[Secure-testing-commits] r4505 - data/CVE
Stefan Fritsch
stef-guest at costa.debian.org
Sat Aug 5 09:19:55 UTC 2006
Author: stef-guest
Date: 2006-08-05 09:19:53 +0000 (Sat, 05 Aug 2006)
New Revision: 4505
Modified:
data/CVE/list
Log:
- CVE-2006-3274: webmin not affected
- CVE-2006-3355: new mpg123 issue (medium)
- CVE-2006-3376: new libwmf issue (medium)
- CVE-2006-3392: new webmin issue not fixed in sarge
- CVE-2006-3467: new freetype issue not fixed in sarge
- CVE-2006-3819: twiki not affected
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-08-05 08:38:40 UTC (rev 4504)
+++ data/CVE/list 2006-08-05 09:19:53 UTC (rev 4505)
@@ -184,7 +184,7 @@
CVE-2006-3881 (Cross-site scripting (XSS) vulnerability in Shalwan MusicBox 2.3.4 and ...)
NOT-FOR-US: Shalwan MusicBox
CVE-2006-3880 (** DISPUTED ** ...)
- TODO: check
+ NOT-FOR-US: Zen Cart
CVE-2006-3879 (Integer overflow in the loadChunk function in loaders/load_gt2.c in ...)
- libmikmod2 <unfixed> (bug #381379)
CVE-2006-3878 (Opsware Network Automation System (NAS) 6.0 installs /etc/init.d/mysql ...)
@@ -321,7 +321,7 @@
CVE-2006-3820 (Cross-site scripting (XSS) vulnerability in loudblog/index.php in ...)
NOT-FOR-US: Loudblog
CVE-2006-3819 (Eval injection vulnerability in the configure script in TWiki 4.0.0 ...)
- TODO: check
+ - twiki <not-affected> (only 4.0.x is affected)
CVE-2006-3818
RESERVED
CVE-2006-3817
@@ -1140,7 +1140,7 @@
- linux-2.6 <unfixed>
- linux-2.6.16 <unfixed>
CVE-2006-3467 (Integer overflow in FreeType before 2.2 allows remote attackers to ...)
- TODO: check
+ - freetype 2.2.1-1 (bug #379920; medium)
CVE-2006-3466
REJECTED
CVE-2006-3465 [libtiff: flaw in custom tag support]
@@ -1306,7 +1306,7 @@
CVE-2006-3393 (Papyrus NASCAR Racing 4 4.1.3.1.6 and earlier, 2002 Season 1.1.0.2 and ...)
NOT-FOR-US: Papyrus NASCAR Racing
CVE-2006-3392 (Webmin before 1.290 and Usermin before 1.220 calls the simplify_path ...)
- TODO: check
+ - webmin <unfixed> (medium; bug #381537)
CVE-2006-3391 (The Execute function in iMBCContents ActiveX Control before 2.0.0.59 ...)
NOT-FOR-US: iMBCContents
CVE-2006-3390 (WordPress 2.0.3 allows remote attackers to obtain the installation ...)
@@ -1339,7 +1339,7 @@
CVE-2006-3377 (Cross-site scripting (XSS) vulnerability in JMB Software AutoRank PHP ...)
NOT-FOR-US: JMB Software AutoRank PHP
CVE-2006-3376 (Integer overflow in player.c in libwmf 0.2.8.4, as used in multiple ...)
- TODO: check
+ - libwmf <unfixed> (bug filed; medium)
CVE-2006-3375 (PHP remote file inclusion vulnerability in includes/header.inc.php in ...)
NOT-FOR-US: Randshop
CVE-2006-3374 (PHP remote file inclusion vulnerability in index.php in Randshop 1.2 ...)
@@ -1381,7 +1381,7 @@
CVE-2006-3356 (The TIFFFetchAnyArray function in ImageIO in Apple OS X 10.4.7 and ...)
TODO: check
CVE-2006-3355 (Heap-based buffer overflow in httpdget.c in mpg123 before 0.59s-rll ...)
- TODO: check
+ - mpg123 <unfixed> (bug #377264; medium)
CVE-2006-3354 (Microsoft Internet Explorer 6 allows remote attackers to cause a ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3353 (Opera 9 allows remote attackers to cause a denial of service (crash) ...)
@@ -1562,7 +1562,7 @@
CVE-2006-3275 (SQL injection vulnerability in profile.php in YaBB SE 1.5.5 and ...)
NOT-FOR-US: YaBB
CVE-2006-3274 (Directory traversal vulnerability in Webmin before 1.280, when run on ...)
- TODO: check
+ - webmin <not-affected> (only windows)
CVE-2006-3273 (Cross-site scripting (XSS) vulnerability in menu.php in Some Chess 1.5 ...)
NOT-FOR-US: Some Chess
CVE-2006-3272 (Cross-site request forgery (CSRF) vulnerability in menu.php in Some ...)
More information about the Secure-testing-commits
mailing list