[Secure-testing-commits] r3832 - data/CVE

Stefan Fritsch stef-guest at costa.debian.org
Wed Apr 19 18:43:33 UTC 2006


Author: stef-guest
Date: 2006-04-19 18:43:26 +0000 (Wed, 19 Apr 2006)
New Revision: 3832

Modified:
   data/CVE/list
Log:
some more NFUs
bugnum
oooold squid issue
claim


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-04-19 17:57:42 UTC (rev 3831)
+++ data/CVE/list	2006-04-19 18:43:26 UTC (rev 3832)
@@ -620,7 +620,7 @@
 	NOT-FOR-US: Microsoft Windows Help 
 CVE-2006-1590 (Cross-site scripting (XSS) vulnerability in the PrintFreshPage ...)
 	- acidbase <unfixed> (bug #363548)
-	- acidlab <unfixed> (bug filed)
+	- acidlab <unfixed> (bug #363549)
 CVE-2006-1589 (The elf_load_file function in NetBSD 2.0 through 3.0 allows local ...)
 	NOT-FOR-US: NetBSD kernel
 CVE-2006-1588 (The bridge ioctl (if_bridge code) in NetBSD 1.6 through 3.0 does not ...)
@@ -2380,27 +2380,27 @@
 CVE-2006-0821 (SQL injection vulnerability in index.php in BXCP 0.299 allows remote ...)
 	NOT-FOR-US: BXCP
 CVE-2006-0820 (Cross-site scripting (XSS) vulnerability in Dwarf HTTP Server 1.3.2 ...)
-	TODO: check
+	NOT-FOR-US: Dwarf HTTP Server
 CVE-2006-0819 (Dwarf HTTP Server 1.3.2 allows remote attackers to obtain the source ...)
-	TODO: check
+	NOT-FOR-US: Dwarf HTTP Server
 CVE-2006-0818
 	RESERVED
 CVE-2006-0817
 	RESERVED
 CVE-2006-0816 (Orion Application Server before 2.0.7, when running on Windows, allows ...)
-	TODO: check
+	NOT-FOR-US: Orion Application Server
 CVE-2006-0815 (NetworkActiv Web Server 3.5.15 allows remote attackers to read script ...)
-	TODO: check
+	NOT-FOR-US: NetworkActiv Web Server
 CVE-2006-0814 (response.c in Lighttpd 1.4.10 and possibly previous versions, when run ...)
-	TODO: check
+	NOT-FOR-US: Lighttpd under windows
 CVE-2006-0813 (Heap-based buffer overflow in WinACE 2.60 allows user-complicit ...)
-	TODO: check
+	NOT-FOR-US: WinACE
 CVE-2006-0812 (The VisNetic AntiVirus Plug-in (DKAVUpSch.exe) for Mail Server ...)
-	TODO: check
+	NOT-FOR-US: WinACE VisNetic AntiVirus
 CVE-2005-4727 (Cross-site scripting (XSS) vulnerability in gbook.cgi in gBook before ...)
-	TODO: check
+	NOT-FOR-US: gBook
 CVE-2004-2654 (The clientAbortBody function in client_side.c in Squid Web Proxy Cache ...)
-	TODO: check
+	- squid 2.5.6
 CVE-2006-0811 (Cross-site scripting (XSS) vulnerability in reguser.php in Skate Board ...)
 	NOT-FOR-US: Skate Board
 CVE-2006-0810 (Unspecified vulnerability in config.php in Skate Board 0.9 allows ...)
@@ -2466,23 +2466,24 @@
 CVE-2006-0781 (Directory traversal vulnerability in weblog.pl in PerlBlog 1.09b and ...)
 	NOT-FOR-US: PerlBlog 
 CVE-2006-0780 (Multiple cross-site scripting (XSS) vulnerabilities in weblog.pl in ...)
-	TODO: check
+	NOT-FOR-US: PerlBlog
 CVE-2006-0779 (Cross-site scripting (XSS) vulnerability in u2u.php in XMB Forums ...)
-	TODO: check
+	NOT-FOR-US: XMB Forums
 CVE-2006-0778 (Multiple SQL injection vulnerabilities in XMB Forums 1.9.3 and earlier ...)
-	TODO: check
+	NOT-FOR-US: XMB Forums
 CVE-2006-0777 (Unspecified vulnerability in guestex.pl in Teca Scripts Guestex 1.0 ...)
-	TODO: check
+	NOT-FOR-US: Teca Scripts Guestex
 CVE-2006-0776 (Cross-site scripting (XSS) vulnerability in guestex.pl in Teca Scripts ...)
-	TODO: check
+	NOT-FOR-US: Teca Scripts Guestex
 CVE-2006-0775 (Multiple SQL injection vulnerabilities in show.php in BirthSys 3.1 ...)
-	TODO: check
+	NOT-FOR-US: BirthSys
+begin claimed by stef-guest
 CVE-2006-0774 (SQL injection vulnerability in deleteSession() in DB_eSession library ...)
 	TODO: check
 CVE-2006-0773 (Cross-site scripting (XSS) vulnerability in Hitachi Business Logic - ...)
-	TODO: check
+	NOT-FOR-US: Hitachi Business Logic
 CVE-2006-0772 (SQL injection vulnerability in Hitachi Business Logic - Container ...)
-	TODO: check
+	NOT-FOR-US: Hitachi Business Logic
 CVE-2006-0771 (Format string vulnerability in PunkBuster 1.180 and earlier, as used ...)
 	TODO: check
 CVE-2006-0770 (Cross-site scripting (XSS) vulnerability in calendar.php in ...)
@@ -2513,6 +2514,7 @@
 	TODO: check
 CVE-2006-0757 (Multiple eval injection vulnerabilities in HiveMail 1.3 and earlier ...)
 	TODO: check
+end claimed by stef-guest
 CVE-2006-0756 (** DISPUTED ** ...)
 	NOT-FOR-US: dotProject
 CVE-2006-0755 (** DISPUTED ** ...)




More information about the Secure-testing-commits mailing list