[Secure-testing-commits] r3786 - data/CVE

Moritz Muehlenhoff jmm-guest at costa.debian.org
Tue Apr 11 14:49:03 UTC 2006 

Author: jmm-guest
Date: 2006-04-11 14:48:56 +0000 (Tue, 11 Apr 2006)
New Revision: 3786

Modified:
   data/CVE/list
Log:
four new php issues
new fbi issue
new cyrus-sasl2 issue


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-04-11 11:43:51 UTC (rev 3785)
+++ data/CVE/list	2006-04-11 14:48:56 UTC (rev 3786)
@@ -1,3 +1,7 @@
+CVE-2006-XXXX [Insecure temp files in fbgs]
+	- fbi <unfixed> (bug #361370)
+CVE-2006-XXXX [Cyrus SASL DIGEST-MD5 Pre-Authentication Denial of Service]
+	- cyrus-sasl2 <unfixed> (bug #361937)
 CVE-2006-1675 (Multiple cross-site scripting (XSS) vulnerabilities in PHPWebGallery ...)
 	TODO: check
 CVE-2006-1674 (Cross-site scripting (XSS) vulnerability in search.php in ...)
@@ -143,7 +147,8 @@
 CVE-2006-1609 (Unspecified vulnerability in Hitachi XFIT/S, XFIT/S/JCA, XFIT/S/ZGN, ...)
 	TODO: check
 CVE-2006-1608 (The copy function in file.c in PHP 4.4.2 and 5.1.2 allows local users ...)
-	TODO: check
+	- php4 <unfixed> (bug #361856)
+	- php5 <unfixed> (bug #361915)
 CVE-2006-1607 (Unspecified vulnerability in the banner module in Exponent CMS before ...)
 	TODO: check
 CVE-2006-1606 (Unspecified vulnerability in the image module in Exponent CMS before ...)
@@ -279,8 +284,10 @@
 	NOT-FOR-US: Apple 
 CVE-2006-1551
 	RESERVED
-CVE-2006-1549
+CVE-2006-1549 [function *() php/apache Crash]
 	RESERVED
+	- php4 <unfixed> (bug #361854)
+	- php5 <unfixed> (bug #361917)
 CVE-2005-4767 (BEA WebLogic Server and WebLogic Express 8.1 SP5 and earlier, and 7.0 ...)
 	NOT-FOR-US: BEA WebLogic
 CVE-2005-4766 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 ...)
@@ -427,7 +434,8 @@
 CVE-2006-1495 (SQL injection vulnerability in general/sendpassword.php in (1) ...)
 	NOT-FOR-US: PHPCollab / NetOffice
 CVE-2006-1494 (Directory traversal vulnerability in file.c in PHP 4.4.2 and 5.1.2 ...)
-	TODO: check
+	- php4 <unfixed> (bug #361855)
+	- php5 <unfixed> (bug #361916)
 CVE-2006-1493 (Cross-site scripting (XSS) vulnerability in dir.php in Explorer XP ...)
 	NOT-FOR-US: Explorer XP
 CVE-2006-1492 (Directory traversal vulnerability in dir.php in Explorer XP allows ...)
@@ -1541,7 +1549,8 @@
 CVE-2006-0997 (The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and ...)
 	NOT-FOR-US: Novell
 CVE-2006-0996 (Cross-site scripting (XSS) vulnerability in phpinfo (info.c) in PHP ...)
-	TODO: check
+	- php4 <unfixed> (bug #361853)
+	- php5 <unfixed> (bug #361914)
 CVE-2006-0995 (EMC Dantz Retrospect 7 backup client 7.0.107, and other versions ...)
 	NOT-FOR-US: EMC Dantz Retrospect
 CVE-2006-0994

More information about the Secure-testing-commits mailing list