[Secure-testing-commits] r3896 - data/CVE

[Stefan Fritsch]

Author: stef-guest
Date: 2006-04-30 17:51:49 +0000 (Sun, 30 Apr 2006)
New Revision: 3896

Modified:
   data/CVE/list
Log:
ruby issue not fixed in sarge

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-04-30 15:41:36 UTC (rev 3895)
+++ data/CVE/list	2006-04-30 17:51:49 UTC (rev 3896)
@@ -192,7 +192,10 @@
 CVE-2006-1932 (Off-by-one error in the OID printing routine in Ethereal 0.10.x up to ...)
 	- ethereal <unfixed> (bug #364758; medium)
 CVE-2006-1931 (The HTTP/XMLRPC server in Ruby before 1.8.2 uses blocking sockets, ...)
-	TODO: check
+	NOTE: the redhat bugzilla entry says this is fixed in 1.8.3
+	NOTE: the fix is definitely not in 1.8.2-7sarge2	
+	- ruby1.8 1.8.3
+	[sarge] - ruby1.8 <unfixed> (bug filed)
 CVE-2006-1930 (Multiple SQL injection vulnerabilities in userscript.php in Green ...)
 	NOT-FOR-US: Green Minute
 CVE-2006-1929 (PHP remote file inclusion vulnerability in include/common.php in ...)
@@ -220,15 +223,15 @@
 CVE-2006-1918 (Multiple cross-site scripting (XSS) vulnerabilities in Papoo 2.1.5 ...)
 	NOT-FOR-US: Papoo
 CVE-2006-1917 (SQL injection vulnerability in member.php in Blackorpheus ...)
-	TODO: check
+	NOT-FOR-US: Blackorpheus ClanMemberSkript
 CVE-2006-1916 (Multiple cross-site scripting (XSS) vulnerabilities in profile.php in ...)
-	TODO: check
+	NOT-FOR-US: DbbS
 CVE-2006-1915 (SQL injection vulnerability in topics.php in DbbS 2.0-alpha and ...)
-	TODO: check
+	NOT-FOR-US: DbbS
 CVE-2006-1914 (DbbS 2.0-alpha and earlier allows remote attackers to obtain sensitive ...)
-	TODO: check
+	NOT-FOR-US: DbbS
 CVE-2006-1913 (Cross-site scripting (XSS) vulnerability in jax_guestbook.php in Jax ...)
-	TODO: check
+	NOT-FOR-US: Jax Guestbook
 CVE-2006-1912 (MyBB (MyBulletinBoard) 1.1.0 does not set the constant KILL_GLOBAL ...)
 	TODO: check
 CVE-2006-1911 (Cross-site scripting (XSS) vulnerability in MyBB (MyBulletinBoard) 1.1 ...)