[Secure-testing-commits] r3955 - in data: CVE DSA

Moritz Muehlenhoff Mon, 15 May 2006 08:12:43 -0700

Author: jmm-guest
Date: 2006-05-15 15:10:10 +0000 (Mon, 15 May 2006)
New Revision: 3955


Modified:
   data/CVE/list
   data/DSA/list
Log:
new webcalendar DSA
one more issue fixed by mozilla DSA
one more issue fixed by older curl DSA
gcc-4.1 issue a non-issue
no-dsa monopd
quake2 no-dsa
record fix for rssh, which came through s-p-u
remove old wdm non-issue


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2006-05-15 09:14:23 UTC (rev 3954)
+++ data/CVE/list       2006-05-15 15:10:10 UTC (rev 3955)
@@ -1028,7 +1028,8 @@
 CVE-2006-1903 (Multiple cross-site scripting (XSS) vulnerabilities in UserLand 
Manila ...)
        NOT-FOR-US: UserLand Manila
 CVE-2006-1902 (fold_binary in fold-const.c in GNU Compiler Collection (gcc) 
4.1 ...)
-       - gcc-4.1 4.1.0-2 (bug #356896; low)
+       - gcc-4.1 4.1.0-2 (bug #356896; unimportant)
+       NOTE: Turned out to be a non-issue
 CVE-2006-1901 (Mozilla Camino 1.0 and earlier allow remote attackers to cause 
a ...)
        NOT-FOR-US: Mozilla Camino
 CVE-2006-1900 (Multiple buffer overflows in World Wide Web Consortium (W3C) 
Amaya ...)
@@ -3134,7 +3135,8 @@
 CVE-2006-1047 (Unspecified vulnerability in the &quot;Remember Me login 
functionality&quot; in ...)
        NOT-FOR-US: Joomla!
 CVE-2006-1046 (server.cpp in Monopd 0.9.3 allows remote attackers to cause a 
denial ...)
-       - monopd <unfixed> (bug #355797)
+       - monopd <unfixed> (bug #355797; low)
+       [sarge] - monopd <no-dsa> (Very minor security ramifications)
 CVE-2006-1045 (The HTML rendering engine in Mozilla Thunderbird 1.5, when 
&quot;Block ...)
        {DSA-1051-1 DSA-1046-1}
        - thunderbird 1.5.0.2-1
@@ -7574,22 +7576,30 @@
        NOT-FOR-US: Intel hardware
 CVE-2004-2599 (Multiple buffer overflows in Quake II server before R1Q2, as 
used in ...)
        - quake2 <unfixed> (bug #280573; low)
+       [sarge] - quake2 <no-dsa> (Documented to be insecure, contrib)
        NOTE: There is a big note in the quake2 package stating that it is not 
secure.
        NOTE: Otherwise severity would be high.
 CVE-2004-2598 (Quake II server before R1Q2, as used in multiple products, 
allows ...)
        - quake2 <unfixed> (bug #280573; low)
+       [sarge] - quake2 <no-dsa> (Documented to be insecure, contrib)
 CVE-2004-2597 (Quake II server before R1Q2, as used in multiple products, 
allows ...)
        - quake2 <unfixed> (bug #280573; low)
+       [sarge] - quake2 <no-dsa> (Documented to be insecure, contrib)
 CVE-2004-2596 (Quake II server before R1Q2, as used in multiple products, 
allows ...)
        - quake2 <unfixed> (bug #280573; low)
+       [sarge] - quake2 <no-dsa> (Documented to be insecure, contrib)
 CVE-2004-2595 (Absolute path traversal vulnerability in Quake II server before 
R1Q2 ...)
        - quake2 <unfixed> (bug #280573; low)
+       [sarge] - quake2 <no-dsa> (Documented to be insecure, contrib)
 CVE-2004-2594 (Absolute path traversal vulnerability in Quake II server before 
R1Q2 ...)
        - quake2 <unfixed> (bug #280573; low)
+       [sarge] - quake2 <no-dsa> (Documented to be insecure, contrib)
 CVE-2004-2593 (Buffer overflow in command-packet processing of Quake II server 
before ...)
        - quake2 <unfixed> (bug #280573; low)
+       [sarge] - quake2 <no-dsa> (Documented to be insecure, contrib)
 CVE-2004-2592 (Quake II server before R1Q2, as used in multiple products, 
allows ...)
        - quake2 <unfixed> (bug #280573; low)
+       [sarge] - quake2 <no-dsa> (Documented to be insecure, contrib)
 CVE-2004-2591 (The data-overwrite capability of ButtUglySoftware CleanCache 
2.19 does ...)
        NOT-FOR-US: ButtUglySoftware CleanCache
 CVE-2004-2590 (Unspecified vulnerability in meindlSOFT Cute PHP Library (aka 
cphplib) ...)
@@ -9063,6 +9073,8 @@
        - osh 1.7-15 (bug #338312; bug #323424; bug #323482; bug #311369; 
medium)
 CVE-2005-3345 (rssh 2.0.0 through 2.2.3 allows local users to bypass access 
...)
        - rssh 2.3.0-1 (bug #344395; bug #344424)
+       [sarge] - rssh 2.2.3-1.sarge.1
+       NOTE: Update was introduced through s-p-u, not a DSA
 CVE-2005-3344 (The default installation of Horde 3.0.4 contains an 
administrative ...)
        {DSA-884-1}
        - horde3 3.0.5-2 (bug #332290; bug #332289; medium)
@@ -9867,8 +9879,6 @@
 CVE-2004-XXXX [Insecure temp files in amanda's chg-manual]
        - amanda 1:2.4.5p1-1 (bug #226139; low)
        NOTE: Woody and Sarge affected
-CVE-2004-XXXX [Buffer overflow in wdm's login]
-       - wdm <unfixed> (bug #276218; low)
 CVE-2005-3752 (Unspecified vulnerability in ldapdiff before 1.1.1 has unknown 
impact ...)
        - ldapdiff <not-affected> (The version in Debian doesn't contain the 
vulnerable code, see #306878)
 CVE-2005-XXXX [apt-cache doesn't differentiate sources which share several 
properties]
@@ -17192,8 +17202,6 @@
 CVE-2005-XXXX [Multiple security problems in Quake 2]
        NOTE: this release added lots of warnings about the security problems
        - quake2 1:0.3-1.1
-       - quake2 <unfixed> (bug #280573; low)
-       NOTE: CVE id requested from mitre
 CVE-2005-1245 (Cross-site scripting (XSS) vulnerability in MediaWiki before 
1.4.2, ...)
        - mediawiki 1.4.9 (bug #276057)
 CVE-2005-1244 (** DISPUTED ** ...)

Modified: data/DSA/list
===================================================================
--- data/DSA/list       2006-05-15 09:14:23 UTC (rev 3954)
+++ data/DSA/list       2006-05-15 15:10:10 UTC (rev 3955)
@@ -1,3 +1,6 @@
+[15 May 2006] DSA-1056-1 webcalendar - verbose error message
+       {CVE-2006-2247}
+       [sarge] - webcalendar 0.9.45-4sarge4
 [11 May 2006] DSA-1055-1 mozilla-firefox - programming error
         {CVE-2006-1993}
         [sarge] - mozilla-firefox 1.0.4-2sarge7
@@ -28,7 +31,7 @@
 [30 Apr 2006] DSA-1047-1 resmgr - programming error
         [sarge] - resmgr 1.0-2sarge2
 [27 Apr 2006] DSA-1046-1 mozilla - several
-        {CVE-2005-2353 CVE-2005-4134 CVE-2006-0292 CVE-2006-0293 CVE-2006-0748 
CVE-2006-0749 CVE-2006-0884 CVE-2006-1045 CVE-2006-1529 CVE-2006-1530 
CVE-2006-1531 CVE-2006-1723 CVE-2006-1724 CVE-2006-1727 CVE-2006-1728 
CVE-2006-1729 CVE-2006-1730 CVE-2006-1731 CVE-2006-1733 CVE-2006-1734 
CVE-2006-1735 CVE-2006-1736 CVE-2006-1737 CVE-2006-1738 CVE-2006-1739 
CVE-2006-1740 CVE-2006-1741 CVE-2006-1742 CVE-2006-1790}
+        {CVE-2006-1732 CVE-2005-2353 CVE-2005-4134 CVE-2006-0292 CVE-2006-0293 
CVE-2006-0748 CVE-2006-0749 CVE-2006-0884 CVE-2006-1045 CVE-2006-1529 
CVE-2006-1530 CVE-2006-1531 CVE-2006-1723 CVE-2006-1724 CVE-2006-1727 
CVE-2006-1728 CVE-2006-1729 CVE-2006-1730 CVE-2006-1731 CVE-2006-1733 
CVE-2006-1734 CVE-2006-1735 CVE-2006-1736 CVE-2006-1737 CVE-2006-1738 
CVE-2006-1739 CVE-2006-1740 CVE-2006-1741 CVE-2006-1742 CVE-2006-1790}
         [sarge] - mozilla 1.7.8-1sarge5
 [27 Apr 2006] DSA-1045-1 openvpn - design error
         {CVE-2006-1629}
@@ -583,7 +586,7 @@
        [sarge] - ethereal 0.10.10-2sarge3
        NOTE: not fixed in testing at time of DSA (unfixed in sid)
 [12 Dec 2005] DSA-919-2 curl - buffer overflow
-       {CVE-2005-4077}
+       {CVE-2005-4077 CVE-2005-3185}
        [woody] - curl 7.9.5-1woody2
        [sarge] - curl 7.13.2-2sarge5
        NOTE: partially fixed in testing at time of DSA 


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r3955 - in data: CVE DSA

Reply via email to