Author: jmm-guest
Date: 2006-03-30 09:28:36 +0000 (Thu, 30 Mar 2006)
New Revision: 3715
Modified:
data/CVE/list
data/DSA/list
Log:
older clamav DSA was lacking a CVE ID
mediawiki CVEfied
dpkg/zlib unimportant
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-03-30 07:48:44 UTC (rev 3714)
+++ data/CVE/list 2006-03-30 09:28:36 UTC (rev 3715)
@@ -1,4 +1,4 @@
-CVE-2006-XXXX [Unspecified mediawiki issue]
+CVE-2006-1498 [Unspecified mediawiki issue]
- mediawiki 1.4.15-1
CVE-2006-1491 [horde3 eval injection()]
- horde3 <unfixed>
@@ -11347,8 +11347,8 @@
NOTE: exploitability using this hole.
NOTE: oldstable (woody) had zlib 1.1, which is not affected
[woody] - dpkg <not-affected> (Woody contains zlib 1.1, which is not
affected)
- - dpkg 1.13.11 (bug #317967; medium)
- NOTE: Sarge is affected
+ - dpkg 1.13.11 (bug #317967; unimportant)
+ NOTE: You need to trust debs anyway, when installing them
- zsync 0.4.0-2 (bug #317968; medium)
[woody] - dump <not-affected> (Woody contains zlib 1.1, which is not
affected)
[sarge] - dump <no-dsa> (Backups do not contain untrusted data)
Modified: data/DSA/list
===================================================================
--- data/DSA/list 2006-03-30 07:48:44 UTC (rev 3714)
+++ data/DSA/list 2006-03-30 09:28:36 UTC (rev 3715)
@@ -319,7 +319,7 @@
[sarge] - kdelibs 3.3.2-6.4
NOTE: not fixed in testing at time of DSA (unfixed in sid)
[20 Jan 2006] DSA-947-1 clamav - heap overflow
- {CVE-2006-0162}
+ {CVE-2006-0162 CVE-2005-3587}
[sarge] - clamav 0.84-2.sarge.7
NOTE: fixed in testing at time of DSA
[20 Jan 2006] DSA-946-1 sudo - missing input sanitising
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
