[Secure-testing-commits] r3812 - data/CVE

Florian Weimer fw at costa.debian.org
Sat Apr 15 09:10:03 UTC 2006 

Author: fw
Date: 2006-04-15 09:09:55 +0000 (Sat, 15 Apr 2006)
New Revision: 3812

Modified:
   data/CVE/list
Log:
several NFUs
powersave issue (pinged maintainer)
slash issue


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-04-15 07:52:06 UTC (rev 3811)
+++ data/CVE/list	2006-04-15 09:09:55 UTC (rev 3812)
@@ -218,7 +218,7 @@
 	- mozilla-thunderbird <unfixed> (low)
 	NOTE: This is probably: https://bugzilla.mozilla.org/show_bug.cgi?id=320459
 CVE-2006-1722 (Cross-site scripting (XSS) vulnerability in suche.htm in ShopXS 4.0 ...)
-	TODO: check
+	NOT-FOR-US: ShopXS
 CVE-2006-1721 (Unspecified vulnerability in the CMU Cyrus Simple Authentication and ...)
 	TODO: check
 CVE-2006-1720 (Cross-site scripting (XSS) vulnerability in search.php in SaphpLesson ...)
@@ -226,45 +226,47 @@
 CVE-2006-1719 (Internet Explorer 6 allows remote attackers to cause a denial of ...)
 	TODO: check
 CVE-2006-1718 (Magus Perde Clever Copy 3.0 and earlier stores sensitive information ...)
-	TODO: check
+	NOT-FOR-US: Clever Copy
 CVE-2006-1717 (Cross-site scripting (XSS) vulnerability in newthread.php in MyBB (aka ...)
-	TODO: check
+	NOT-FOR-US: MyBB 
 CVE-2006-1716 (Cross-site scripting (XSS) vulnerability in inc/functions_post.php in ...)
-	TODO: check
+	NOT-FOR-US: MyBB 
 CVE-2006-1715 (Multiple directory traversal vulnerabilities in Christian Kindahl ...)
-	TODO: check
+	NOT-FOR-US: TUGZip
 CVE-2006-1714 (CRLF injection vulnerability in index.php in Christoph Roeder ...)
-	TODO: check
+	NOT-FOR-US: phpMyForum
 CVE-2006-1713 (Cross-site scripting (XSS) vulnerability in index.php in Christoph ...)
-	TODO: check
+	NOT-FOR-US: phpMyForum
 CVE-2006-1710 (SQL injection vulnerability in admin.php in Design Nation DNGuestbook ...)
-	TODO: check
+	NOT-FOR-US: DNGuestbook
 CVE-2005-4784 (Multiple buffer overflows in the POSIX readdir_r function, as used in ...)
 	TODO: check
 CVE-2005-4783 (kernfs_xread in kernfs_vnops.c in NetBSD before 20050831 does not ...)
-	TODO: check
+	NOT-FOR-US: NetBSD
 CVE-2005-4782 (NetBSD 2.0 before 2.0.4, 2.1 before 2.1.1, and 3, when the kernel is ...)
-	TODO: check
+	NOT-FOR-US: NetBSD
 CVE-2005-4781 (Multiple SQL injection vulnerabilities in SergiDs Top Music module 3.0 ...)
-	TODO: check
+	NOT-FOR-US: SergiD Top Music module
 CVE-2005-4780 (** DISPUTED ** ...)
-	TODO: check
+	NOT-FOR-US: LightHouse CMS
 CVE-2005-4779 (verifiedexecioctl in verified_exec.c in NetBSD 2.0.2 calls NDINIT with ...)
-	TODO: check
+	NOT-FOR-US: NetBSD
 CVE-2005-4778 (The powersave daemon in SUSE Linux 10.0 before 20051007 has an ...)
-	TODO: check
+	- powersave 0.12.7-1
+	NOTE: https://bugzilla.novell.com/show_bug.cgi?id=119628&x=18&y=11&=Find
+	TODO: Pinged maintainer.  Not clear if this bug has indeed been fixed.
 CVE-2005-4777 (Tashcom ASPEdit 2.9 stores the administration password (aka the FTP ...)
-	TODO: check
+	NOT-FOR-US: Tashcom ASPEdit
 CVE-2005-4776 (Integer overflow in the FreeBSD compatibility code (freebsd_misc.c) in ...)
-	TODO: check
+	NOT-FOR-US: NetBSD
 CVE-2005-4775 (Michael Scholz and Sebastian Stein Contineo 2.0, when the admin ...)
-	TODO: check
+	NOT-FOR-US: Contineo
 CVE-2005-4774 (Cross-site scripting (XSS) vulnerability in Xerver 4.17 allows remote ...)
-	TODO: check
+	NOT-FOR-US: Xerver
 CVE-2005-4773 (The configuration of VMware ESX Server 2.x, 2.0.x, 2.1.x, and 2.5.x ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2004-2656 (Multiple cross-site scripting (XSS) vulnerabilities in Slashdot Like ...)
-	TODO: check
+	- slash <unfixed> (medium)
 CVE-2006-XXXX [firebird local DoS]
 	- firebird2 1.5.3.4870-4 (bug #362001)
 CVE-2006-1744 (Buffer overflow in pl_main.c in sail in BSDgames 2.17-7 allows local ...)
@@ -3181,7 +3183,7 @@
 CVE-2005-4676 (Buffer overflow in Andreas Huggel Exiv2 before 0.9 does not null ...)
 	TODO: check
 CVE-2003-1291 (VMware ESX Server 1.5.2 before Patch 4 allows local users to execute ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2006-0467 (Unspecified vulnerability in Pioneers (formerly gnocatan) before ...)
 	{DSA-964-1}
 	[woody] - gnocatan 0.6.1-5woody3

More information about the Secure-testing-commits mailing list