[Secure-testing-commits] r3792 - data/CVE

Thu, 13 Apr 2006 00:37:00 -0700 

Author: jmm-guest
Date: 2006-04-13 07:35:31 +0000 (Thu, 13 Apr 2006)
New Revision: 3792

Modified:
   data/CVE/list
Log:
new mailman issue
remove openvpn tmp entry
note issue a non-issue
clamav-getfiles issue doesn't affect sarge


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2006-04-13 06:29:38 UTC (rev 3791)
+++ data/CVE/list       2006-04-13 07:35:31 UTC (rev 3792)
@@ -1,3 +1,8 @@
+CVE-2006-1712 [Mailman XSS]
+       - mailman <unfixed>
+       [sarge] - mailman <not-affected> (Only affects Mailman 2.17)
+CVE-2006-1711 [plone data manipulation]
+       - zope-cmfplone 2.1.2-2
 CVE-2006-1709 (Cross-site scripting (XSS) vulnerability in shop_main.cgi in 
...)
        TODO: check
 CVE-2006-1708 (SQL injection vulnerability in member.php in Clansys 1.1 allows 
remote ...)
@@ -266,8 +271,6 @@
        TODO: check
 CVE-2002-2210 (The installation of OpenOffice 1.0.1 allows local users to 
overwrite ...)
        TODO: check
-CVE-2006-XXXX [openvpn missing setenv sanitising]
-       - openvpn 2.0.6-1 (bug #360559; medium)
 CVE-2006-1614 (Integer overflow in the cli_scanpe function in the PE header 
parser ...)
        {DSA-1024-1}
        - clamav 0.88.1-1
@@ -7075,7 +7078,9 @@
        {DSA-891-1}
        - gpsdrive 2.09-2sarge1 (bug #337495; medium)
 CVE-2005-XXXX [Insecure temp files in note]
-       - note 1.3.1-3 (bug #337492; low)
+       - note 1.3.1-3 (bug #337492; unimportant)
+       NOTE: Second issue not shipped in binary, only example, first issue not 
sufficiently
+       NOTE: predictable for a real world attack
 CVE-2005-3500 (The tnef_attachment function in tnef.c for Clam AntiVirus 
(ClamAV) ...)
        {DSA-887-1 DTSA-21-1}
        - clamav 0.87.1-1 (medium)
@@ -10357,7 +10362,7 @@
        - fftw3 3.0.1-12 (low; bug #321566)
 CVE-2005-XXXX [clamav-getfile: Insecure use of temporary files]
        - clamav-getfiles 0.5-1 (bug #321446; medium)
-       NOTE: Sarge is affected
+       [sarge] - clamav-getfiles <not-affected> (Sarge version uses mktemp)
 CVE-2005-3254 (The CGIwrap program before 3.9 on Debian GNU/Linux uses an 
incorrect ...)
        {DTSA-6-1}
        - cgiwrap 3.9-3.1 (bug #316881; low)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

Reply via email to