[Secure-testing-commits] r5191 - data/CVE

Wed, 27 Dec 2006 15:31:08 -0800 

Author: jmm-guest
Date: 2006-12-28 00:31:02 +0100 (Thu, 28 Dec 2006)
New Revision: 5191

Modified:
   data/CVE/list
Log:
no-dsa and unimportant issues for sarge


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2006-12-27 23:25:37 UTC (rev 5190)
+++ data/CVE/list       2006-12-27 23:31:02 UTC (rev 5191)
@@ -95,8 +95,9 @@
 CVE-2006-6720 (PHP remote file inclusion vulnerability in 
admin/index_sitios.php in ...)
        NOT-FOR-US: Azucar CMS
 CVE-2006-6719 (The ftp_syst function in ftp-basic.c in Free Software 
Foundation (FSF) ...)
-       - wget <unfixed>
-       TODO: insufficient info, file bug when more info is available
+       - wget <unfixed> (unimportant)
+       NOTE: An FTP server crashing a download utility is a bug, but not a DoS 
security issue
+       TODO: insufficient info, check, whether code injection is possible
 CVE-2006-6718 (The Allied Telesis AT-9000/24 Ethernet switch has a default 
password ...)
        NOT-FOR-US: Allied Telesis
 CVE-2006-6717 (The Allied Telesis AT-9000/24 Ethernet switch accepts 
management ...)
@@ -139,6 +140,7 @@
        NOT-FOR-US: Oracle Portal
 CVE-2006-6698 (The GConf daemon (gconfd) in GConf 2.14.0 creates temporary 
files ...)
        - gconf2 <unfixed> (low; bug #404743)
+       [sarge] - gconf2 <no-dsa> (Minor nuisance, not much of a security 
problem)
 CVE-2005-4816 (Buffer overflow in mod_radius in ProFTPD before 1.3.0rc2 allows 
remote ...)
        TODO: check
 CVE-2003-1314 (PHP remote file inclusion vulnerability in admin/auth.php in 
...)
@@ -945,6 +947,7 @@
        NOT-FOR-US: Simple machines Forum
 CVE-2006-6374 (Multiple CRLF injection vulnerabilities in PhpMyAdmin 2.7.0-pl2 
allow ...)
        - phpmyadmin <unfixed> (low; bug filed)
+       [sarge] - phpmyadmin <no-dsa> (CRLF not backportable to Sarge)
 CVE-2006-6373 (PhpMyAdmin 2.7.0-pl2 allows remote attackers to obtain 
sensitive ...)
        - phpmyadmin <unfixed> (unimportant)
        NOTE: path is known in Debian anyway


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

Reply via email to