[Secure-testing-commits] r3763 - data/CVE
Moritz Muehlenhoff
jmm-guest at costa.debian.org
Thu Apr 6 13:04:58 UTC 2006
Author: jmm-guest
Date: 2006-04-06 13:04:52 +0000 (Thu, 06 Apr 2006)
New Revision: 3763
Modified:
data/CVE/list
Log:
phpbb2 not-affected
checked two older firefox non-issue
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-04-06 09:22:40 UTC (rev 3762)
+++ data/CVE/list 2006-04-06 13:04:52 UTC (rev 3763)
@@ -45,7 +45,12 @@
CVE-2006-1604 (Unspecified vulnerability in Exponent CMS before 0.96.5 RC 1 has ...)
TODO: check
CVE-2006-1603 (Cross-site scripting (XSS) vulnerability in profile.php in phpBB ...)
- TODO: check
+ - phpbb2 <not-affected> (According to Jeroen a non-issue, see notes)
+ NOTE: <jvw> jmm: unable to everify, the variable in question is only printed
+ NOTE: at one single page, and there it doesn't get taken from GET nor POST in my tests
+ NOTE: <jvw> and, shock, the password isn't saved unhashed in the DB, so having
+ NOTE: javascript in your password can't be exposed otherwise
+ NOTE: <jvw> I'd forget about it unless someone comes with a proof of concept
CVE-2006-1602 (PHP remote file inclusion vulnerability in ...)
TODO: check
CVE-2006-1601 (Unspecified vulnerability in SunPlex Manager in Sun Cluster 3.1 4/04 ...)
@@ -8013,8 +8018,6 @@
- isoqlog 2.2-0.1 (bug #254101; bug #202634)
CVE-2002-XXXX [libnss-ldap: DoS through truncated DNS queries]
- libnss-ldap 199-1 (bug #169793)
-CVE-2004-XXXX [Firefox doesn't clear all cookies]
- - mozilla-firefox <unfixed> (bug #203034; bug #235932; low)
CVE-2004-XXXX [Insecure temp files in amanda's chg-manual]
- amanda 1:2.4.5p1-1 (bug #226139; low)
NOTE: Woody and Sarge affected
@@ -9504,8 +9507,7 @@
CVE-2005-2603 (Cross-site scripting (XSS) vulnerability in index.php for My Image ...)
NOT-FOR-US: My Image Gallery (Mig)
CVE-2005-2602 (Mozilla Thunderbird 1.0 and Firefox 1.0.6 allows remote attackers to ...)
- - mozilla-firefox <unfixed> (bug #324907; low)
- TODO: file/clone bugs for mozilla-browser and mozilla-thunderbird
+ - mozilla-firefox <not-affected> (According to Bugzilla Windows/Mac only)
CVE-2005-2601 (SQL injection vulnerability in MidiCart allows remote attackers to ...)
NOT-FOR-US: MidiCart
CVE-2005-2600 (FUDForum 2.6.15 with "Tree View" enabled, as used in other products ...)
More information about the Secure-testing-commits
mailing list