[Secure-testing-commits] r3767 - in data: CVE DSA
Author: jmm-guest Date: 2006-04-07 07:48:08 + (Fri, 07 Apr 2006) New Revision: 3767 Modified: data/CVE/list data/DSA/list Log: added missing CVE IDs to latest koffice DSA openvpn fixed horde fixed older freeradius issues already fixed checked some older sarge issues bugnums Modified: data/CVE/list === --- data/CVE/list 2006-04-06 23:15:45 UTC (rev 3766) +++ data/CVE/list 2006-04-07 07:48:08 UTC (rev 3767) @@ -86,7 +86,7 @@ CVE-2002-2210 (The installation of OpenOffice 1.0.1 allows local users to overwrite ...) TODO: check CVE-2006- [openvpn missing setenv sanitising] - - openvpn unfixed (bug #360559; medium) + - openvpn 2.0.6-1 (bug #360559; medium) CVE-2006-1614 [clamav 0.88.1 integer overflow] RESERVED {DSA-1024-1} @@ -117,7 +117,7 @@ CVE-2006-1578 (Multiple SQL injection vulnerabilities in Keystone Digital Library ...) NOT-FOR-US: Keystone Digital Library Suite CVE-2006-1577 (Multiple cross-site scripting (XSS) vulnerabilities in ...) - - mantis unfixed + - mantis unfixed (bug #361138) CVE-2006-1576 (Direct static code injection vulnerability in QLnews 1.2 allows remote ...) NOT-FOR-US: QLnews CVE-2006-1575 (Multiple cross-site scripting (XSS) vulnerabilities in news.php in ...) @@ -300,7 +300,7 @@ CVE-2006-1506 (Unspecified vulnerability in rsh in Sun Microsystems Sun Grid Engine ...) NOT-FOR-US: Sun Microsystems Sun Grid Engine 5.3 CVE-2006-1505 (base_maintenance.php in Basic Analysis and Security Engine (BASE) ...) - - acidbase unfixed + - acidbase unfixed (bug #361139) CVE-2006-1504 (Multiple cross-site scripting (XSS) vulnerabilities in Arab Portal 2.0 ...) NOT-FOR-US: Arab Portal CVE-2006-1503 (PHP remote file inclusion vulnerability in ...) @@ -352,7 +352,7 @@ - mediawiki 1.4.15-1 - mediawiki1.5 1.5.8-1 CVE-2006-1491 (Eval injection vulnerability in Horde Application Framework versions ...) - - horde3 unfixed + - horde3 3.1.1-1 CVE-2006-1490 (PHP before 5.1.3-RC1 might allow remote attackers to obtain portions ...) - php5 unfixed (bug #359904; low) - php4 unfixed (bug #359907; low) @@ -547,11 +547,11 @@ CVE-2005-4747 (Cross-site scripting (XSS) vulnerability in WebHost Automation Ltd ...) TODO: check CVE-2005-4746 (Multiple buffer overflows in FreeRADIUS 1.0.3 and 1.0.4 allow remote ...) - TODO: check + - freeradius 1.0.5-1 CVE-2005-4745 (SQL injection vulnerability in the rlm_sqlcounter module in FreeRADIUS ...) - TODO: check + - freeradius 1.0.5-1 CVE-2005-4744 (Off-by-one error in the sql_error function in sql_unixodbc.c in ...) - TODO: check + - freeradius 1.0.5-1 CVE-1999-1587 (/usr/ucb/ps in Sun Microsystems Solaris 8 and 9, and certain earlier ...) TODO: check CVE-2006-1396 (Multiple cross-site scripting (XSS) vulnerabilities in Cholod MySQL ...) @@ -6474,6 +6474,8 @@ NOTE: First patch had regressions CVE-2005-3538 (hfaxd in HylaFAX 4.2.3, when PAM support is disabled, accepts ...) - hylafax 2:4.2.4-1 + [sarge] - hylagax not-affected (Affected only 4.2.3) + [woody] - hylagax not-affected (Affected only 4.2.3) CVE-2005-3537 (A quot;missing request validationquot; error in phpBB 2 before 2.0.18 allows ...) {DSA-925-1} - phpbb2 2.0.18-1 (bug #336582; medium) @@ -8047,6 +8049,8 @@ - fuzz 0.6-7.1 (bug #183047) CVE-2005- [DoS triggering endless loops in findutils -follow option] - findutils 4.2.22-1 (bug #313081) + [woody] - findutils not-affected (Only code between 4.2.18 and 4.2.22 affected) + [sarge] - findutils not-affected (Only code between 4.2.18 and 4.2.22 affected) CVE-2005-3138 (Bugzilla 2.18rc1 through 2.18.3, 2.19 through 2.20rc2, and 2.21 allows ...) [woody] - bugzilla not-affected (Only Bugzilla = 2.18 is affected) [sarge] - bugzilla not-affected (Only Bugzilla = 2.18 is affected) @@ -8158,7 +8162,8 @@ CVE-2005-3071 (Unspecified vulnerability in Unix File System (UFS) on Solaris 8 and ...) NOT-FOR-US: Solaris CVE-2005-3070 (HylaFax 4.2.1 and earlier does not create or verify ownership of the ...) - - hylafax 1:4.2.2+rc1 (bug #329384; low) + - hylafax 1:4.2.2+rc1 (bug #329384; unimportant) + NOTE: This was judged non-exploitable CVE-2005-3069 (xferfaxstats in HylaFax 4.2.1 and earlier allows local users to ...) {DSA-865-1} - hylafax 1:4.2.2+rc1 (bug #329384; low) Modified: data/DSA/list === --- data/DSA/list 2006-04-06 23:15:45 UTC (rev 3766) +++ data/DSA/list 2006-04-07 07:48:08 UTC (rev 3767) @@ -27,7 +27,7 @@ {CVE-2006-0459} [sarge] - flex 2.5.31-31sarge1 [24 Mar 2006] DSA-1019-1 koffice - several - {CVE-2006-1244} +
[Secure-testing-commits] r3768 - data/CVE
Author: jmm-guest Date: 2006-04-07 07:49:00 + (Fri, 07 Apr 2006) New Revision: 3768 Modified: data/CVE/list Log: fix typo Modified: data/CVE/list === --- data/CVE/list 2006-04-07 07:48:08 UTC (rev 3767) +++ data/CVE/list 2006-04-07 07:49:00 UTC (rev 3768) @@ -6474,8 +6474,8 @@ NOTE: First patch had regressions CVE-2005-3538 (hfaxd in HylaFAX 4.2.3, when PAM support is disabled, accepts ...) - hylafax 2:4.2.4-1 - [sarge] - hylagax not-affected (Affected only 4.2.3) - [woody] - hylagax not-affected (Affected only 4.2.3) + [sarge] - hylafax not-affected (Affected only 4.2.3) + [woody] - hylafax not-affected (Affected only 4.2.3) CVE-2005-3537 (A quot;missing request validationquot; error in phpBB 2 before 2.0.18 allows ...) {DSA-925-1} - phpbb2 2.0.18-1 (bug #336582; medium) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] Processing r3768 failed
The error message was: reference to unknwown bug CVE-2006-3192 make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] Processing r3768 failed
The error message was: reference to unknwown bug CVE-2006-3192 make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r3769 - data/DSA
Author: jmm-guest Date: 2006-04-07 08:00:31 + (Fri, 07 Apr 2006) New Revision: 3769 Modified: data/DSA/list Log: fix CVE ref Modified: data/DSA/list === --- data/DSA/list 2006-04-07 07:49:00 UTC (rev 3768) +++ data/DSA/list 2006-04-07 08:00:31 UTC (rev 3769) @@ -27,7 +27,7 @@ {CVE-2006-0459} [sarge] - flex 2.5.31-31sarge1 [24 Mar 2006] DSA-1019-1 koffice - several - {CVE-2006-1244 CVE-2006-3192 CVE-2006-0301} + {CVE-2006-1244 CVE-2005-3192 CVE-2006-0301} [sarge] - koffice 1.3.5-4.sarge.3 [24 Mar 2006] DSA-1018-1 kernel-source-2.4.27 - several {CVE-2004-0887 CVE-2004-1058 CVE-2004-2607 CVE-2005-0449 CVE-2005-1761 CVE-2005-2457 CVE-2005-2555 CVE-2005-2709 CVE-2005-2973 CVE-2005-3257 CVE-2005-3783 CVE-2005-3806 CVE-2005-3848 CVE-2005-3857 CVE-2005-3858 CVE-2005-4618} ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r3770 - data/CVE
Author: joeyh Date: 2006-04-07 09:14:32 + (Fri, 07 Apr 2006) New Revision: 3770 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2006-04-07 08:00:31 UTC (rev 3769) +++ data/CVE/list 2006-04-07 09:14:32 UTC (rev 3770) @@ -1,3 +1,57 @@ +CVE-2006-1656 (vserver in util-vserver 0.30.209 executes a command as root when the ...) + TODO: check +CVE-2006-1655 (Unspecified vulnerability in mpg123 0.59r allows user-complicit ...) + TODO: check +CVE-2006-1654 (Directory traversal vulnerability in the HP Color LaserJet 2500 ...) + TODO: check +CVE-2006-1653 (PHP remote file inclusion vulnerability in loadkernel.php in ...) + TODO: check +CVE-2006-1652 (Multiple buffer overflows in (a) UltraVNC (aka [EMAIL PROTECTED]) 1.0.1 and ...) + TODO: check +CVE-2006-1651 (** DISPUTED ** ...) + TODO: check +CVE-2006-1650 (Firefox 1.5.0.1 allows remote attackers to spoof the address bar and ...) + TODO: check +CVE-2006-1649 (The quot;restore toquot; selection in the quot;quarantine a filequot; capability of ...) + TODO: check +CVE-2006-1648 (SMART SynchronEyes Student and Teacher 6.0, and possibly earlier ...) + TODO: check +CVE-2006-1647 (An unspecified quot;logical programming mistakequot; in SMART SynchronEyes ...) + TODO: check +CVE-2006-1646 (The Internet Key Exchange version 1 (IKEv1) implementation ...) + TODO: check +CVE-2006-1645 (Cross-site scripting (XSS) vulnerability in Anton Vlasov and Rostislav ...) + TODO: check +CVE-2006-1644 (login.php in Interact 2.1.1 generates different responses depending on ...) + TODO: check +CVE-2006-1643 (SQL injection vulnerability in login.php in Interact 2.1.1 allows ...) + TODO: check +CVE-2006-1642 (Cross-site scripting (XSS) vulnerability in Interact 2.1.1 allows ...) + TODO: check +CVE-2006-1641 (Multiple SQL injection vulnerabilities in CzarNews 1.14 allow remote ...) + TODO: check +CVE-2006-1640 (Cross-site scripting (XSS) vulnerability in news.php in CzarNews 1.14 ...) + TODO: check +CVE-2006-1639 (SQL injection vulnerability in index.php in wpBlog 0.4 allows remote ...) + TODO: check +CVE-2006-1638 (Multiple SQL injection vulnerabilities in aWebBB 1.2 allow remote ...) + TODO: check +CVE-2006-1637 (Multiple cross-site scripting (XSS) vulnerabilities in aWebBB 1.2 ...) + TODO: check +CVE-2006-1636 (PHP remote file inclusion vulnerability in get_header.php in VWar ...) + TODO: check +CVE-2006-1635 (LucidCMS 2.0.0 RC4 allows remote attackers to obtain sensitive ...) + TODO: check +CVE-2006-1634 (Cross-site scripting (XSS) vulnerability in index.php in LucidCMS ...) + TODO: check +CVE-2006-1633 + RESERVED +CVE-2006-1632 + RESERVED +CVE-2006-1631 (Unspecified vulnerability in the HTTP compression functionality in ...) + TODO: check +CVE-2006-1629 + RESERVED CVE-2006-1628 RESERVED CVE-2006-1627 @@ -2,3 +56,3 @@ RESERVED -CVE-2006-1626 (Internet Explorer 6 for Windows XP SP2, and earlier allows remote ...) +CVE-2006-1626 (Internet Explorer 6 for Windows XP SP2 and earlier allows remote ...) TODO: check @@ -92,6 +146,7 @@ {DSA-1024-1} - clamav 0.88.1-1 CVE-2006-1630 [clamav 0.88.1 fix possible crash in cli_bitset_test()] + RESERVED {DSA-1024-1} - clamav 0.88.1-1 CVE-2006-1615 [clamav 0.88.1 format string flaws] @@ -1309,8 +1364,7 @@ RESERVED CVE-2006-1056 RESERVED -CVE-2006-1055 [local DoS in kernel's sysfs code] - RESERVED +CVE-2006-1055 (The fill_write_buffer function in sysfs/file.c in Linux kernel 2.6.12 ...) - linux-2.6 unfixed CVE-2006-1054 RESERVED @@ -3078,7 +3132,7 @@ CVE-2006-0302 (ZyXel P2000W VoIP 802.11b Wireless Phone running firmware WV.00.02 ...) NOT-FOR-US: ZyXel hardware CVE-2006-0301 (Heap-based buffer overflow in Splash.cc in xpdf, as used in other ...) - {DSA-998-1 DSA-984-1 DSA-983-1 DSA-982-1 DSA-979-1 DSA-974-1 DSA-972-1 DSA-971-1} + {DSA-1019-1 DSA-998-1 DSA-984-1 DSA-983-1 DSA-982-1 DSA-979-1 DSA-974-1 DSA-972-1 DSA-971-1} - poppler 0.4.5-1 (medium) - tetex-bin 3.0-12 (medium) - kdegraphics 4:3.5.1-2 (medium) @@ -7741,7 +7795,7 @@ - cupsys 1.1.23-13 (unimportant) - pdfkit.framework 0.8-4 CVE-2005-3192 (Heap-based buffer overflow in the StreamPredictor function in Xpdf ...) - {DSA-983-1 DSA-962-1 DSA-961-1 DSA-950-1 DSA-940-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1} + {DSA-1019-1 DSA-983-1 DSA-962-1 DSA-961-1 DSA-950-1 DSA-940-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1} - xpdf 3.01-3 (bug #342281; bug #342337; medium) - gpdf 2.10.0-1 (bug #342286; medium) - pdftohtml 0.36-12 (bug #342289; medium) ___
[Secure-testing-commits] r3771 - data/CVE
Author: jmm-guest Date: 2006-04-07 09:21:17 + (Fri, 07 Apr 2006) New Revision: 3771 Modified: data/CVE/list Log: unimportant vserver issue Modified: data/CVE/list === --- data/CVE/list 2006-04-07 09:14:32 UTC (rev 3770) +++ data/CVE/list 2006-04-07 09:21:17 UTC (rev 3771) @@ -1,5 +1,5 @@ CVE-2006-1656 (vserver in util-vserver 0.30.209 executes a command as root when the ...) - TODO: check + - util-vserver 0.30.210-1 (bug #360438; unimportant) CVE-2006-1655 (Unspecified vulnerability in mpg123 0.59r allows user-complicit ...) TODO: check CVE-2006-1654 (Directory traversal vulnerability in the HP Color LaserJet 2500 ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r3772 - data/CVE
Author: jmm-guest Date: 2006-04-07 10:51:25 + (Fri, 07 Apr 2006) New Revision: 3772 Modified: data/CVE/list Log: new mantis issues new thunderbird issues Well, all not very new, but noone cared to check them in time older xscreensaver issues already fixed in sarge NFUs Modified: data/CVE/list === --- data/CVE/list 2006-04-07 09:21:17 UTC (rev 3771) +++ data/CVE/list 2006-04-07 10:51:25 UTC (rev 3772) @@ -1500,11 +1500,11 @@ CVE-2006-0992 RESERVED CVE-2006-0991 (Buffer overflow in the NetBackup Sharepoint Services server daemon ...) - TODO: check + NOT-FOR-US: Veritas NetBackup CVE-2006-0990 (Stack-based buffer overflow in the NetBackup Catalog daemon (bpdbm) in ...) - TODO: check + NOT-FOR-US: Veritas NetBackup CVE-2006-0989 (Stack-based buffer overflow in the volume manager daemon (vmd) in ...) - TODO: check + NOT-FOR-US: Veritas NetBackup CVE-2006-0988 (The default configuration of the DNS Server service on Windows Server ...) NOT-FOR-US: MS Windows issue CVE-2006-0987 (The default configuration of ISC BIND, when configured as a caching ...) @@ -1729,11 +1729,13 @@ CVE-2006-0885 (Cross-site scripting (XSS) vulnerability in show_news.php in CuteNews ...) NOT-FOR-US: CuteNews CVE-2006-0884 (The WYSIWYG rendering engine in Mozilla Thunderbird 1.0.7 and earlier ...) - TODO: check + - mozilla-thunderbird unfixed CVE-2003-1295 (Unspecified vulnerability in xscreensaver 4.12, and possibly other ...) - TODO: check + - xscreensaver 4.21-1 + NOTE: Might be fixed earlier, but I've verified that the SuSE patch is included + NOTE: in the Sarge version --jmm CVE-2003-1294 (Xscreensaver before 4.15 creates temporary files insecurely in (1) ...) - TODO: check + - xscreensaver 4.15-1 CVE-2006-0883 (OpenSSH on FreeBSD 5.3 and 5.4, when used with OpenPAM, does not ...) - openssh 3.8.1p1-4 [woody] - openssh not-affected @@ -1823,17 +1825,17 @@ CVE-2006-0842 (Cross-site scripting (XSS) vulnerability in Calacode @Mail 4.3 allows ...) TODO: check CVE-2006-0841 (Multiple cross-site scripting (XSS) vulnerabilities in Mantis 1.00rc4 ...) - TODO: check + - mantis unfixed CVE-2006-0840 (manage_user_page.php in Mantis 1.00rc4 and earlier does not properly ...) - TODO: check + - mantis unfixed CVE-2006-0839 (The frag3 preprocessor in Sourcefire Snort 2.4.3 does not properly ...) TODO: check CVE-2006-0838 (IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 stores cleartext ...) - TODO: check + NOT-FOR-US: Tivoli CVE-2006-0837 (IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 has world-readable ...) - TODO: check + NOT-FOR-US: Tivoli CVE-2006-0836 (Mozilla Thunderbird 1.5 allows user-complicit attackers to cause an ...) - TODO: check + - mozilla-thunderbird unfixed CVE-2006-0835 (SQL injection vulnerability in dropbase.php in MitriDAT Web Calendar ...) TODO: check CVE-2006-0834 (Uniden UIP1868P VoIP Telephone and Router has a default password of ...) @@ -1845,7 +1847,7 @@ CVE-2006-0831 (PHP remote file include vulnerability in index.php in Tasarim Rehberi ...) TODO: check CVE-2006-0830 (The scripting engine in Internet Explorer allows remote attackers to ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2006-0829 (Cross-site scripting vulnerability in E-Blah Platinum 9.7 allows ...) TODO: check CVE-2006-0828 (Unspecified vulnerability in ESS/ Network Controller and MicroServer ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits