[Secure-testing-commits] r4735 - data/CVE
Author: stef-guest Date: 2006-09-17 19:33:36 + (Sun, 17 Sep 2006) New Revision: 4735 Modified: data/CVE/list Log: - GNUTLS-SA-2006-4 CVEified Modified: data/CVE/list === --- data/CVE/list 2006-09-17 19:26:39 UTC (rev 4734) +++ data/CVE/list 2006-09-17 19:33:36 UTC (rev 4735) @@ -10,8 +10,6 @@ RESERVED CVE-2006-4791 RESERVED -CVE-2006-4790 (verify.c in GnuTLS before 1.4.4, when using an RSA key with exponent ...) - TODO: check CVE-2006-4789 (Buffer overflow in Open Movie Editor 0.0.20060901 allows local users ...) TODO: check CVE-2006-4788 (PHP remote file inclusion vulnerability in includes/log.inc.php in ...) @@ -352,9 +350,8 @@ TODO: check CVE-2002-2217 (Multiple PHP remote file inclusion vulnerabilities in Web Server ...) TODO: check -CVE-2006- [gnutls signature forgery] +CVE-2006-4790 (verify.c in GnuTLS before 1.4.4, when using an RSA key with exponent ...) NOTE: GNUTLS-SA-2006-4 - NOTE: fix for gnutls13 reverted in 1.4.3-2 - gnutls13 1.4.4-1 (medium) - gnutls12 unfixed (medium) - gnutls11 unfixed (medium) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r4736 - data/CVE
Author: stef-guest Date: 2006-09-17 20:08:32 + (Sun, 17 Sep 2006) New Revision: 4736 Modified: data/CVE/list Log: some NFUs Modified: data/CVE/list === --- data/CVE/list 2006-09-17 19:33:36 UTC (rev 4735) +++ data/CVE/list 2006-09-17 20:08:32 UTC (rev 4736) @@ -11,11 +11,11 @@ CVE-2006-4791 RESERVED CVE-2006-4789 (Buffer overflow in Open Movie Editor 0.0.20060901 allows local users ...) - TODO: check + NOT-FOR-US: Open Movie Editor CVE-2006-4788 (PHP remote file inclusion vulnerability in includes/log.inc.php in ...) - TODO: check + NOT-FOR-US: SignKorn Guestbook CVE-2006-4787 (AlphaMail before 1.0.16 allows local users to obtain sensitive ...) - TODO: check + NOT-FOR-US: AlphaMail CVE-2006-4786 (Moodle 1.6.1 and earlier allows remote attackers to obtain sensitive ...) TODO: check CVE-2006-4785 (SQL injection vulnerability in Moodle 1.6.1 and earlier allows remote ...) @@ -23,103 +23,103 @@ CVE-2006-4784 (Multiple cross-site scripting (XSS) vulnerabilities in Moodle 1.6.1 ...) TODO: check CVE-2006-4783 (SQL injection vulnerability in squads.php in WebSPELL 4.01.01 and ...) - TODO: check + NOT-FOR-US: WebSPELL CVE-2006-4782 (src/index.php in WebSPELL 4.01.01 and earlier, when register_globals ...) - TODO: check + NOT-FOR-US: WebSPELL CVE-2006-4781 (Heap-based buffer overflow in FutureSoft TFTP Server Multithreaded ...) - TODO: check + NOT-FOR-US: FutureSoft TFTP Server CVE-2006-4780 (PHP remote file inclusion vulnerability in includes/functions.php in ...) TODO: check CVE-2006-4779 (PHP remote file inclusion vulnerability in ...) - TODO: check + NOT-FOR-US: Vitrax Premodded phpBB CVE-2006-4778 (SQL injection vulnerability in Creative Commons Tools ccHost before ...) - TODO: check + NOT-FOR-US: Creative Commons Tools ccHost CVE-2006-4777 (Heap-based buffer overflow in the DirectAnimation.PathControl COM ...) - TODO: check + NOT-FOR-US: DirectAnimation.PathControl CVE-2006-4776 (Heap-based buffer overflow in the VLAN Trunking Protocol (VTP) feature ...) - TODO: check + NOT-FOR-US: Cisco CVE-2006-4775 (The VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(19) and ...) - TODO: check + NOT-FOR-US: Cisco CVE-2006-4774 (The VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(19) allows ...) - TODO: check + NOT-FOR-US: Cisco CVE-2006-4773 (Sun StorEdge 6130 Array Controllers with firmware 06.12.10.11 and ...) - TODO: check + NOT-FOR-US: Sun StorEdge CVE-2006-4772 (HotPlug CMS stores sensitive information under the web root with ...) - TODO: check + NOT-FOR-US: HotPlug CMS CVE-2006-4771 (Cross-site scripting (XSS) vulnerability in haut.php in ForumJBC 4 ...) - TODO: check + NOT-FOR-US: ForumJBC CVE-2006-4770 (PHP remote file inclusion vulnerability in menu.php in [EMAIL PROTECTED] 2.0 ...) - TODO: check + NOT-FOR-US: [EMAIL PROTECTED] CVE-2006-4769 (PHP remote file inclusion vulnerability in abf_js.php in p4CMS 1.05 ...) - TODO: check + NOT-FOR-US: p4CMS CVE-2006-4768 (Multiple direct static code injection vulnerabilities in add_go.php in ...) - TODO: check + NOT-FOR-US: Stefan Ernst Newsscript (aka WM-News) CVE-2006-4767 (Multiple directory traversal vulnerabilities in Stefan Ernst ...) - TODO: check + NOT-FOR-US: Stefan Ernst Newsscript (aka WM-News) CVE-2006-4766 (Directory traversal vulnerability in print.php in Stefan Ernst ...) - TODO: check + NOT-FOR-US: Stefan Ernst Newsscript (aka WM-News) CVE-2006-4765 (NETGEAR DG834GT Wireless ADSL router running firmware 1.01.28 allows ...) - TODO: check + NOT-FOR-US: NETGEAR CVE-2006-4764 (PHP remote file inclusion vulnerability in common.php in Thomas LETE ...) - TODO: check + NOT-FOR-US: WTools CVE-2006-4763 (IBM Lotus Domino Web Access (DWA) 7.0.1 does not expire a client's ...) - TODO: check + NOT-FOR-US: IBM Lotus Domino Web Access CVE-2006-4762 (Multiple cross-site scripting (XSS) vulnerabilities in Ykoon RssReader ...) - TODO: check + NOT-FOR-US: Ykoon RssReader CVE-2006-4761 (Multiple cross-site scripting (XSS) vulnerabilities in Luke Hutteman ...) - TODO: check + NOT-FOR-US: SharpReader CVE-2006-4760 (Multiple cross-site scripting (XSS) vulnerabilities in Benjamin Pasero ...) - TODO: check + NOT-FOR-US: RSSOwl CVE-2006-4759 (PunBB 1.2.12 does not properly handle pathnames ending in %00, which ...) - TODO: check + NOT-FOR-US: PunBB CVE-2006-4758 (phpBB 2.0.21 does not properly handle pathnames ending in %00, which ...) TODO: check CVE-2006-4757 (Multiple SQL injection vulnerabilities in the admin section in e107 ...) TODO: check
[Secure-testing-commits] Processing r4736 failed
The error message was: error: unknown package note 'path disclosure' make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r4737 - data/CVE
Author: stef-guest Date: 2006-09-17 20:12:57 + (Sun, 17 Sep 2006) New Revision: 4737 Modified: data/CVE/list Log: fix syntax Modified: data/CVE/list === --- data/CVE/list 2006-09-17 20:08:32 UTC (rev 4736) +++ data/CVE/list 2006-09-17 20:12:57 UTC (rev 4737) @@ -119,7 +119,8 @@ CVE-2006-4736 (Multiple SQL injection vulnerabilities in index.php in CMS.R. allow ...) NOT-FOR-US: CMS.R CVE-2006-4735 (Kellan Elliott-McCrea MagpieRSS allows remote attackers to obtain ...) - - magpierss unfixed (unimportant; path disclosure) + - magpierss unfixed (unimportant) + NOTE: path disclosure only CVE-2006-4734 (Multiple SQL injection vulnerabilities in tiki-g-admin_processes.php ...) TODO: check CVE-2006-4733 (PHP remote file inclusion vulnerability in sipssys/code/box.inc.php in ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r4738 - lib/python
Author: fw Date: 2006-09-17 20:54:22 + (Sun, 17 Sep 2006) New Revision: 4738 Modified: lib/python/security_db.py Log: Do not enforce version ordering between different suites. The archive currently violates this constraint. Modified: lib/python/security_db.py === --- lib/python/security_db.py 2006-09-17 20:12:57 UTC (rev 4737) +++ lib/python/security_db.py 2006-09-17 20:54:22 UTC (rev 4738) @@ -942,24 +942,27 @@ print calculateVulnerabilities: print checking version consistency in package notes -# Ignore etch because sarge issues may be fast-tracked into -# testing, bypassing unstable. -for (bug_name, pkg_name, rel, unstable_ver, rel_ver) \ -in list(cursor.execute( -SELECT a.bug_name, a.package, b.release, -a.fixed_version, b.fixed_version -FROM package_notes a, package_notes b -WHERE a.bug_name = b.bug_name AND a.package = b.package -AND a.release = '' AND b.release NOT IN ('', 'etch') -AND a.fixed_version IS NOT NULL -AND a.fixed_version_id b.fixed_version_id)): -b = bugs.BugFromDB(cursor, bug_name) -result.append(%s:%d: inconsistent versions for package %s - % (b.source_file, b.source_line, pkg_name)) -result.append(%s:%d: unstable: %s - % (b.source_file, b.source_line, unstable_ver)) -result.append(%s:%d: release %s: %s - % (b.source_file, b.source_line, `rel`, rel_ver)) +# The following does not work because stable-security - +# testing - unstable propagation is no longer available. +if False: +# Ignore etch because sarge issues may be fast-tracked into +# testing, bypassing unstable. +for (bug_name, pkg_name, rel, unstable_ver, rel_ver) \ +in list(cursor.execute( +SELECT a.bug_name, a.package, b.release, +a.fixed_version, b.fixed_version +FROM package_notes a, package_notes b +WHERE a.bug_name = b.bug_name AND a.package = b.package +AND a.release = '' AND b.release NOT IN ('', 'etch') +AND a.fixed_version IS NOT NULL +AND a.fixed_version_id b.fixed_version_id)): +b = bugs.BugFromDB(cursor, bug_name) +result.append(%s:%d: inconsistent versions for package %s + % (b.source_file, b.source_line, pkg_name)) +result.append(%s:%d: unstable: %s + % (b.source_file, b.source_line, unstable_ver)) +result.append(%s:%d: release %s: %s + % (b.source_file, b.source_line, `rel`, rel_ver)) if self.verbose: print checking source/binary packages ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r4739 - data/CVE
Author: micah Date: 2006-09-18 00:22:08 + (Mon, 18 Sep 2006) New Revision: 4739 Modified: data/CVE/list Log: Add missing thunderbird entries Modified: data/CVE/list === --- data/CVE/list 2006-09-17 20:54:22 UTC (rev 4738) +++ data/CVE/list 2006-09-18 00:22:08 UTC (rev 4739) @@ -486,6 +486,7 @@ NOTE: MFSA-2006-62 - firefox unfixed (low) - xulrunner unfixed (low) + - thunderbird 1.5.0.7-1 [sarge] - mozilla-firefox unfixed (low) CVE-2006-4568 RESERVED @@ -493,6 +494,7 @@ - mozilla unfixed (low) - firefox unfixed (low) - xulrunner unfixed (low) +- thunderbird 1.5.0.7-1 [sarge] - mozilla-firefox unfixed (low) CVE-2006-4567 [Spoofing in internal auto update] RESERVED ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits