[Secure-testing-commits] r3895 - data/CVE

Stefan Fritsch stef-guest at costa.debian.org
Sun Apr 30 15:41:41 UTC 2006 

Author: stef-guest
Date: 2006-04-30 15:41:36 +0000 (Sun, 30 Apr 2006)
New Revision: 3895

Modified:
   data/CVE/list
Log:
new clamav issue
some NFUs

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-04-29 16:25:08 UTC (rev 3894)
+++ data/CVE/list	2006-04-30 15:41:36 UTC (rev 3895)
@@ -59,8 +59,9 @@
 CVE-2006-1990 (Integer overflow in the wordwrap function in string.c in PHP 4.4.2 and ...)
 	- php4 <unfixed> (bug #365311; medium)
 	- php5 <unfixed> (bug #365312; medium)
-CVE-2006-1989
+CVE-2006-1989 [freshclam: lack of proper check for the size of header data]
 	RESERVED
+	- clamav 0.88.2-1
 CVE-2006-1988 (The WebTextRenderer(WebInternal) _CG_drawRun:style:geometry: function ...)
 	NOT-FOR-US: Apple Safari
 	NOTE: PoC exploit does not work with konqueror 4:3.5.2-2
@@ -193,31 +194,31 @@
 CVE-2006-1931 (The HTTP/XMLRPC server in Ruby before 1.8.2 uses blocking sockets, ...)
 	TODO: check
 CVE-2006-1930 (Multiple SQL injection vulnerabilities in userscript.php in Green ...)
-	TODO: check
+	NOT-FOR-US: Green Minute
 CVE-2006-1929 (PHP remote file inclusion vulnerability in include/common.php in ...)
-	TODO: check
+	NOT-FOR-US: I-Rater Platinum
 CVE-2006-1928 (Cisco IOS XR, when configured for Multi Protocol Label Switching ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2006-1927 (Cisco IOS XR, when configured for Multi Protocol Label Switching ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2006-1926 (SQL injection vulnerability in showtopic.php in ThWboard 2.84 beta 3 ...)
-	TODO: check
+	NOT-FOR-US: ThWboard
 CVE-2006-1925 (Directory traversal vulnerability in the editnews module ...)
-	TODO: check
+	NOT-FOR-US: CuteNews
 CVE-2006-1924 (SQL injection vulnerability in functions/db_api.php in LinPHA 1.1.1 ...)
-	TODO: check
+	NOT-FOR-US: LinPHA
 CVE-2006-1923 (Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before ...)
-	TODO: check
+	NOT-FOR-US: LinPHA
 CVE-2006-1922 (PHP remote file inclusion vulnerability in (1) about.php or (2) ...)
-	TODO: check
+	NOT-FOR-US: TotalCalendar
 CVE-2006-1921 (nettools.php in PHP Net Tools 2.7.1 allows remote attackers to execute ...)
-	TODO: check
+	NOT-FOR-US: PHP Net Tools 
 CVE-2006-1920 (SQL injection vulnerability in index.php in PMTool 1.2.2 allows remote ...)
-	TODO: check
+	NOT-FOR-US: PMTool
 CVE-2006-1919 (PHP remote file inclusion vulnerability in index.php in Internet ...)
-	TODO: check
+	NOT-FOR-US: Internet Photoshow 
 CVE-2006-1918 (Multiple cross-site scripting (XSS) vulnerabilities in Papoo 2.1.5 ...)
-	TODO: check
+	NOT-FOR-US: Papoo
 CVE-2006-1917 (SQL injection vulnerability in member.php in Blackorpheus ...)
 	TODO: check
 CVE-2006-1916 (Multiple cross-site scripting (XSS) vulnerabilities in profile.php in ...)
@@ -736,6 +737,7 @@
 CVE-2006-1721 (digestmd5.c in the CMU Cyrus Simple Authentication and Security Layer ...)
 	{DSA-1042-1}
 	- cyrus-sasl2 2.1.19.dfsg1-0.2 (bug #361937; low)
+	- cyrus-sasl2-mit <not-affected> (does not install digest-md5)
 CVE-2006-1720 (Cross-site scripting (XSS) vulnerability in search.php in SaphpLesson ...)
 	NOT-FOR-US: SaphpLesson
 CVE-2006-1719 (Internet Explorer 6 allows remote attackers to cause a denial of ...)

More information about the Secure-testing-commits mailing list