[Secure-testing-commits] r3767 - in data: CVE DSA
Author: jmm-guest
Date: 2006-04-07 07:48:08 + (Fri, 07 Apr 2006)
New Revision: 3767
Modified:
data/CVE/list
data/DSA/list
Log:
added missing CVE IDs to latest koffice DSA
openvpn fixed
horde fixed
older freeradius issues already fixed
checked some older sarge issues
bugnums
Modified: data/CVE/list
===
--- data/CVE/list 2006-04-06 23:15:45 UTC (rev 3766)
+++ data/CVE/list 2006-04-07 07:48:08 UTC (rev 3767)
@@ -86,7 +86,7 @@
CVE-2002-2210 (The installation of OpenOffice 1.0.1 allows local users to
overwrite ...)
TODO: check
CVE-2006- [openvpn missing setenv sanitising]
- - openvpn unfixed (bug #360559; medium)
+ - openvpn 2.0.6-1 (bug #360559; medium)
CVE-2006-1614 [clamav 0.88.1 integer overflow]
RESERVED
{DSA-1024-1}
@@ -117,7 +117,7 @@
CVE-2006-1578 (Multiple SQL injection vulnerabilities in Keystone Digital
Library ...)
NOT-FOR-US: Keystone Digital Library Suite
CVE-2006-1577 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- - mantis unfixed
+ - mantis unfixed (bug #361138)
CVE-2006-1576 (Direct static code injection vulnerability in QLnews 1.2 allows
remote ...)
NOT-FOR-US: QLnews
CVE-2006-1575 (Multiple cross-site scripting (XSS) vulnerabilities in news.php
in ...)
@@ -300,7 +300,7 @@
CVE-2006-1506 (Unspecified vulnerability in rsh in Sun Microsystems Sun Grid
Engine ...)
NOT-FOR-US: Sun Microsystems Sun Grid Engine 5.3
CVE-2006-1505 (base_maintenance.php in Basic Analysis and Security Engine
(BASE) ...)
- - acidbase unfixed
+ - acidbase unfixed (bug #361139)
CVE-2006-1504 (Multiple cross-site scripting (XSS) vulnerabilities in Arab
Portal 2.0 ...)
NOT-FOR-US: Arab Portal
CVE-2006-1503 (PHP remote file inclusion vulnerability in ...)
@@ -352,7 +352,7 @@
- mediawiki 1.4.15-1
- mediawiki1.5 1.5.8-1
CVE-2006-1491 (Eval injection vulnerability in Horde Application Framework
versions ...)
- - horde3 unfixed
+ - horde3 3.1.1-1
CVE-2006-1490 (PHP before 5.1.3-RC1 might allow remote attackers to obtain
portions ...)
- php5 unfixed (bug #359904; low)
- php4 unfixed (bug #359907; low)
@@ -547,11 +547,11 @@
CVE-2005-4747 (Cross-site scripting (XSS) vulnerability in WebHost Automation
Ltd ...)
TODO: check
CVE-2005-4746 (Multiple buffer overflows in FreeRADIUS 1.0.3 and 1.0.4 allow
remote ...)
- TODO: check
+ - freeradius 1.0.5-1
CVE-2005-4745 (SQL injection vulnerability in the rlm_sqlcounter module in
FreeRADIUS ...)
- TODO: check
+ - freeradius 1.0.5-1
CVE-2005-4744 (Off-by-one error in the sql_error function in sql_unixodbc.c in
...)
- TODO: check
+ - freeradius 1.0.5-1
CVE-1999-1587 (/usr/ucb/ps in Sun Microsystems Solaris 8 and 9, and certain
earlier ...)
TODO: check
CVE-2006-1396 (Multiple cross-site scripting (XSS) vulnerabilities in Cholod
MySQL ...)
@@ -6474,6 +6474,8 @@
NOTE: First patch had regressions
CVE-2005-3538 (hfaxd in HylaFAX 4.2.3, when PAM support is disabled, accepts
...)
- hylafax 2:4.2.4-1
+ [sarge] - hylagax not-affected (Affected only 4.2.3)
+ [woody] - hylagax not-affected (Affected only 4.2.3)
CVE-2005-3537 (A quot;missing request validationquot; error in phpBB 2
before 2.0.18 allows ...)
{DSA-925-1}
- phpbb2 2.0.18-1 (bug #336582; medium)
@@ -8047,6 +8049,8 @@
- fuzz 0.6-7.1 (bug #183047)
CVE-2005- [DoS triggering endless loops in findutils -follow option]
- findutils 4.2.22-1 (bug #313081)
+ [woody] - findutils not-affected (Only code between 4.2.18 and 4.2.22
affected)
+ [sarge] - findutils not-affected (Only code between 4.2.18 and 4.2.22
affected)
CVE-2005-3138 (Bugzilla 2.18rc1 through 2.18.3, 2.19 through 2.20rc2, and 2.21
allows ...)
[woody] - bugzilla not-affected (Only Bugzilla = 2.18 is affected)
[sarge] - bugzilla not-affected (Only Bugzilla = 2.18 is affected)
@@ -8158,7 +8162,8 @@
CVE-2005-3071 (Unspecified vulnerability in Unix File System (UFS) on Solaris
8 and ...)
NOT-FOR-US: Solaris
CVE-2005-3070 (HylaFax 4.2.1 and earlier does not create or verify ownership
of the ...)
- - hylafax 1:4.2.2+rc1 (bug #329384; low)
+ - hylafax 1:4.2.2+rc1 (bug #329384; unimportant)
+ NOTE: This was judged non-exploitable
CVE-2005-3069 (xferfaxstats in HylaFax 4.2.1 and earlier allows local users to
...)
{DSA-865-1}
- hylafax 1:4.2.2+rc1 (bug #329384; low)
Modified: data/DSA/list
===
--- data/DSA/list 2006-04-06 23:15:45 UTC (rev 3766)
+++ data/DSA/list 2006-04-07 07:48:08 UTC (rev 3767)
@@ -27,7 +27,7 @@
{CVE-2006-0459}
[sarge] - flex 2.5.31-31sarge1
[24 Mar 2006] DSA-1019-1 koffice - several
- {CVE-2006-1244}
+
[Secure-testing-commits] r3768 - data/CVE
Author: jmm-guest
Date: 2006-04-07 07:49:00 + (Fri, 07 Apr 2006)
New Revision: 3768
Modified:
data/CVE/list
Log:
fix typo
Modified: data/CVE/list
===
--- data/CVE/list 2006-04-07 07:48:08 UTC (rev 3767)
+++ data/CVE/list 2006-04-07 07:49:00 UTC (rev 3768)
@@ -6474,8 +6474,8 @@
NOTE: First patch had regressions
CVE-2005-3538 (hfaxd in HylaFAX 4.2.3, when PAM support is disabled, accepts
...)
- hylafax 2:4.2.4-1
- [sarge] - hylagax not-affected (Affected only 4.2.3)
- [woody] - hylagax not-affected (Affected only 4.2.3)
+ [sarge] - hylafax not-affected (Affected only 4.2.3)
+ [woody] - hylafax not-affected (Affected only 4.2.3)
CVE-2005-3537 (A quot;missing request validationquot; error in phpBB 2
before 2.0.18 allows ...)
{DSA-925-1}
- phpbb2 2.0.18-1 (bug #336582; medium)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] Processing r3768 failed
The error message was: reference to unknwown bug CVE-2006-3192 make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] Processing r3768 failed
The error message was: reference to unknwown bug CVE-2006-3192 make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r3769 - data/DSA
Author: jmm-guest
Date: 2006-04-07 08:00:31 + (Fri, 07 Apr 2006)
New Revision: 3769
Modified:
data/DSA/list
Log:
fix CVE ref
Modified: data/DSA/list
===
--- data/DSA/list 2006-04-07 07:49:00 UTC (rev 3768)
+++ data/DSA/list 2006-04-07 08:00:31 UTC (rev 3769)
@@ -27,7 +27,7 @@
{CVE-2006-0459}
[sarge] - flex 2.5.31-31sarge1
[24 Mar 2006] DSA-1019-1 koffice - several
- {CVE-2006-1244 CVE-2006-3192 CVE-2006-0301}
+ {CVE-2006-1244 CVE-2005-3192 CVE-2006-0301}
[sarge] - koffice 1.3.5-4.sarge.3
[24 Mar 2006] DSA-1018-1 kernel-source-2.4.27 - several
{CVE-2004-0887 CVE-2004-1058 CVE-2004-2607 CVE-2005-0449 CVE-2005-1761
CVE-2005-2457 CVE-2005-2555 CVE-2005-2709 CVE-2005-2973 CVE-2005-3257
CVE-2005-3783 CVE-2005-3806 CVE-2005-3848 CVE-2005-3857 CVE-2005-3858
CVE-2005-4618}
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r3770 - data/CVE
Author: joeyh
Date: 2006-04-07 09:14:32 + (Fri, 07 Apr 2006)
New Revision: 3770
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===
--- data/CVE/list 2006-04-07 08:00:31 UTC (rev 3769)
+++ data/CVE/list 2006-04-07 09:14:32 UTC (rev 3770)
@@ -1,3 +1,57 @@
+CVE-2006-1656 (vserver in util-vserver 0.30.209 executes a command as root
when the ...)
+ TODO: check
+CVE-2006-1655 (Unspecified vulnerability in mpg123 0.59r allows user-complicit
...)
+ TODO: check
+CVE-2006-1654 (Directory traversal vulnerability in the HP Color LaserJet 2500
...)
+ TODO: check
+CVE-2006-1653 (PHP remote file inclusion vulnerability in loadkernel.php in
...)
+ TODO: check
+CVE-2006-1652 (Multiple buffer overflows in (a) UltraVNC (aka [EMAIL
PROTECTED]) 1.0.1 and ...)
+ TODO: check
+CVE-2006-1651 (** DISPUTED ** ...)
+ TODO: check
+CVE-2006-1650 (Firefox 1.5.0.1 allows remote attackers to spoof the address
bar and ...)
+ TODO: check
+CVE-2006-1649 (The quot;restore toquot; selection in the quot;quarantine a
filequot; capability of ...)
+ TODO: check
+CVE-2006-1648 (SMART SynchronEyes Student and Teacher 6.0, and possibly
earlier ...)
+ TODO: check
+CVE-2006-1647 (An unspecified quot;logical programming mistakequot; in SMART
SynchronEyes ...)
+ TODO: check
+CVE-2006-1646 (The Internet Key Exchange version 1 (IKEv1) implementation ...)
+ TODO: check
+CVE-2006-1645 (Cross-site scripting (XSS) vulnerability in Anton Vlasov and
Rostislav ...)
+ TODO: check
+CVE-2006-1644 (login.php in Interact 2.1.1 generates different responses
depending on ...)
+ TODO: check
+CVE-2006-1643 (SQL injection vulnerability in login.php in Interact 2.1.1
allows ...)
+ TODO: check
+CVE-2006-1642 (Cross-site scripting (XSS) vulnerability in Interact 2.1.1
allows ...)
+ TODO: check
+CVE-2006-1641 (Multiple SQL injection vulnerabilities in CzarNews 1.14 allow
remote ...)
+ TODO: check
+CVE-2006-1640 (Cross-site scripting (XSS) vulnerability in news.php in
CzarNews 1.14 ...)
+ TODO: check
+CVE-2006-1639 (SQL injection vulnerability in index.php in wpBlog 0.4 allows
remote ...)
+ TODO: check
+CVE-2006-1638 (Multiple SQL injection vulnerabilities in aWebBB 1.2 allow
remote ...)
+ TODO: check
+CVE-2006-1637 (Multiple cross-site scripting (XSS) vulnerabilities in aWebBB
1.2 ...)
+ TODO: check
+CVE-2006-1636 (PHP remote file inclusion vulnerability in get_header.php in
VWar ...)
+ TODO: check
+CVE-2006-1635 (LucidCMS 2.0.0 RC4 allows remote attackers to obtain sensitive
...)
+ TODO: check
+CVE-2006-1634 (Cross-site scripting (XSS) vulnerability in index.php in
LucidCMS ...)
+ TODO: check
+CVE-2006-1633
+ RESERVED
+CVE-2006-1632
+ RESERVED
+CVE-2006-1631 (Unspecified vulnerability in the HTTP compression functionality
in ...)
+ TODO: check
+CVE-2006-1629
+ RESERVED
CVE-2006-1628
RESERVED
CVE-2006-1627
@@ -2,3 +56,3 @@
RESERVED
-CVE-2006-1626 (Internet Explorer 6 for Windows XP SP2, and earlier allows
remote ...)
+CVE-2006-1626 (Internet Explorer 6 for Windows XP SP2 and earlier allows
remote ...)
TODO: check
@@ -92,6 +146,7 @@
{DSA-1024-1}
- clamav 0.88.1-1
CVE-2006-1630 [clamav 0.88.1 fix possible crash in cli_bitset_test()]
+ RESERVED
{DSA-1024-1}
- clamav 0.88.1-1
CVE-2006-1615 [clamav 0.88.1 format string flaws]
@@ -1309,8 +1364,7 @@
RESERVED
CVE-2006-1056
RESERVED
-CVE-2006-1055 [local DoS in kernel's sysfs code]
- RESERVED
+CVE-2006-1055 (The fill_write_buffer function in sysfs/file.c in Linux kernel
2.6.12 ...)
- linux-2.6 unfixed
CVE-2006-1054
RESERVED
@@ -3078,7 +3132,7 @@
CVE-2006-0302 (ZyXel P2000W VoIP 802.11b Wireless Phone running firmware
WV.00.02 ...)
NOT-FOR-US: ZyXel hardware
CVE-2006-0301 (Heap-based buffer overflow in Splash.cc in xpdf, as used in
other ...)
- {DSA-998-1 DSA-984-1 DSA-983-1 DSA-982-1 DSA-979-1 DSA-974-1 DSA-972-1
DSA-971-1}
+ {DSA-1019-1 DSA-998-1 DSA-984-1 DSA-983-1 DSA-982-1 DSA-979-1 DSA-974-1
DSA-972-1 DSA-971-1}
- poppler 0.4.5-1 (medium)
- tetex-bin 3.0-12 (medium)
- kdegraphics 4:3.5.1-2 (medium)
@@ -7741,7 +7795,7 @@
- cupsys 1.1.23-13 (unimportant)
- pdfkit.framework 0.8-4
CVE-2005-3192 (Heap-based buffer overflow in the StreamPredictor function in
Xpdf ...)
- {DSA-983-1 DSA-962-1 DSA-961-1 DSA-950-1 DSA-940-1 DSA-937-1 DSA-936-1
DSA-932-1 DSA-931-1}
+ {DSA-1019-1 DSA-983-1 DSA-962-1 DSA-961-1 DSA-950-1 DSA-940-1 DSA-937-1
DSA-936-1 DSA-932-1 DSA-931-1}
- xpdf 3.01-3 (bug #342281; bug #342337; medium)
- gpdf 2.10.0-1 (bug #342286; medium)
- pdftohtml 0.36-12 (bug #342289; medium)
___
[Secure-testing-commits] r3771 - data/CVE
Author: jmm-guest Date: 2006-04-07 09:21:17 + (Fri, 07 Apr 2006) New Revision: 3771 Modified: data/CVE/list Log: unimportant vserver issue Modified: data/CVE/list === --- data/CVE/list 2006-04-07 09:14:32 UTC (rev 3770) +++ data/CVE/list 2006-04-07 09:21:17 UTC (rev 3771) @@ -1,5 +1,5 @@ CVE-2006-1656 (vserver in util-vserver 0.30.209 executes a command as root when the ...) - TODO: check + - util-vserver 0.30.210-1 (bug #360438; unimportant) CVE-2006-1655 (Unspecified vulnerability in mpg123 0.59r allows user-complicit ...) TODO: check CVE-2006-1654 (Directory traversal vulnerability in the HP Color LaserJet 2500 ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r3772 - data/CVE
Author: jmm-guest Date: 2006-04-07 10:51:25 + (Fri, 07 Apr 2006) New Revision: 3772 Modified: data/CVE/list Log: new mantis issues new thunderbird issues Well, all not very new, but noone cared to check them in time older xscreensaver issues already fixed in sarge NFUs Modified: data/CVE/list === --- data/CVE/list 2006-04-07 09:21:17 UTC (rev 3771) +++ data/CVE/list 2006-04-07 10:51:25 UTC (rev 3772) @@ -1500,11 +1500,11 @@ CVE-2006-0992 RESERVED CVE-2006-0991 (Buffer overflow in the NetBackup Sharepoint Services server daemon ...) - TODO: check + NOT-FOR-US: Veritas NetBackup CVE-2006-0990 (Stack-based buffer overflow in the NetBackup Catalog daemon (bpdbm) in ...) - TODO: check + NOT-FOR-US: Veritas NetBackup CVE-2006-0989 (Stack-based buffer overflow in the volume manager daemon (vmd) in ...) - TODO: check + NOT-FOR-US: Veritas NetBackup CVE-2006-0988 (The default configuration of the DNS Server service on Windows Server ...) NOT-FOR-US: MS Windows issue CVE-2006-0987 (The default configuration of ISC BIND, when configured as a caching ...) @@ -1729,11 +1729,13 @@ CVE-2006-0885 (Cross-site scripting (XSS) vulnerability in show_news.php in CuteNews ...) NOT-FOR-US: CuteNews CVE-2006-0884 (The WYSIWYG rendering engine in Mozilla Thunderbird 1.0.7 and earlier ...) - TODO: check + - mozilla-thunderbird unfixed CVE-2003-1295 (Unspecified vulnerability in xscreensaver 4.12, and possibly other ...) - TODO: check + - xscreensaver 4.21-1 + NOTE: Might be fixed earlier, but I've verified that the SuSE patch is included + NOTE: in the Sarge version --jmm CVE-2003-1294 (Xscreensaver before 4.15 creates temporary files insecurely in (1) ...) - TODO: check + - xscreensaver 4.15-1 CVE-2006-0883 (OpenSSH on FreeBSD 5.3 and 5.4, when used with OpenPAM, does not ...) - openssh 3.8.1p1-4 [woody] - openssh not-affected @@ -1823,17 +1825,17 @@ CVE-2006-0842 (Cross-site scripting (XSS) vulnerability in Calacode @Mail 4.3 allows ...) TODO: check CVE-2006-0841 (Multiple cross-site scripting (XSS) vulnerabilities in Mantis 1.00rc4 ...) - TODO: check + - mantis unfixed CVE-2006-0840 (manage_user_page.php in Mantis 1.00rc4 and earlier does not properly ...) - TODO: check + - mantis unfixed CVE-2006-0839 (The frag3 preprocessor in Sourcefire Snort 2.4.3 does not properly ...) TODO: check CVE-2006-0838 (IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 stores cleartext ...) - TODO: check + NOT-FOR-US: Tivoli CVE-2006-0837 (IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 has world-readable ...) - TODO: check + NOT-FOR-US: Tivoli CVE-2006-0836 (Mozilla Thunderbird 1.5 allows user-complicit attackers to cause an ...) - TODO: check + - mozilla-thunderbird unfixed CVE-2006-0835 (SQL injection vulnerability in dropbase.php in MitriDAT Web Calendar ...) TODO: check CVE-2006-0834 (Uniden UIP1868P VoIP Telephone and Router has a default password of ...) @@ -1845,7 +1847,7 @@ CVE-2006-0831 (PHP remote file include vulnerability in index.php in Tasarim Rehberi ...) TODO: check CVE-2006-0830 (The scripting engine in Internet Explorer allows remote attackers to ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2006-0829 (Cross-site scripting vulnerability in E-Blah Platinum 9.7 allows ...) TODO: check CVE-2006-0828 (Unspecified vulnerability in ESS/ Network Controller and MicroServer ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
