[Secure-testing-commits] r3791 - data/DSA
Author: stef-guest
Date: 2006-04-13 06:29:38 + (Thu, 13 Apr 2006)
New Revision: 3791
Modified:
data/DSA/list
Log:
DSAs
Modified: data/DSA/list
===
--- data/DSA/list 2006-04-12 21:14:27 UTC (rev 3790)
+++ data/DSA/list 2006-04-13 06:29:38 UTC (rev 3791)
@@ -1,3 +1,9 @@
+[12 Apr 2006] DSA-1033-1 horde3 - several vulnerabilities
+{CVE-2005-4190 CVE-2006-1260 CVE-2006-1491}
+[sarge] - horde3 3.0.4-4sarge3
+[12 Apr 2006] DSA-1032-1 zope-cmfplone - programming error
+{CVE-2006-1711}
+[sarge] - zope-cmfplone 2.0.4-3sarge1
[08 Apr 2006] DSA-1031-1 cacti - several
{CVE-2006-0146 CVE-2006-0147 CVE-2006-0410 CVE-2006-0806}
[sarge] - cacti 0.8.6c-7sarge3
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] Processing r3791 failed
The error message was: reference to unknwown bug CVE-2006-1711 make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r3792 - data/CVE
Author: jmm-guest
Date: 2006-04-13 07:35:31 + (Thu, 13 Apr 2006)
New Revision: 3792
Modified:
data/CVE/list
Log:
new mailman issue
remove openvpn tmp entry
note issue a non-issue
clamav-getfiles issue doesn't affect sarge
Modified: data/CVE/list
===
--- data/CVE/list 2006-04-13 06:29:38 UTC (rev 3791)
+++ data/CVE/list 2006-04-13 07:35:31 UTC (rev 3792)
@@ -1,3 +1,8 @@
+CVE-2006-1712 [Mailman XSS]
+ - mailman unfixed
+ [sarge] - mailman not-affected (Only affects Mailman 2.17)
+CVE-2006-1711 [plone data manipulation]
+ - zope-cmfplone 2.1.2-2
CVE-2006-1709 (Cross-site scripting (XSS) vulnerability in shop_main.cgi in
...)
TODO: check
CVE-2006-1708 (SQL injection vulnerability in member.php in Clansys 1.1 allows
remote ...)
@@ -266,8 +271,6 @@
TODO: check
CVE-2002-2210 (The installation of OpenOffice 1.0.1 allows local users to
overwrite ...)
TODO: check
-CVE-2006- [openvpn missing setenv sanitising]
- - openvpn 2.0.6-1 (bug #360559; medium)
CVE-2006-1614 (Integer overflow in the cli_scanpe function in the PE header
parser ...)
{DSA-1024-1}
- clamav 0.88.1-1
@@ -7075,7 +7078,9 @@
{DSA-891-1}
- gpsdrive 2.09-2sarge1 (bug #337495; medium)
CVE-2005- [Insecure temp files in note]
- - note 1.3.1-3 (bug #337492; low)
+ - note 1.3.1-3 (bug #337492; unimportant)
+ NOTE: Second issue not shipped in binary, only example, first issue not
sufficiently
+ NOTE: predictable for a real world attack
CVE-2005-3500 (The tnef_attachment function in tnef.c for Clam AntiVirus
(ClamAV) ...)
{DSA-887-1 DTSA-21-1}
- clamav 0.87.1-1 (medium)
@@ -10357,7 +10362,7 @@
- fftw3 3.0.1-12 (low; bug #321566)
CVE-2005- [clamav-getfile: Insecure use of temporary files]
- clamav-getfiles 0.5-1 (bug #321446; medium)
- NOTE: Sarge is affected
+ [sarge] - clamav-getfiles not-affected (Sarge version uses mktemp)
CVE-2005-3254 (The CGIwrap program before 3.9 on Debian GNU/Linux uses an
incorrect ...)
{DTSA-6-1}
- cgiwrap 3.9-3.1 (bug #316881; low)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r3793 - data/CVE
Author: jmm-guest Date: 2006-04-13 08:04:28 + (Thu, 13 Apr 2006) New Revision: 3793 Modified: data/CVE/list Log: new sail issue (fixed) fbgs CVEfied Modified: data/CVE/list === --- data/CVE/list 2006-04-13 07:35:31 UTC (rev 3792) +++ data/CVE/list 2006-04-13 08:04:28 UTC (rev 3793) @@ -1,3 +1,5 @@ +CVE-2006-1744 [buffer overflow in sail] + - bsdgames 2.17-7 (bug #360989) CVE-2006-1712 [Mailman XSS] - mailman unfixed [sarge] - mailman not-affected (Only affects Mailman 2.17) @@ -32,7 +34,7 @@ CVE-2006-1696 (Cross-site scripting (XSS) vulnerability in Gallery before 1.5.3 ...) TODO: check CVE-2006-1695 (The fbgs script in the fbi package 2.01-1.4, when the TMPDIR ...) - TODO: check + - fbi unfixed (bug #361370) CVE-2006-1694 (SQL injection vulnerability in members.php in XBrite Members 1.1 and ...) TODO: check CVE-2006-1693 (Unspecified vulnerability in GlobalSCAPE Secure FTP Server before ...) @@ -71,8 +73,6 @@ TODO: check CVE-2006-1676 (SQL injection vulnerability in the display function in the Topics ...) TODO: check -CVE-2006- [Insecure temp files in fbgs] - - fbi unfixed (bug #361370) CVE-2006- [Cyrus SASL DIGEST-MD5 Pre-Authentication Denial of Service] - cyrus-sasl2 unfixed (bug #361937) CVE-2006-1675 (Multiple cross-site scripting (XSS) vulnerabilities in PHPWebGallery ...) @@ -537,7 +537,7 @@ - mediawiki 1.4.15-1 - mediawiki1.5 1.5.8-1 CVE-2006-1491 (Eval injection vulnerability in Horde Application Framework versions ...) - - horde3 3.1.1-1 + - horde3 3.1.1-1 (bug #361967) CVE-2006-1490 (PHP before 5.1.3-RC1 might allow remote attackers to obtain portions ...) - php5 unfixed (bug #359904; low) - php4 unfixed (bug #359907; low) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r3794 - data/CVE
Author: joeyh
Date: 2006-04-13 09:14:23 + (Thu, 13 Apr 2006)
New Revision: 3794
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===
--- data/CVE/list 2006-04-13 08:04:28 UTC (rev 3793)
+++ data/CVE/list 2006-04-13 09:14:23 UTC (rev 3794)
@@ -4,6 +4,7 @@
- mailman unfixed
[sarge] - mailman not-affected (Only affects Mailman 2.17)
CVE-2006-1711 [plone data manipulation]
+ {DSA-1032-1}
- zope-cmfplone 2.1.2-2
CVE-2006-1709 (Cross-site scripting (XSS) vulnerability in shop_main.cgi in
...)
TODO: check
@@ -537,6 +538,7 @@
- mediawiki 1.4.15-1
- mediawiki1.5 1.5.8-1
CVE-2006-1491 (Eval injection vulnerability in Horde Application Framework
versions ...)
+ {DSA-1033-1}
- horde3 3.1.1-1 (bug #361967)
CVE-2006-1490 (PHP before 5.1.3-RC1 might allow remote attackers to obtain
portions ...)
- php5 unfixed (bug #359904; low)
@@ -1019,6 +1021,7 @@
CVE-2006-1261 (Multiple cross-site scripting (XSS) vulnerabilities in
ASPPortal 3.00 ...)
NOT-FOR-US: ASPPortal
CVE-2006-1260 (Horde Application Framework 3.0.9 allows remote attackers to
read ...)
+ {DSA-1033-1}
- horde3 3.1-1 (bug #358812)
CVE-2006-1259 (Multiple SQL injection vulnerabilities in Maian Support 1.0
allow ...)
NOT-FOR-US: Maian Support
@@ -4937,6 +4940,7 @@
CVE-2005-4191 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- nag2 2.0.4-1 (bug #342945; medium)
CVE-2005-4190 (Multiple cross-site scripting (XSS) vulnerabilities in Horde
...)
+ {DSA-1033-1}
- horde3 3.0.9-1 (bug #342942; bug #354512; medium)
CVE-2005-4189 (Multiple cross-site scripting (XSS) vulnerabilities in Horde
Kronolith ...)
{DSA-970-1}
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r3795 - data/CVE
Author: neilm Date: 2006-04-13 11:25:55 + (Thu, 13 Apr 2006) New Revision: 3795 Modified: data/CVE/list Log: Some NFUs twiki potential viln. Modified: data/CVE/list === --- data/CVE/list 2006-04-13 09:14:23 UTC (rev 3794) +++ data/CVE/list 2006-04-13 11:25:55 UTC (rev 3795) @@ -644,7 +644,7 @@ CVE-2006-1439 RESERVED CVE-2006-1438 (Multiple cross-site scripting (XSS) vulnerabilities in Andy's PHP ...) - TODO: check + NOT-FOR-US: aphpkb CVE-2006-1437 RESERVED CVE-2006-1436 @@ -740,49 +740,50 @@ CVE-2005-4744 (Off-by-one error in the sql_error function in sql_unixodbc.c in ...) - freeradius 1.0.5-1 CVE-1999-1587 (/usr/ucb/ps in Sun Microsystems Solaris 8 and 9, and certain earlier ...) - TODO: check + NOT-FOR-US: Solaris CVE-2006-1396 (Multiple cross-site scripting (XSS) vulnerabilities in Cholod MySQL ...) - TODO: check + NOT-FOR-US: Cholod CVE-2006-1395 (SQL injection vulnerability in mb.cgi in Cholod MySQL Based Message ...) - TODO: check + NOT-FOR-US: Cholod CVE-2006-1394 (Multiple cross-site scripting (XSS) vulnerabilities in the Microsoft ...) - TODO: check + NOT-FOR-US: Pubcookie CVE-2006-1393 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) - TODO: check + NOT-FOR-US: Pubcookie CVE-2006-1392 (Multiple cross-site scripting (XSS) vulnerabilities in index.cgi in ...) - TODO: check + NOT-FOR-US: Pubcookie CVE-2006-1391 (The (a) Quick 'n Easy Web Server before 3.1.1 and (b) Baby ASP Web ...) - TODO: check + NOT-FOR-US: Quick 'n Easy/Baby Web Server CVE-2006-1390 (The configuration of NetHack 3.4.3-r1 and earlier, Falcon's Eye 1.9.4a ...) NOT-FOR-US: Shortcoming of Gentoo-specific games packaging CVE-2006-1389 (Unspecified vulnerability in swagentd in HP-UX B.11.00, B.11.04, and ...) - TODO: check + NOT-FOR-US: HP-UX CVE-2006-1388 (Unspecified vulnerability in Microsoft Internet Explorer 6.0 allows ...) - TODO: check + NOT-FOR-US: Internet Explorer CVE-2006-1387 (TWiki 4.0, 4.0.1, and 20010901 through 20040904 allows remote ...) - TODO: check + - twiki unfixed + TODO: see if fw's patch secures this in Debian CVE-2006-1386 (The (1) rdiff and (2) preview scripts in TWiki 4.0 and 4.0.1 ignore ...) - TODO: check + - twiki not-affected (only affects 4.0.0 - 4.1.0, version in Debian too young) CVE-2006-1385 (Stack-based buffer overflow in the parseTaggedData function in ...) - TODO: check + NOT-FOR-US: Cisco CVE-2006-1384 (Cross-site scripting (XSS) vulnerability in apwc_win_main.jsp in the ...) - TODO: check + NOT-FOR-US: IBM Tivoli Business Systems Manager CVE-2006-1383 (Directory traversal vulnerability in Baby FTP Server 1.24 allows ...) - TODO: check + NOT-FOR-US: Baby FTP Server CVE-2006-1382 (PHP remote file inclusion vulnerability in impex/ImpExData.php in ...) - TODO: check + NOT-FOR-US: vBulletin CVE-2006-1381 (Trend Micro OfficeScan 5.5, and probably other versions before 6.5, ...) - TODO: check + NOT-FOR-US: Trend Micro CVE-2006-1380 (ISNTSmtp directory in Trend Micro InterScan Messaging Security Suite ...) - TODO: check + NOT-FOR-US: Trend Micro CVE-2006-1379 (Trend Micro PC-cillin Internet Security 2006 14.00.1485 and ...) - TODO: check + NOT-FOR-US: Trend Micro CVE-2003-1300 (Unspecified vulnerability in Baby FTP Server versions before May 31, ...) - TODO: check + NOT-FOR-US: Baby FTP Server CVE-2003-1299 (Directory traversal vulnerability in Baby FTP Server versions before ...) - TODO: check + NOT-FOR-US: Baby FTP Server CVE-2002-2209 (Unspecified quot;security vulnerabilityquot; in Baby FTP Server versions ...) - TODO: check + NOT-FOR-US: Baby FTP Server CVE-2006-1378 (PasswordSafe 3.0, when running on Windows before XP, uses a weak ...) NOT-FOR-US: PasswordSafe CVE-2006-1377 (Cross-site scripting (XSS) vulnerability in img.php in (1) EasyMoblog ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r3796 - data/CVE
Author: stef-guest
Date: 2006-04-13 17:00:19 + (Thu, 13 Apr 2006)
New Revision: 3796
Modified:
data/CVE/list
Log:
firebird issue
libtasn1 fix reverted
Modified: data/CVE/list
===
--- data/CVE/list 2006-04-13 11:25:55 UTC (rev 3795)
+++ data/CVE/list 2006-04-13 17:00:19 UTC (rev 3796)
@@ -1,3 +1,5 @@
+CVE-2006- [firebird local DoS]
+ - firebird2 1.5.3.4870-4
CVE-2006-1744 [buffer overflow in sail]
- bsdgames 2.17-7 (bug #360989)
CVE-2006-1712 [Mailman XSS]
@@ -2401,7 +2403,8 @@
- binutils not-affected (SuSE specific vulnerability)
CVE-2006-0645 (Tiny ASN.1 Library (libtasn1) before 0.2.18, as used by (1)
GnuTLS ...)
{DSA-986-1 DSA-985-1}
- - libtasn1-2 0.3.1-1 (bug #352182)
+ - libtasn1-2 unfixed (bug #352182)
+ NOTE: upload of 0.3.1-1 was reverted in 1:0.2.17-2 because of soname
change
- gnutls unfixed
CVE-2005-4715 (Multiple SQL injection vulnerabilities in modules.php in
PHP-Nuke 7.8, ...)
NOT-FOR-US: PHP-Nuke
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
