kb.asp in IISWorks
...)
@@ -8615,7 +8617,8 @@
NOTE: Sarge is affected
- zsync 0.4.0-2 (bug #317968; medium)
[woody] - dump <not-affected> (Woody contains zlib 1.1, which is not
affected)
- - dump 0.4b40-1 (bug #317966; medium)
+ [sarge] - dump <no-dsa> (Backups do not contain untrusted data)
+ - dump 0.4b40-1 (bug #317966; low)
[woody] - aide <not-affected> (Woody contains zlib 1.1, which is not
affected)
- aide 0.10-6.1.1 (bug #317523; medium)
[woody] - amd64-libs <not-affected> (Woody contains zlib 1.1, which is
not affected)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
