[Secure-testing-commits] r3862 - data/CVE

Moritz Muehlenhoff jmm-guest at costa.debian.org
Sun Apr 23 14:21:21 UTC 2006 

Author: jmm-guest
Date: 2006-04-23 14:21:01 +0000 (Sun, 23 Apr 2006)
New Revision: 3862

Modified:
   data/CVE/list
Log:
new typo3 issue
no-dsa


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-04-23 14:15:36 UTC (rev 3861)
+++ data/CVE/list	2006-04-23 14:21:01 UTC (rev 3862)
@@ -1,3 +1,5 @@
+CVE-2006-XXXX [typo3 mailforms can be abused to send spam]
+	- typo3-src <unfixed> (bug #364350)
 CVE-2006-XXXX [moinmoin XSS]
 	- moin 1.5.3-1
 CVE-2006-1976 (Cross-site scripting (XSS) vulnerability in addRequest.php in Prayer ...)
@@ -801,6 +803,7 @@
 	- util-vserver 0.30.210-1 (bug #360438; unimportant)
 CVE-2006-1655 (Unspecified vulnerability in mpg123 0.59r allows user-complicit ...)
 	- mpg123 <unfixed> (bug #361863; unknown)
+	[sarge] - mpg123 <no-dsa> (Non-free software)
 CVE-2006-1654 (Directory traversal vulnerability in the HP Color LaserJet 2500 ...)
 	NOT-FOR-US: HP Colour LaserJet 2500 and 4600 Toolbox
 CVE-2006-1653 (PHP remote file inclusion vulnerability in loadkernel.php in ...)
@@ -1072,10 +1075,13 @@
 	NOT-FOR-US: BEA WebLogic
 CVE-2006-1548 (Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction ...)
 	- libstruts1.2-java <unfixed> (bug #360551)
+	[sarge] - libstruts1.2-java <no-dsa> (Only in contrib, relies on proprietary Java)
 CVE-2006-1547 (ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 ...)
 	- libstruts1.2-java <unfixed> (bug #360551)
+	[sarge] - libstruts1.2-java <no-dsa> (Only in contrib, relies on proprietary Java)
 CVE-2006-1546 (Apache Software Foundation (ASF) Struts before 1.2.9 allows remote ...)
 	- libstruts1.2-java <unfixed> (bug #360551)
+	[sarge] - libstruts1.2-java <no-dsa> (Only in contrib, relies on proprietary Java)
 CVE-2006-1545 (Direct static code injection vulnerability in admin/config.php in ...)
 	NOT-FOR-US: VNews 
 CVE-2006-1544 (Multiple cross-site scripting (XSS) vulnerabilities in news.php in ...)
@@ -3912,7 +3918,7 @@
 CVE-2006-0328 (Format string vulnerability in Tftpd32 2.81 allows remote attackers to ...)
 	NOT-FOR-US: Tftpd32, different from the tftpd in Debian
 CVE-2006-0327 (TYPO3 3.7.1 allows remote attackers to obtain sensitive information ...)
-	- typo3-src <unfixed> (unimportant)
+	- typo3-src <unfixed> (bug #364351; unimportant)
 	NOTE: Only path disclosure
 CVE-2006-0326
 	RESERVED
@@ -4138,7 +4144,7 @@
 CVE-2006-0237 (Cross-site scripting (XSS) vulnerability in index.php in GTP iCommerce ...)
 	NOT-FOR-US: GTP iCommerce
 CVE-2006-0236 (GUI display truncation vulnerability in Mozilla Thunderbird 1.0.2, ...)
-	- mozilla-thunderbird <unfixed> (bug #349242; medium)
+	- mozilla-thunderbird <unfixed> (bug #349242; bug #363777; medium)
 CVE-2006-0235 (SQL injection vulnerability in WhiteAlbum 2.5 allows remote attackers ...)
 	NOT-FOR-US: WhiteAlbum
 CVE-2006-0234 (SQL injection vulnerability in index.php in microBlog 2.0 RC-10 allows ...)
@@ -6780,6 +6786,7 @@
 	NOT-FOR-US: APBoard
 CVE-2005-3745 (Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and ...)
 	- libstruts1.2-java 1.2.8-1 (bug #340583; medium)
+	[sarge] - libstruts1.2-java <no-dsa> (Only in contrib, relies on proprietary Java)
 CVE-2005-3744 (SQL injection vulnerability in index.php in phpComasy 0.7.5 and ...)
 	NOT-FOR-US: phpComasy
 CVE-2005-3743 (SQL injection vulnerability in results.php in SimplePoll allows remote ...)
@@ -10884,8 +10891,7 @@
 	- kernel-source-2.4.27 <not-affected>
 CVE-2005-XXXX [Buffer overflow in Description parsing]
 	- bidwatcher <removed> (bug #319489; low)
-	NOTE: Sarge and Woody affected
-	NOTE: Package is totally broken due to Ebay changes, so risk is low
+	[sarge] - bidwatcher <no-dsa> (Totally broken due to Ebay changes, no users, no exploits)
 CVE-2005-XXXX [Does not do escaping in mysql version - both a worrying flaw and stops adduser working]
 	- dbmail <unfixed> (bug #303991; medium)
 CVE-2005-XXXX [downloads.ini writable by group users, world-readable]
@@ -16713,7 +16719,7 @@
 	NOT-FOR-US: Windows
 CVE-2005-1105 (Directory traversal vulnerability in the MimeBodyPart.getFileName ...)
 	- libgnumail-java <unfixed> (bug #304712; low)
-	[sarge] - libgnumail <no-dsa> (Only user in Sarge is ant, which isn't affected)
+	[sarge] - libgnumail-java <no-dsa> (Only user in Sarge is ant, which isn't affected)
 CVE-2005-1104 (Multiple cross-site scripting (XSS) vulnerabilities in Centra 7 ...)
 	NOT-FOR-US: Centra
 CVE-2005-1103 (Sygate Security Agent (SSA) in Sygate Secure Enterprise 3.5 through ...)

More information about the Secure-testing-commits mailing list