[Secure-testing-commits] r3899 - data/CVE

Stefan Fritsch stef-guest at costa.debian.org
Sun Apr 30 19:47:48 UTC 2006


Author: stef-guest
Date: 2006-04-30 19:47:36 +0000 (Sun, 30 Apr 2006)
New Revision: 3899

Modified:
   data/CVE/list
Log:
gcc issue
amaya issue
new phpbb2 issues
some NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-04-30 19:06:01 UTC (rev 3898)
+++ data/CVE/list	2006-04-30 19:47:36 UTC (rev 3899)
@@ -261,38 +261,36 @@
 	NOT-FOR-US: AnimeGenesis Gallery
 CVE-2006-1903 (Multiple cross-site scripting (XSS) vulnerabilities in UserLand Manila ...)
 	NOT-FOR-US: UserLand Manila
-begin claimed by stef-guest
 CVE-2006-1902 (fold_binary in fold-const.c in GNU Compiler Collection (gcc) 4.1 ...)
-	TODO: check
+	- gcc-4.1 (bug #356896; low)
 CVE-2006-1901 (Mozilla Camino 1.0 and earlier allow remote attackers to cause a ...)
-	TODO: check
+	NOT-FOR-US: Mozilla Camino
 CVE-2006-1900 (Multiple buffer overflows in World Wide Web Consortium (W3C) Amaya ...)
-	TODO: check
+	- amaya <unfixed> (bug #362575; medium)
 CVE-2006-1899 (Multiple cross-site scripting (XSS) vulnerabilities in dev Neuron Blog ...)
-	TODO: check
+	NOT-FOR-US: Neuron Blog
 CVE-2006-1898 (Multiple cross-site scripting (XSS) vulnerabilities in Ralph Capper ...)
-	TODO: check
+	NOT-FOR-US: Tiny PHP Forum
 CVE-2006-1897 (Webplus (aka talentsoft) Web+Shop 5.3.6, when Redirect URL for &quot;Script ...)
-	TODO: check
+	NOT-FOR-US: Webplus (aka talentsoft) Web+Shop
 CVE-2006-1896 (Unspecified vulnerability in phpBB allows remote authenticated users ...)
-	TODO: check
+	- phpbb2 <unfixed> (bug filed; medium)
 CVE-2006-1895 (Direct static code injection vulnerability in includes/template.php in ...)
-	TODO: check
+	- phpbb2 <unfixed> (bug filed; medium)
 CVE-2006-1894 (Cross-site scripting (XSS) vulnerability in RevoBoard 1.8, as derived ...)
-	TODO: check
+	NOT-FOR-US: RevoBoard / PunBB
 CVE-2006-1893 (Cross-site scripting (XSS) vulnerability in print.php in ar-blog 5.2 ...)
-	TODO: check
+	NOT-FOR-US: ar-blog
 CVE-2006-1892 (avast! 4 Linux Home Edition 1.0.5 allows local users to modify ...)
-	TODO: check
+	NOT-FOR-US: avast! 4 Linux Home Edition
 CVE-2006-1891 (Cross-site scripting (XSS) vulnerability in Martin Scheffler betaboard ...)
-	TODO: check
+	NOT-FOR-US: betaboard
 CVE-2006-1890 (Multiple PHP remote file inclusion vulnerabilities in myWebland ...)
-	TODO: check
+	NOT-FOR-US: myWebland
 CVE-2006-1889 (Cross-site scripting (XSS) vulnerability in the search action handler ...)
-	TODO: check
+	NOT-FOR-US: Boardsolution
 CVE-2006-1888 (phpGraphy 0.9.11 and earlier allows remote attackers to bypass ...)
-	TODO: check
-end claimed by stef-guest
+	NOT-FOR-US: phpGraphy
 CVE-2006-1887 (Unspecified vulnerability in Oracle JD Edwards EnterpriseOne Security ...)
 	NOT-FOR-US: Oracle JD Edwards EnterpriseOne
 CVE-2006-1886 (Unspecified vulnerability in the PeopleTools component in Oracle ...)
@@ -1877,7 +1875,7 @@
 CVE-2006-1248 (Unspecified vulnerability in usermod in HP-UX B.11.00, B.11.11, and ...)
 	NOT-FOR-US: HP-UX 
 CVE-2006-1247 (rm_mlcache_file in bos.rte.install in AIX 5.1.0 through 5.3.0 allows ...)
-	TODO: check
+	NOT-FOR-US: AIX
 CVE-2006-1246 (Unspecified vulnerability in mklvcopy in BOS.RTE.LVM in IBM AIX 5.3 ...)
 	NOT-FOR-US: AIX 
 CVE-2006-1245 (Buffer overflow in mshtml.dll in Microsoft Internet Explorer ...)
@@ -2987,7 +2985,7 @@
 CVE-2006-0751 (Multiple unspecified vulnerabilities in the (1) Filesystem in ...)
 	TODO: check
 CVE-2006-0750 (SQL injection vulnerability in index.php in supersmashbrothers (SSB) ...)
-	TODO: check
+	NOT-FOR-US: supersmashbrothers
 CVE-2006-0749 (Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, ...)
 	{DSA-1046-1 DSA-1044-1}
 	- firefox <unfixed> (low)
@@ -3716,7 +3714,7 @@
 CVE-2005-4683 (PADL MigrationTools 46, when a failure occurs, stores contents of ...)
 	- migrationtools 46-2.1 (bug #338920; medium)
 CVE-2005-4682 (Cross-site scripting (XSS) vulnerability in error.asp in AudienceView ...)
-	TODO: check
+	NOT-FOR-US: AudienceView 
 CVE-2005-4681 (** DISPUTED ** Buffer overflow in mIRC 5.91, 6.03, 6.12, and 6.16 ...)
 	TODO: check
 CVE-2005-4680 (Sophos Anti-Virus before 4.02, 4.5.x before 4.5.9, 4.6.x before 4.6.9, ...)
@@ -3904,7 +3902,7 @@
 	{DSA-989-1}
 	- zoph 0.5-1 (bug #350717)
 CVE-2006-0401 (Unspecified vulnerability in Mac OS X before 10.4.6, when running on ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2006-0400 (CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers ...)
 	NOT-FOR-US: Apple
 CVE-2006-0399 (Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes ...)
@@ -7570,9 +7568,9 @@
 	[sarge] - kernel-source-2.6.8 <not-affected> (Vulnerable code was introduced later)
 	NOTE: http://svn.debian.org/wsvn/kernel/patch-tracking/CVE-2005-3527?op=file&rev=0&sc=0
 CVE-2005-3526 (Buffer overflow in the IMAP daemon in Ipswitch Collaboration Suite ...)
-	TODO: check
+	NOT-FOR-US: Ipswitch Collaboration Suite
 CVE-2005-3525 (Stack-based buffer overflow in an ActiveX control for the installer ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2005-3522 (Cross-site scripting (XSS) vulnerability in index.jsp in ManageEngine ...)
 	NOT-FOR-US: ManageEngine NetflowAnalyzer
 CVE-2005-3521 (SQL injection vulnerability in resetcore.php in e107 0.617 through ...)
@@ -8694,7 +8692,7 @@
 	- ethereal 0.10.13-1 (bug #334880; medium)
 	NOTE: The ISAKMP issue only affects sid, the other three Woody and Sarge
 CVE-2005-3240 (Race condition in Microsoft Internet Explorer allows user-complicit ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2005-3238 (Multiple unspecified vulnerabilities in Solaris 10 SCTP Socket Option ...)
 	NOT-FOR-US: Solaris
 CVE-2005-3257 (The VT implementation (vt_ioctl.c) in Linux kernel 2.6.12, and ...)




More information about the Secure-testing-commits mailing list