[Secure-testing-commits] r2801 - data/CVE
Moritz Muehlenhoff
jmm-guest at costa.debian.org
Sun Nov 20 21:43:20 UTC 2005
Author: jmm-guest
Date: 2005-11-20 21:43:16 +0000 (Sun, 20 Nov 2005)
New Revision: 2801
Modified:
data/CVE/list
Log:
new issues in phpgroupware, one of which is actually
quite old, TODOs should be processed quicker
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2005-11-20 21:22:41 UTC (rev 2800)
+++ data/CVE/list 2005-11-20 21:43:16 UTC (rev 2801)
@@ -1,3 +1,5 @@
+CVE-2005-XXXX [Unspecified vulnerabilities in phpgroupware]
+ - phpgroupware <unfixed> (bug filed; unknown)
CVE-2005-XXXX [Insecure tempfiles in libjpeg]
- libjpeg6b <unfixed> (bug #340079; low)
CVE-2006-0017
@@ -1158,7 +1160,6 @@
- linux-2.6 <not-affected> (fixed upstream in 2.6.6)
[sarge] - kernel-source-2.6.8 <not-affected> (fixed upstream in 2.6.6)
TODO: check 2.4.27
- NOTE: Was fixed upstream in 2.6.6
CVE-2004-2535 (The person-to-person secure messaging feature in Sticker before 3.1.0 ...)
NOT-FOR-US: Sticker
CVE-2004-2534 (Fastream NETFile Server 7.1.2 does not properly handle keep-alive ...)
@@ -1525,7 +1526,7 @@
CVE-2005-3190 (Buffer overflow in Computer Associates (CA) iGateway 3.0 and 4.0 ...)
NOT-FOR-US: iGateway
CVE-2005-3189 (Directory traversal vulnerability in Qualcomm WorldMail IMAP Server ...)
- TODO: check
+ NOT-FOR-US: Qualcomm WorldMail IMAP Server
CVE-2005-3188
RESERVED
CVE-2005-3187
@@ -1711,7 +1712,7 @@
CVE-2005-3117
REJECTED
CVE-2005-3116 (Stack-based buffer overflow in a shared library as used by the Volume ...)
- TODO: check
+ NOT-FOR-US: VERITAS Backup
CVE-2005-3115 (mpeg-tools before 1.5b-r2 creates multiple temporary files insecurely, ...)
NOT-FOR-US: mpeg-tools
CVE-2005-3114 (Buffer overflow in the ActiveX control for NateOn Messenger ...)
@@ -2069,7 +2070,6 @@
NOT-FOR-US: CuteNews
CVE-2005-3008 (Tofu 0.2 allows remote attackers to execute arbitrary Python code via ...)
NOT-FOR-US: Tofu
- TODO: Please double-check, there's a twisted, soya and other stuff, it's all a wild mix
CVE-2005-3007 (Opera before 8.50 allows remote attackers to spoof the content type of ...)
NOT-FOR-US: Opera
CVE-2005-3006 (The mail client in Opera before 8.50 opens attached files from the ...)
@@ -2237,16 +2237,15 @@
CVE-2005-2941
RESERVED
CVE-2005-2940 (Untrusted Windows search path vulnerability in Microsoft Antispyware ...)
- TODO: check
+ NOT-FOR-US: Microsoft Antispyware
CVE-2005-2939 (Untrusted Windows search path vulnerability in VMWare Workstation ...)
- TODO: check
+ NOT-FOR-US: VMWare
CVE-2005-2938 (Untrusted Windows search path vulnerability in iTunesHelper.exe in ...)
- TODO: check
+ NOT-FOR-US: iTunes
CVE-2005-2937
REJECTED
- NOT-FOR-US: Kaspersky
CVE-2005-2936 (Untrusted Windows search path vulnerability in RealNetworks RealPlayer ...)
- TODO: check
+ NOT-FOR-US: Real Player
CVE-2005-2935 (AntiSpywareMain.exe in Microsoft AntiSpyware does not quote the C ...)
NOT-FOR-US: Microsoft AntiSpyware
CVE-2005-2934
@@ -2593,7 +2592,8 @@
CVE-2005-2782 (PHP remote file inclusion vulnerability in al_initialize.php for ...)
NOT-FOR-US: AutoLinks Pro
CVE-2005-2781 (The Avatar upload feature in FUD Forum before 2.7.0 does not properly ...)
- TODO: check, whether egroupware-fudforum and phpgroupware-fudforum are affected
+ - phpgroupware <unfixed> (bug filed; medium)
+ TODO: check, whether egroupware-fudforum is affected
CVE-2005-2780 (Cross-site scripting (XSS) vulnerability in Land Down Under (LDU) ...)
NOT-FOR-US: Land Down Under
CVE-2005-2779 (The iTAN Online-Banking Security System allows remote attackers to ...)
More information about the Secure-testing-commits
mailing list