[Secure-testing-commits] r3732 - in data: CVE DSA

Mon, 03 Apr 2006 00:53:07 -0700 

Author: jmm-guest
Date: 2006-04-03 07:52:14 +0000 (Mon, 03 Apr 2006)
New Revision: 3732

Modified:
   data/CVE/list
   data/DSA/list
Log:
three new issues in struts
new kernel dos
corrected DSA


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2006-04-03 07:25:35 UTC (rev 3731)
+++ data/CVE/list       2006-04-03 07:52:14 UTC (rev 3732)
@@ -1,3 +1,9 @@
+CVE-2006-1548 [struts xss]
+       - libstruts1.2-java <unfixed> (bug filed)
+CVE-2006-1547 [struts dos]
+       - libstruts1.2-java <unfixed> (bug filed)
+CVE-2006-1546 [struts validation bypass]
+       - libstruts1.2-java <unfixed> (bug filed)
 CVE-2006-1545 (Direct static code injection vulnerability in admin/config.php 
in ...)
        TODO: check
 CVE-2006-1544 (Multiple cross-site scripting (XSS) vulnerabilities in news.php 
in ...)
@@ -1091,8 +1097,9 @@
        RESERVED
 CVE-2006-1056
        RESERVED
-CVE-2006-1055
+CVE-2006-1055 [local DoS in kernel's sysfs code]
        RESERVED
+       - linux-2.6 <unfixed>
 CVE-2006-1054
        RESERVED
 CVE-2006-1053
@@ -3899,7 +3906,7 @@
        NOTE: nfs-utils (kernel NFS server) is not affected
        NOTE: (it uses PATH_MAX for the buffer passed to realpath).
 CVE-2006-0042 (Unspecified vulnerability in (1) apreq_parse_headers and (2) 
...)
-       {DSA-1000-1}
+       {DSA-1000-2}
        - libapreq2 2.07-1
 CVE-2006-0041
        RESERVED

Modified: data/DSA/list
===================================================================
--- data/DSA/list       2006-04-03 07:25:35 UTC (rev 3731)
+++ data/DSA/list       2006-04-03 07:52:14 UTC (rev 3732)
@@ -85,10 +85,9 @@
        [woody] - crossfire 1.1.0-1woody1
        [sarge] - crossfire 1.6.0.dfsg.1-4sarge1
        NOTE: not fixed in testing at the time of DSA (too young)
-[14 Mar 2006] DSA-1000-1 libapreq2-perl - design error
+[14 Mar 2006] DSA-1000-2 libapreq2-perl - design error
        {CVE-2006-0042}
-       [sarge] - libapreq2-perl 2.04-dev-1sarge1
-       NOTE: fixed in testing at the time of DSA (removed from sid)
+       [sarge] - libapreq2-perl 2.04-dev-1sarge2
 [14 Mar 2006] DSA-999-1 lurker - several
        {CVE-2006-1062 CVE-2006-1063 CVE-2006-1064}
        [sarge] - lurker 1.2-5sarge1


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

Reply via email to