[Secure-testing-commits] r3171 - data/CVE
Moritz Muehlenhoff
jmm-guest at costa.debian.org
Wed Dec 28 00:47:20 UTC 2005
Author: jmm-guest
Date: 2005-12-28 00:47:15 +0000 (Wed, 28 Dec 2005)
New Revision: 3171
Modified:
data/CVE/list
Log:
two new issues in scponly and rssh
bugnums
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2005-12-28 00:32:39 UTC (rev 3170)
+++ data/CVE/list 2005-12-28 00:47:15 UTC (rev 3171)
@@ -1,3 +1,7 @@
+CVE-2005-XXXX [privilege escalation in scponly]
+ - scponly <unfixed> (bug #344418)
+CVE-2005-XXXX [privilege escalation in rssh]
+ - rssh <unfixed> (bug #344395; bug #344424)
CVE-2005-XXXX [Insecure tempfile in Bugzilla's syncshadowdb]
- bugzilla 2.18 (bug #329387; low)
NOTE: The vulnerable script has been removed in the 2.18 upstream release
@@ -264,7 +268,9 @@
CVE-2005-4358 (admin/admin_disallow.php in phpBB 2.0.18 allows remote attackers to ...)
- phpbb2 <unfixed> (unimportant)
CVE-2005-4357 (Cross-site scripting (XSS) vulnerability in phpBB 2.0.18, when ...)
- - phpbb2 <unfixed> (bug #344674)
+ - phpbb2 <unfixed> (bug #344674; low)
+ NOTE: According to the maintainer only affects a config option that is strongly
+ NOTE: discouraged due to potential security problems
CVE-2005-4356 (SQL injection vulnerability in UStore allows remote attackers to ...)
NOT-FOR-US: UStore
CVE-2005-4355 (Multiple cross-site scripting (XSS) vulnerabilities in UStore allow ...)
@@ -2213,7 +2219,7 @@
CVE-2005-3574 (PHP file inclusion vulnerability in index.php of iCMS allows remote ...)
NOT-FOR-US: iCMS
CVE-2005-3573 (Scrubber.py in Mailman 2.1.5-8 does not properly handle UTF8 character ...)
- - mailman 2.1.5-10 (bug #327732; medium)
+ - mailman 2.1.5-10 (bug #327732; bug #339095; medium)
CVE-2005-3572 (SQL injection vulnerability in index.php in Peel 2.6 through 2.7 ...)
NOT-FOR-US: Peel
CVE-2005-3571 (PHP file inclusion vulnerability in protection.php in CodeGrrl (a) ...)
@@ -17275,7 +17281,7 @@
TODO: Check 2.6
CVE-2004-0564 (Roaring Penguin pppoe (rp-ppoe), if installed or configured to run ...)
{DSA-557-1}
- - rp-pppoe 3.5-4
+ - rp-pppoe 3.5-4 (bug #343264)
CVE-2004-0563 (The tspc.conf configuration file in freenet6 before 0.9.6 and before ...)
{DSA-555-1}
- freenet6 1.0-2.2
More information about the Secure-testing-commits
mailing list