[Secure-testing-commits] r3170 - data/CVE
Moritz Muehlenhoff
jmm-guest at costa.debian.org
Wed Dec 28 00:32:44 UTC 2005
Author: jmm-guest
Date: 2005-12-28 00:32:39 +0000 (Wed, 28 Dec 2005)
New Revision: 3170
Modified:
data/CVE/list
Log:
record the fixes of upcoming pound dsa
webmin issue is sarge-specific
ntop issue is a non-issue
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2005-12-27 23:17:49 UTC (rev 3169)
+++ data/CVE/list 2005-12-28 00:32:39 UTC (rev 3170)
@@ -264,7 +264,7 @@
CVE-2005-4358 (admin/admin_disallow.php in phpBB 2.0.18 allows remote attackers to ...)
- phpbb2 <unfixed> (unimportant)
CVE-2005-4357 (Cross-site scripting (XSS) vulnerability in phpBB 2.0.18, when ...)
- - phpbb2 <unfixed> (bug filed)
+ - phpbb2 <unfixed> (bug #344674)
CVE-2005-4356 (SQL injection vulnerability in UStore allows remote attackers to ...)
NOT-FOR-US: UStore
CVE-2005-4355 (Multiple cross-site scripting (XSS) vulnerabilities in UStore allow ...)
@@ -1324,7 +1324,8 @@
CVE-2005-3913 (Unspecified vulnerability in the domain alias management in Virtual ...)
NOT-FOR-US: Virtual Hosting Control System
CVE-2005-3912 (Format string vulnerability in miniserv.pl Perl web server in Webmin ...)
- - webmin <unfixed> (bug #341394; medium)
+ [sarge] - webmin 1.180-3sarge0 (bug #341394; medium)
+ NOTE: Later versions not affected, as the use proper format string passing
CVE-2005-3911 (Multiple SQL injection vulnerabilities in calendar.php in BosDates 4.0 ...)
NOT-FOR-US: BosDates
CVE-2005-3910 (merchants/index.php in Post Affiliate Pro 2.0.4 and earlier, with ...)
@@ -3051,8 +3052,8 @@
CVE-2002-2124 (The recvn and sendn functions in nylon 0.2 do not check when the recv ...)
NOT-FOR-US: nylon
CVE-2005-XXXX [ntop format string vulnerability]
- - ntop <unfixed> (bug #335996; low)
- NOTE: Possibly not exploitable
+ - ntop <unfixed> (bug #335996; unimportant)
+ NOTE: Not exploitable
CVE-2005-XXXX [Firefox IFRAME DoS]
- mozilla-firefox <unfixed> (bug #336171; low)
- firefox 1.4.99+1.5rc3.dfsg-2 (bug #336171; low)
@@ -3344,6 +3345,7 @@
- pavuk 0.9.33-1 (bug #264684; high)
NOTE: second hole mentioned in bug report
CVE-2005-3751 (HTTP request smuggling vulnerability in Pound before 1.9.4 allows ...)
+ [sarge] - pound 1.8.2-1sarge1
- pound 1.9.4-1 (low)
NOTE: see http://www.apsis.ch/pound/pound_list/archive/2005/2005-10/1129827166000/index_html?fullMode=1#1129827166000
CVE-2005-3276 (The sys_get_thread_area function in process.c in Linux 2.6 before ...)
@@ -10760,6 +10762,7 @@
CVE-2005-1392 (The SQL install script in phpMyAdmin 2.6.2 is created with ...)
- phpmyadmin <not-affected> (Only part of examples that an admin would need to modify anyway)
CVE-2005-1391 (Buffer overflow in the add_port function in APSIS Pound 1.8.2 and ...)
+ [sarge] - pound 1.8.2-1sarge1
- pound 1.8.2-1.1 (bug #307852; bug #311548; medium)
CVE-2005-1390
REJECTED
More information about the Secure-testing-commits
mailing list