[Secure-testing-commits] r5179 - data/CVE
Author: jmm-guest Date: 2006-12-26 13:15:46 +0100 (Tue, 26 Dec 2006) New Revision: 5179 Modified: data/CVE/list Log: record correct fix for typo3 moodle already fixed per maintainer dbus issue just an unimportant local annoyance bug gaim-encryption no-dsa Modified: data/CVE/list === --- data/CVE/list 2006-12-26 08:14:19 UTC (rev 5178) +++ data/CVE/list 2006-12-26 12:15:46 UTC (rev 5179) @@ -16,7 +16,7 @@ CVE-2006-6691 (Multiple PHP remote file inclusion vulnerabilities in Valdersoft ...) NOT-FOR-US: Valdersoft Shopping Cart CVE-2006-6690 (rtehtmlarea/pi1/class.tx_rtehtmlarea_pi1.php in Typo3 4.0.0 through ...) - - typo3 4.0.4+debian-1 (high; bug #403906) + - typo3 4.0.2+debian-2 (high; bug #403906) NOTE: http://typo3.org/news-single-view/?tx_newsimporter_pi1%5BshowItem%5D=0cHash=e4a40a11a9 CVE-2006-6689 (Multiple PHP remote file inclusion vulnerabilities in Paristemi 0.8.3 ...) NOT-FOR-US: Paristemi @@ -176,7 +176,7 @@ - moodle 1.6-1 NOTE: Does not affect moodle 1.6 according to SecurityFocus. CVE-2006-6625 (Cross-site scripting (XSS) vulnerability in mod/forum/discuss.php in ...) - - moodle unfixed (low) + - moodle 1.6.3-2 (low) NOTE: SC#341 fixed initilaization of navtail variable NOTE: http://moodle.cvs.sourceforge.net/moodle/moodle/mod/forum/discuss.php?view=log CVE-2006-6624 (The FTP Server in Sambar Server 6.4 allows remote authenticated users ...) @@ -1363,7 +1363,8 @@ CVE-2006-6108 (Cross-site scripting (XSS) vulnerability in EC-CUBE before 1.0.1a-beta ...) NOT-FOR-US: EC-CUBE CVE-2006-6107 (Unspecified vulnerability in the match_rule_equal function in ...) - - dbus 1.0.2-1 + - dbus 1.0.2-1 (low) + [sarge] - dbus no-dsa (Minor issue) CVE-2006-6106 (Multiple buffer overflows in the cmtp_recv_interopmsg function in the ...) - linux-2.6 unfixed CVE-2006-6105 (Format string vulnerability in the host chooser window (gdmchooser) in ...) @@ -14466,7 +14467,8 @@ CVE-2005-4694 (Unspecified vulnerability in the www_add method in Asset.pm in Plain ...) - webgui itp (bug #139749) CVE-2005-4693 (Gaim-Encryption 2.38-1 on Debian Linux allows remote attackers to ...) - - gaim-encryption 3.0~beta5-3 (bug #337127) + - gaim-encryption 3.0~beta5-3 (log; bug #337127) + [sarge] - gaim-encryption no-dsa (Minor issue) CVE-2005-4692 (Unspecified vulnerability in mroovca stats (mroovcastats) before ...) NOT-FOR-US: mroovca CVE-2005-4691 (imake in NetBSD before 2.0.3, NetBSD-current before 12 September 2005, ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] Processing r5179 failed
The error message was: error: unknown package note 'log' make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r5180 - data/CVE
Author: jmm-guest Date: 2006-12-26 13:55:50 +0100 (Tue, 26 Dec 2006) New Revision: 5180 Modified: data/CVE/list Log: fix typo Modified: data/CVE/list === --- data/CVE/list 2006-12-26 12:15:46 UTC (rev 5179) +++ data/CVE/list 2006-12-26 12:55:50 UTC (rev 5180) @@ -14467,7 +14467,7 @@ CVE-2005-4694 (Unspecified vulnerability in the www_add method in Asset.pm in Plain ...) - webgui itp (bug #139749) CVE-2005-4693 (Gaim-Encryption 2.38-1 on Debian Linux allows remote attackers to ...) - - gaim-encryption 3.0~beta5-3 (log; bug #337127) + - gaim-encryption 3.0~beta5-3 (low; bug #337127) [sarge] - gaim-encryption no-dsa (Minor issue) CVE-2005-4692 (Unspecified vulnerability in mroovca stats (mroovcastats) before ...) NOT-FOR-US: mroovca ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r5181 - data/CVE
Author: jmm-guest Date: 2006-12-26 14:45:49 +0100 (Tue, 26 Dec 2006) New Revision: 5181 Modified: data/CVE/list Log: iceweasel fixes Modified: data/CVE/list === --- data/CVE/list 2006-12-26 12:55:50 UTC (rev 5180) +++ data/CVE/list 2006-12-26 13:45:49 UTC (rev 5181) @@ -448,12 +448,12 @@ - phpbb2 unfixed (bug #402140) CVE-2006-6507 (Mozilla Firefox 2.0 before 2.0.0.1 allows remote attackers to bypass ...) NOTE: MFSA-2006-76 - - iceweasel unfixed (high) + - iceweasel 2.0.0.1+dfsg-1 (high) - xulrunner unfixed (high) - iceape unfixed (high) CVE-2006-6506 (The quot;Feed Previewquot; feature in Mozilla Firefox 2.0 before 2.0.0.1 sends ...) NOTE: MFSA-2006-75 - - iceweasel unfixed (low) + - iceweasel 2.0.0.1+dfsg-1 (low) - xulrunner unfixed (low) - iceape unfixed (low) CVE-2006-6505 (Multiple heap-based buffer overflows in Mozilla Thunderbird before ...) @@ -462,7 +462,7 @@ - icedove 1.5.0.9.dfsg1-1 (high) CVE-2006-6504 (Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, and ...) NOTE: MFSA-2006-73 - - iceweasel unfixed (high) + - iceweasel 2.0.0.1+dfsg-1 (high) - xulrunner unfixed (high) - iceape unfixed (high) - firefox removed (high) @@ -471,7 +471,7 @@ - icedove 1.5.0.9.dfsg1-1 (high) CVE-2006-6503 (Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird ...) NOTE: MFSA-2006-72 - - iceweasel unfixed (high) + - iceweasel 2.0.0.1+dfsg-1 (high) - xulrunner unfixed (high) - iceape unfixed (high) - firefox removed (high) @@ -481,7 +481,7 @@ - icedove 1.5.0.9.dfsg1-1 (high) CVE-2006-6502 (Use-after-free vulnerability in the LiveConnect bridge code for ...) NOTE: MFSA-2006-71 - - iceweasel unfixed (high) + - iceweasel 2.0.0.1+dfsg-1 (high) - xulrunner unfixed (high) - iceape unfixed (high) - firefox removed (high) @@ -492,7 +492,7 @@ NOTE: Not exploitable in standard Icedove configuration CVE-2006-6501 (Unspecified vulnerability in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x ...) NOTE: MFSA-2006-70 - - iceweasel unfixed (high) + - iceweasel 2.0.0.1+dfsg-1 (high) - xulrunner unfixed (high) - iceape unfixed (high) - firefox removed (high) @@ -512,7 +512,7 @@ - icedove not-affected (windows only) CVE-2006-6499 (The js_dtoa function in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x ...) NOTE: MFSA-2006-68 - - iceweasel unfixed (high) + - iceweasel 2.0.0.1+dfsg-1 (high) - xulrunner unfixed (high) - iceape unfixed (high) - firefox removed (high) @@ -524,7 +524,7 @@ NOTE: user? I don't think so CVE-2006-6498 (Multiple unspecified vulnerabilities in the JavaScript engine for ...) NOTE: MFSA-2006-68 - - iceweasel unfixed (high) + - iceweasel 2.0.0.1+dfsg-1 (high) - xulrunner unfixed (high) - iceape unfixed (high) - firefox removed (high) @@ -534,7 +534,7 @@ - icedove 1.5.0.9.dfsg1-1 (low) CVE-2006-6497 (Multiple unspecified vulnerabilities in the layout engine for Mozilla ...) NOTE: MFSA-2006-68 - - iceweasel unfixed (medium) + - iceweasel 2.0.0.1+dfsg-1 (medium) - xulrunner unfixed (medium) - iceape unfixed (medium) - firefox removed (medium) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r5182 - data/CVE
Author: jmm-guest Date: 2006-12-26 19:07:35 +0100 (Tue, 26 Dec 2006) New Revision: 5182 Modified: data/CVE/list Log: new w3m issue, fixed by myself for Etch (luk/aba, please review) new openser issue, bug filed Modified: data/CVE/list === --- data/CVE/list 2006-12-26 13:45:49 UTC (rev 5181) +++ data/CVE/list 2006-12-26 18:07:35 UTC (rev 5182) @@ -1,3 +1,8 @@ +CVE-2006- [openser permissions module buffer overflow] + - openser unfixed (medium) +CVE-2006- [w3m format string issue] + - w3m 0.5.1-5.1 (low) + TODO: Check w3mee, is this forked version still needed? CVE-2006- [insecure rpath in libflash-mozplugin] - libflash 0.4.13-9 (low; bug #399508) [etch] - libflash no-dsa (Not exploitable through directory writable by an unprivileged user) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits