[Secure-testing-commits] r3740 - data/CVE

Moritz Muehlenhoff jmm-guest at costa.debian.org
Mon Apr 3 23:51:26 UTC 2006 

Author: jmm-guest
Date: 2006-04-03 23:51:15 +0000 (Mon, 03 Apr 2006)
New Revision: 3740

Modified:
   data/CVE/list
Log:
three rpath issue CVEfied
NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-04-03 23:44:40 UTC (rev 3739)
+++ data/CVE/list	2006-04-03 23:51:15 UTC (rev 3740)
@@ -39,11 +39,14 @@
 CVE-2006-1567 (Cross-site scripting (XSS) vulnerability in searchresults.asp in ...)
 	TODO: check
 CVE-2006-1566 (Untrusted search path vulnerability in libtunepimp-perl 0.4.2-1 in ...)
-	TODO: check
+	- libtunepimp 0.4.2-3 (bug #359241; low)
+	[sarge] - libtunepimp <not-affected> (rpath not set to /tmp in Sarge)
 CVE-2006-1565 (Untrusted search path vulnerability in libgpib-perl 3.2.06-2 in Debian ...)
-	TODO: check
+	- gpib 3.2.06-3 (bug #359239; low)
+	[sarge] - gpib <not-affected> (rpath not set to /tmp in Sarge)
 CVE-2006-1564 (Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for ...)
-	TODO: check
+	- subversion 1.3.0-5 (bug #359234; low)
+	[sarge] - subversion <not-affected> (No rpaths set in Sarge)
 CVE-2006-1563 (Direct static code injection vulnerability in config.php in vscripts ...)
 	TODO: check
 CVE-2006-1562 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
@@ -73,43 +76,43 @@
 CVE-2006-1549
 	RESERVED
 CVE-2005-4767 (BEA WebLogic Server and WebLogic Express 8.1 SP5 and earlier, and 7.0 ...)
-	TODO: check
+	NOT-FOR-US: BEA WebLogic
 CVE-2005-4766 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 ...)
-	TODO: check
+	NOT-FOR-US: BEA WebLogic
 CVE-2005-4765 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier and 7.0 ...)
-	TODO: check
+	NOT-FOR-US: BEA WebLogic
 CVE-2005-4764 (BEA WebLogic Server and WebLogic Express 9.0, 8.1, and 7.0 lock out ...)
-	TODO: check
+	NOT-FOR-US: BEA WebLogic
 CVE-2005-4763 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 ...)
-	TODO: check
+	NOT-FOR-US: BEA WebLogic
 CVE-2005-4762 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 ...)
-	TODO: check
+	NOT-FOR-US: BEA WebLogic
 CVE-2005-4761 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP5 ...)
-	TODO: check
+	NOT-FOR-US: BEA WebLogic
 CVE-2005-4760 (BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier, and 7.0 ...)
-	TODO: check
+	NOT-FOR-US: BEA WebLogic
 CVE-2005-4759 (BEA WebLogic Server and WebLogic Express 8.1 and 7.0, during a ...)
-	TODO: check
+	NOT-FOR-US: BEA WebLogic
 CVE-2005-4758 (Unspecified vulnerability in the Administration server in BEA WebLogic ...)
-	TODO: check
+	NOT-FOR-US: BEA WebLogic
 CVE-2005-4757 (BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier, and 7.0 ...)
-	TODO: check
+	NOT-FOR-US: BEA WebLogic
 CVE-2005-4756 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 ...)
-	TODO: check
+	NOT-FOR-US: BEA WebLogic
 CVE-2005-4755 (BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier (1) ...)
-	TODO: check
+	NOT-FOR-US: BEA WebLogic
 CVE-2005-4754 (BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier allow ...)
-	TODO: check
+	NOT-FOR-US: BEA WebLogic
 CVE-2005-4753 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 ...)
-	TODO: check
+	NOT-FOR-US: BEA WebLogic
 CVE-2005-4752 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 ...)
-	TODO: check
+	NOT-FOR-US: BEA WebLogic
 CVE-2005-4751 (Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic ...)
-	TODO: check
+	NOT-FOR-US: BEA WebLogic
 CVE-2005-4750 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP5 ...)
-	TODO: check
+	NOT-FOR-US: BEA WebLogic
 CVE-2005-4749 (HTTP request smuggling vulnerability in BEA WebLogic Server and ...)
-	TODO: check
+	NOT-FOR-US: BEA WebLogic
 CVE-2006-1548 (Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction ...)
 	- libstruts1.2-java <unfixed> (bug #360551)
 CVE-2006-1547 (ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 ...)
@@ -127,7 +130,7 @@
 CVE-2006-1541 (SQL injection vulnerability in Default.asp in EzASPSite 2.0 RC3 and ...)
 	TODO: check
 CVE-2006-1540 (Microsoft Office 2002 (aka Office XP) allows user-complicit attackers ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2006-1539 (Multiple buffer overflows in the checkscores function in scores.c in ...)
 	TODO: check
 CVE-2006-1538 (The Enova X-Wall ASIC encrypts with a key obtained via Microwire from ...)
@@ -185,9 +188,9 @@
 CVE-2006-1512
 	RESERVED
 CVE-2006-1511 (Buffer overflow in the ILASM assembler in the Microsoft .NET 1.0 and ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2006-1510 (Buffer overflow in calloc.c in the Microsoft Windows XP SP2 ntdll.dll ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2006-1509 (/sbin/passwd in HP-UX B.11.00, B.11.11, and B.11.23 before 20060326 ...)
 	TODO: check
 CVE-2006-1508 (Multiple cross-site scripting (XSS) vulnerabilities in MH Software ...)
@@ -229,15 +232,6 @@
 CVE-2006-XXXX [unixodbc rpath set to /home]
 	- unixodbc 2.2.11-11 (bug #358142; low)
 	[sarge] - unixodbc <not-affected> (rpath not set to /home in Sarge)
-CVE-2006-XXXX [subversion rpath set to /tmp]
-	- subversion 1.3.0-5 (bug #359234; low)
-	[sarge] - subversion <not-affected> (No rpaths set in Sarge)
-CVE-2006-XXXX [libtunepimp rpath set to /tmp]
-	- libtunepimp 0.4.2-3 (bug #359241; low)
-	[sarge] - libtunepimp <not-affected> (rpath not set to /tmp in Sarge)
-CVE-2006-XXXX [gpib rpath set to /tmp]
-	- gpib 3.2.06-3 (bug #359239; low)
-	[sarge] - gpib <not-affected> (rpath not set to /tmp in Sarge)
 CVE-2006-XXXX [fftw rpath set to user home]
 	- fftw <unfixed> (bug #358157; low)
 	[sarge] - fftw <not-affected> (No rpath set in Sarge)

More information about the Secure-testing-commits mailing list