[Secure-testing-commits] r3567 - in data: CVE DSA

Wed, 08 Mar 2006 08:36:43 -0800 

Author: jmm-guest
Date: 2006-03-08 16:36:03 +0000 (Wed, 08 Mar 2006)
New Revision: 3567

Modified:
   data/CVE/list
   data/DSA/list
Log:
squirrelmail DSA


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2006-03-08 09:46:42 UTC (rev 3566)
+++ data/CVE/list       2006-03-08 16:36:03 UTC (rev 3567)
@@ -1582,7 +1582,7 @@
 CVE-2006-0378 (Cross-site scripting (XSS) vulnerability in Netrix X-Site 
Manager ...)
        NOT-FOR-US: Netrix X-Site Manager 
 CVE-2006-0377 (CRLF injection vulnerability in SquirrelMail 1.4.0 to 1.4.5 
allows ...)
-       - squirrelmail <unfixed> (bug #354063)
+       - squirrelmail 2:1.4.6-1 (bug #354063)
 CVE-2006-0376 (The 802.11 wireless client in certain operating systems 
including ...)
        NOT-FOR-US: Windows
 CVE-2006-0375 (Advantage Century Telecommunication (ACT) P202S IP Phone 
1.01.21 ...)
@@ -2008,7 +2008,7 @@
 CVE-2006-0196 (Unspecified vulnerability in Serial line sniffer (aka slsnif) 
0.4.4 ...)
        NOT-FOR-US: slsnif
 CVE-2006-0195 (Interpretation conflict in the MagicHTML filter in SquirrelMail 
1.4.0 ...)
-       - squirrelmail <unfixed> (bug #354062)
+       - squirrelmail 2:1.4.6-1 (bug #354062)
 CVE-2006-0194 (Cross-site scripting (XSS) vulnerability in default.asp in 
FogBugz ...)
        NOT-FOR-US: FogBugz
 CVE-2006-0193 (Cross-site scripting (XSS) vulnerability in the Hosting Control 
Panel ...)
@@ -2022,7 +2022,7 @@
 CVE-2006-0189 (Buffer overflow in eStara Softphone 3.0.1.14 through 3.0.1.46 
allows ...)
        NOT-FOR-US: eStara Softphone
 CVE-2006-0188 (webmail.php in SquirrelMail 1.4.0 to 1.4.5 allows remote 
attackers to ...)
-       - squirrelmail <unfixed> (bug #354064)
+       - squirrelmail 2:1.4.6-1 (bug #354064)
 CVE-2005-4664 (SQL injection vulnerability in OcoMon 1.21, and possibly other 
...)
        NOT-FOR-US: OcoMon
 CVE-2005-4663 (Cross-site scripting (XSS) vulnerability in OcoMon 1.20, and 
possibly ...)

Modified: data/DSA/list
===================================================================
--- data/DSA/list       2006-03-08 09:46:42 UTC (rev 3566)
+++ data/DSA/list       2006-03-08 16:36:03 UTC (rev 3567)
@@ -1,3 +1,8 @@
+[08 Mar 2006] DSA-988-1 squirrelmail - several
+       {CVE-2006-0377 CVE-2006-0195 CVE-2006-0188}
+       [woody] - squirrelmail 1.2.6-5
+       [sarge] - squirrelmail 2:1.4.4-8
+       NOTE: not fixed in testing at the time of DSA (unfixed in sid)
 [07 Mar 2006] DSA-987-1 tar - buffer overflow
        {CVE-2006-0300}
        [sarge] - tar 1.14-2.1


_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

Reply via email to