[Secure-testing-commits] r3556 - data/CVE

Moritz Muehlenhoff Sun, 05 Mar 2006 04:06:44 -0800

Author: jmm-guest
Date: 2006-03-05 12:05:57 +0000 (Sun, 05 Mar 2006)
New Revision: 3556


Modified:
   data/CVE/list
Log:
bugnums


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2006-03-04 22:33:24 UTC (rev 3555)
+++ data/CVE/list       2006-03-05 12:05:57 UTC (rev 3556)
@@ -1159,7 +1159,7 @@
        RESERVED
 CVE-2006-0455 (gpgv in GnuPG 1.4.x before 1.4.2.1, when using unattended 
signature ...)
        {DSA-978-1}
-       - gnupg <unfixed> (bug #353017; bug #353019; medium)
+       - gnupg <unfixed> (bug #353017; bug #353019; bug #354620; medium)
        [woody] - gnupg 1.0.6-4woody4
        [sarge] - gnupg 1.4.1-1sarge1
        NOTE: 
http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000211.html indicates 
that
@@ -1738,11 +1738,11 @@
        NOT-FOR-US: TankLogger
 CVE-2006-0208 (Multiple cross-site scripting (XSS) vulnerabilities in PHP 
5.1.1, when ...)
        - php5 5.1.2-1
-       - php4 4:4.4.2-1
+       - php4 4:4.4.2-1 (bug #354682)
        NOTE: html_errors shouldn't be used, probably no-dsa
 CVE-2006-0207 (Multiple HTTP response splitting vulnerabilities in PHP 5.1.1 
allow ...)
        - php5 5.1.2-1
-       - php4 4:4.4.2-1
+       - php4 4:4.4.2-1 (bug #354683)
        NOTE: According to Hardened PHP advisory PHP4 isn't affected, but 
upstream changelog
        NOTE: is a bit ambigious, if might be affected after all
        TODO: Ping maintainers, Hardened PHP or upstream
@@ -5520,22 +5520,22 @@
        {DSA-885-1}
        - openvpn 2.0.5-1 (bug #336751; medium)
 CVE-2005-3392 (Unspecified vulnerability in PHP before 4.4.1, when using the 
virtual ...)
-       - php4 4:4.4.2-1 (bug #336645; low)
+       - php4 4:4.4.2-1 (bug #336645; bug #354681; low)
        - php5 5.1.1-1 (bug #336654; low)
        NOTE: According to CVE, this is a safe mode violation,
        NOTE: therefore low impact.  (According to SuSE, it's an
        NOTE: information leak.)
 CVE-2005-3391 (Multiple vulnerabilities in PHP before 4.4.1 allow remote 
attackers to ...)
-       - php4 4:4.4.2-1 (bug #336645; low)
+       - php4 4:4.4.2-1 (bug #336645; bug #354678; low)
        - php5 5.1.1-1 (bug #336654; low)
        NOTE: This is a safe mode violation, therefore low impact.
 CVE-2005-3390 (The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x 
up to ...)
-       - php4 4:4.4.2-1 (bug #336645; low)
+       - php4 4:4.4.2-1 (bug #336645; bug #354680; low)
        - php5 5.1.1-1 (bug #336654; high)
        NOTE: http://www.hardened-php.net/advisory_202005.79.html
        NOTE: http://www.hardened-php.net/globals-problem
 CVE-2005-3389 (The parse_str function in PHP 4.x up to 4.4.0 and 5.x up to 
5.0.5, ...)
-       - php4 4:4.4.2-1 (bug #336645; low)
+       - php4 4:4.4.2-1 (bug #336645; bug #354690; low)
        - php5 5.1.1-1 (bug #336654; low)
        NOTE: http://www.hardened-php.net/advisory_192005.78.html
 CVE-2005-3388 (Cross-site scripting (XSS) vulnerability in the phpinfo 
function in ...)
@@ -5736,7 +5736,7 @@
 CVE-2005-3320 (Cross-site scripting (XSS) vulnerability in SiteTurn Domain 
Manager ...)
        NOT-FOR-US: SiteTurn Domain Manager
 CVE-2005-3319 (The apache2handler SAPI (sapi_apache2.c) in the Apache module 
...)
-       - php4 4:4.4.2-1 (bug #336004; low)
+       - php4 4:4.4.2-1 (bug #336004; bug #354684; low)
        - php5 5.1.1-1 (bug #336005; low)
 CVE-2005-3318 (Buffer overflow in the _chm_decompress_block function in CHM 
lib ...)
        {DSA-886-1}
@@ -6653,7 +6653,7 @@
        - kernel-source-2.4.27 <not-affected>
        [sarge] - kernel-source-2.6.8 <unfixed> (bug #332596)
 CVE-2005-3054 (fopen_wrappers.c in PHP 4.4.0, and possibly other versions, 
does not ...)
-       - php4 4:4.4.0-3 (bug #353585; medium)
+       - php4 4:4.4.0-3 (bug #353585; bug #354685; medium)
        - php5 5.0.5-2 (bug #353585; medium)
 CVE-2005-3053 (The sys_set_mempolicy function in mempolicy.c in Linux kernel 
2.6.x ...)
        - linux-2.6 2.6.12-3 (bug #330343; bug #330353; medium)
@@ -17764,7 +17764,7 @@
        - less <not-affected> (Red Hat specific less bug)
 CVE-2005-0085 (Cross-site scripting (XSS) vulnerability in ht://dig (htdig) 
before ...)
        {DSA-680-1}
-       - htdig 1:3.1.6-11
+       - htdig 1:3.1.6-11 (bug #305996)
 CVE-2005-0084 (Buffer overflow in the X11 dissector in Ethereal 0.8.10 through 
0.10.8 ...)
        {DSA-653-1}
        - ethereal 0.10.9-1


_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r3556 - data/CVE

Reply via email to