[Secure-testing-commits] r3763 - data/CVE

Moritz Muehlenhoff jmm-guest at costa.debian.org
Thu Apr 6 13:04:58 UTC 2006 

Author: jmm-guest
Date: 2006-04-06 13:04:52 +0000 (Thu, 06 Apr 2006)
New Revision: 3763

Modified:
   data/CVE/list
Log:
phpbb2 not-affected
checked two older firefox non-issue


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-04-06 09:22:40 UTC (rev 3762)
+++ data/CVE/list	2006-04-06 13:04:52 UTC (rev 3763)
@@ -45,7 +45,12 @@
 CVE-2006-1604 (Unspecified vulnerability in Exponent CMS before 0.96.5 RC 1 has ...)
 	TODO: check
 CVE-2006-1603 (Cross-site scripting (XSS) vulnerability in profile.php in phpBB ...)
-	TODO: check
+	- phpbb2 <not-affected> (According to Jeroen a non-issue, see notes)
+	NOTE: <jvw> jmm: unable to everify, the variable in question is only printed
+	NOTE: at one single page, and there it doesn't get taken from GET nor POST in my tests
+	NOTE: <jvw> and, shock, the password isn't saved unhashed in the DB, so having
+	NOTE: javascript in your password can't be exposed otherwise
+	NOTE: <jvw> I'd forget about it unless someone comes with a proof of concept
 CVE-2006-1602 (PHP remote file inclusion vulnerability in ...)
 	TODO: check
 CVE-2006-1601 (Unspecified vulnerability in SunPlex Manager in Sun Cluster 3.1 4/04 ...)
@@ -8013,8 +8018,6 @@
 	- isoqlog 2.2-0.1 (bug #254101; bug #202634)
 CVE-2002-XXXX [libnss-ldap: DoS through truncated DNS queries]
 	- libnss-ldap 199-1 (bug #169793)
-CVE-2004-XXXX [Firefox doesn't clear all cookies]
-	- mozilla-firefox <unfixed> (bug #203034; bug #235932; low)
 CVE-2004-XXXX [Insecure temp files in amanda's chg-manual]
 	- amanda 1:2.4.5p1-1 (bug #226139; low)
 	NOTE: Woody and Sarge affected
@@ -9504,8 +9507,7 @@
 CVE-2005-2603 (Cross-site scripting (XSS) vulnerability in index.php for My Image ...)
 	NOT-FOR-US: My Image Gallery (Mig)
 CVE-2005-2602 (Mozilla Thunderbird 1.0 and Firefox 1.0.6 allows remote attackers to ...)
-	- mozilla-firefox <unfixed> (bug #324907; low)
-	TODO: file/clone bugs for mozilla-browser and mozilla-thunderbird
+	- mozilla-firefox <not-affected> (According to Bugzilla Windows/Mac only)
 CVE-2005-2601 (SQL injection vulnerability in MidiCart allows remote attackers to ...)
 	NOT-FOR-US: MidiCart
 CVE-2005-2600 (FUDForum 2.6.15 with &quot;Tree View&quot; enabled, as used in other products ...)

More information about the Secure-testing-commits mailing list