[Secure-testing-commits] r2845 - data/CVE
Stefan Fritsch
stef-guest at costa.debian.org
Wed Nov 23 20:38:05 UTC 2005
Author: stef-guest
Date: 2005-11-23 20:38:00 +0000 (Wed, 23 Nov 2005)
New Revision: 2845
Modified:
data/CVE/list
Log:
php5
egroupware-fudforum
helix-player
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2005-11-23 16:11:31 UTC (rev 2844)
+++ data/CVE/list 2005-11-23 20:38:00 UTC (rev 2845)
@@ -96,7 +96,7 @@
NOT-FOR-US: Google Talk
CVE-2005-3677 (Buffer overflow in RealNetworks RealPlayer 10 and 10.5 allows remote ...)
NOT-FOR-US: RealPlayer
- TODO: check Helix, some past issues affected it as well
+ - helixplayer <not-affected>
CVE-2005-3676 (SQL injection vulnerability in download.php in PhpWebThings 1.4.4 ...)
NOT-FOR-US: PhpWebThings
CVE-2005-3675 (The Transmission Control Protocol (TCP) allows remote attackers to ...)
@@ -694,7 +694,7 @@
CVE-2002-2206 (The POP3 proxy service (POPROXY.EXE) in Norton AntiVirus 2001 allows ...)
NOT-FOR-US: Norton AntiVirus
CVE-2002-2205 (Buffer overflow in Webresolve 0.1.0 and earlier allows remote ...)
- TODO: check
+ NOT-FOR-US: webresolve
CVE-2002-2204 (The default --checksig setting in RPM Package Manager 4.0.4 checks ...)
TODO: check
CVE-2002-2203 (Unknown vulnerability in the System Serial Console terminal in Solaris ...)
@@ -854,9 +854,9 @@
CVE-2002-2126 (restrictEnabled in Integrity Protection Driver (IPD) 1.2 delays driver ...)
TODO: check
CVE-2002-2125 (Internet Explorer 6.0 does not warn users when an expired certificate ...)
- TODO: check
+ NOT-FOR-US: MSIE
CVE-2000-1238 (BEA Systems WebLogic Express and WebLogic Server 5.1 SP1-SP6 allows ...)
- TODO: check
+ NOT-FOR-US: BEA Weblogic
CVE-2005-3621 (CRLF injection vulnerability in phpMyAdmin before 2.6.4-pl4 allows ...)
- phpmyadmin 4:2.6.4-pl4-1 (bug #339437; medium)
CVE-2005-XXXX [Two unspecified issues in non-free rar]
@@ -1080,9 +1080,11 @@
CVE-2005-3392 (Unspecified vulnerability in PHP before 4.4.1, when using the virtual ...)
- php4 <unfixed> (bug #336645; unknown)
TODO: check PHP5
+ NOTE: pinged maintainers
CVE-2005-3391 (Multiple vulnerabilities in PHP before 4.4.1 allow remote attackers to ...)
- php4 <unfixed> (bug #336645; unknown)
TODO: check PHP5
+ NOTE: pinged maintainers
CVE-2005-3390 (The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to ...)
- php4 <unfixed> (bug #336645; high)
- php5 <unfixed> (bug #336654; high)
@@ -1173,7 +1175,7 @@
- sylpheed-claws-gtk2 1.9.100-1 (bug #339529; medium)
CVE-2005-3353 (The exif_read_data function in the Exif module in PHP before 4.4.1 ...)
- php4 <unfixed> (bug #339577; medium)
- TODO: Check php5
+ - php5 <unfixed> (bug #336654; medium)
CVE-2005-3352
RESERVED
CVE-2005-3351 (SpamAssassin 3.0.4 allows attackers to bypass spam detection via an ...)
@@ -1338,7 +1340,7 @@
- gnutls11 <unfixed> (bug #336006; low)
TODO: Check, when this was fixed in gnutls12
CVE-2004-2530 (Visual truncation vulnerability in Gadu-Gadu allows remote attackers ...)
- TODO: check
+ NOT-FOR-US: Gadu-Gadu
CVE-2004-2529 (Gadu-Gadu allows remote attackers to bypass the "image send" option by ...)
TODO: check
CVE-2004-2528 (Cross-site scripting (XSS) vulnerability in sresult.exe in Webcam ...)
@@ -2756,7 +2758,7 @@
NOT-FOR-US: AutoLinks Pro
CVE-2005-2781 (The Avatar upload feature in FUD Forum before 2.7.0 does not properly ...)
- phpgroupware <unfixed> (bug #340094; medium)
- TODO: check, whether egroupware-fudforum is affected
+ - egroupware <unfixed> (bug #340495; medium)
CVE-2005-2780 (Cross-site scripting (XSS) vulnerability in Land Down Under (LDU) ...)
NOT-FOR-US: Land Down Under
CVE-2005-2779 (The iTAN Online-Banking Security System allows remote attackers to ...)
More information about the Secure-testing-commits
mailing list