[Secure-testing-commits] r3580 - in data: CVE DSA

Moritz Muehlenhoff Fri, 10 Mar 2006 04:19:53 -0800

Author: jmm-guest
Date: 2006-03-10 12:19:18 +0000 (Fri, 10 Mar 2006)
New Revision: 3580


Modified:
   data/CVE/list
   data/DSA/list
Log:
new ffmpeg and zoo DSAs
update on curl DSA


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2006-03-10 10:25:34 UTC (rev 3579)
+++ data/CVE/list       2006-03-10 12:19:18 UTC (rev 3580)
@@ -3963,7 +3963,7 @@
 CVE-2005-4008 (SQL injection vulnerability in jax_calendar.php in Jax Calendar 
1.34 ...)
        NOT-FOR-US: Jax Calendar
 CVE-2005-4077 (Multiple off-by-one errors in the cURL library (libcurl) 7.11.2 
...)
-       {DSA-919-1}
+       {DSA-919-2}
        - curl 7.15.1-1 (bug #342339; bug #342696; medium) 
        [sarge] - curl 7.13.2-2sarge4 (medium)
        [woody] - curl <not-affected> (Only curl >= 7.11 is vulnerable)
@@ -6630,7 +6630,6 @@
 CVE-2005-XXXX [xscreensaver does not maintain screen locks during upgrade]
        - xscreensaver 4.23-2 (bug #334193; low)
 CVE-2005-3185 (Stack-based buffer overflow in the ntlm_output function in 
http-ntlm.c ...)
-       {DSA-919-1}
        - wget 1.10.2-1 (medium)
        [sarge] - wget <not-affected> (Does not contain NTML authentication 
code)
        [woody] - wget <not-affected> (Does not contain NTML authentication 
code)

Modified: data/DSA/list
===================================================================
--- data/DSA/list       2006-03-10 10:25:34 UTC (rev 3579)
+++ data/DSA/list       2006-03-10 12:19:18 UTC (rev 3580)
@@ -1,3 +1,12 @@
+[10 Mar 2006] DSA-992-1 ffmpeg - buffer overflow
+       {CVE-2005-4048}
+       [sarge] - ffmpeg 0.cvs20050313-2sarge1
+       NOTE: fixed in testing at the time of DSA
+[10 Mar 2006] DSA-991-1 zoo - buffer overflow
+       {CVE-2006-0855}
+       [woody] - zoo 2.10-9woody0
+       [sarge] - zoo 2.10-11sarge0
+       NOTE: not fixed in testing at the time of DSA (too young)
 [10 Mar 2006] DSA-990-1 bluez-hcidump - programming error
        {CVE-2006-0670}
        [sarge] - bluez-hcidump 1.17-1sarge1
@@ -340,11 +349,12 @@
        [woody] - ethereal 0.9.4-1woody14
        [sarge] - ethereal 0.10.10-2sarge3
        NOTE: not fixed in testing at time of DSA (unfixed in sid)
-[12 Dec 2005] DSA-919-1 curl - buffer overflow
-       {CVE-2005-4077 CVE-2005-3185}
-       [woody] - curl 7.9.5-1woody1
-       [sarge] - curl 7.13.2-2sarge4
+[12 Dec 2005] DSA-919-2 curl - buffer overflow
+       {CVE-2005-4077}
+       [woody] - curl 7.9.5-1woody2
+       [sarge] - curl 7.13.2-2sarge5
        NOTE: partially fixed in testing at time of DSA 
+       NOTE: Initial -1 DSA was incomplete
 [09 Dec 2005] DSA-918-1 osh - programming error
        {CVE-2005-3346 CVE-2005-3533}
        [woody] - osh 1.7-11woody2


_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r3580 - in data: CVE DSA

Reply via email to