[Secure-testing-commits] r4509 - in data: CVE DSA

Moritz Muehlenhoff jmm-guest at costa.debian.org
Sun Aug 6 12:17:39 UTC 2006 

Author: jmm-guest
Date: 2006-08-06 12:17:37 +0000 (Sun, 06 Aug 2006)
New Revision: 4509

Modified:
   data/CVE/list
   data/DSA/list
Log:
not-affected entries


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-08-05 20:03:10 UTC (rev 4508)
+++ data/CVE/list	2006-08-06 12:17:37 UTC (rev 4509)
@@ -1319,6 +1319,7 @@
 	- wordpress <unfixed> (unimportant)
 CVE-2006-3388 (Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.8.2 ...)
 	- phpmyadmin 4:2.8.2-0.1 (bug #377748; low)
+	[sarge] - phpmyadmin <not-affected> (Vulnerable code not present)
 CVE-2006-3387 (Directory traversal vulnerability in sources/post.php in Fusion News ...)
 	NOT-FOR-US: Fusion News
 CVE-2006-3386 (index.php in Vincent Leclercq News 5.2 allows remote attackers to ...)
@@ -2367,6 +2368,7 @@
 	{DSA-1126}
 	- asterisk 1:1.2.10.dfsg-2 (bug #380054)
 	- iax 0.2.2-5
+	[sarge] - iax <not-affected> (Vulnerable code not present)
 	- iaxmodem 0.1.8.dfsg-2
 CVE-2006-2897 (Cross-site scripting (XSS) vulnerability in FunkBoard 0.71 allows ...)
 	NOT-FOR-US: Funkboard
@@ -3501,6 +3503,7 @@
 	- phpmyadmin 4:2.8.1-1 (bug #368082; medium)
 CVE-2006-2417 (Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.x before ...)
 	- phpmyadmin 4:2.8.1-1 (bug #368082; medium)
+	[sarge] - phpmyadmin <not-affected> (Vulnerable code not present)
 CVE-2006-2416 (SQL injection vulnerability in class2.php in e107 0.7.2 and earlier ...)
 	NOT-FOR-US: e107
 CVE-2006-2415 (Multiple cross-site scripting (XSS) vulnerabilities in FlexChat 2.0 ...)
@@ -4368,6 +4371,7 @@
 	NOT-FOR-US: Core
 CVE-2006-2031 (Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin ...)
 	- phpmyadmin 4:2.8.1-1 (bug #363519; low)
+	[sarge] - phpmyadmin <not-affected> (Vulnerable code not present)
 CVE-2006-2030 (The Allied Telesyn AT-9724TS switch allows remote attackers to cause a ...)
 	NOT-FOR-US: Allied Telesyn
 CVE-2006-2029 (Multiple SQL injection vulnerabilities in Jeremy Ashcraft Simplog ...)
@@ -6355,6 +6359,7 @@
 	NOT-FOR-US: Maian Support
 CVE-2006-1258 (Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.1 allows ...)
 	- phpmyadmin 4:2.8.0.2-2	
+	[sarge] - phpmyadmin <not-affected> (Vulnerable code not present)
 CVE-2006-1257 (The sample files in the authfiles directory in Microsoft Commerce ...)
 	NOT-FOR-US: Microsoft
 CVE-2006-1256 (Cross-site scripting (XSS) vulnerability in guestbook.php in Soren ...)
@@ -14751,7 +14756,8 @@
 CVE-2005-2685 (SaveWebPortal 3.4 allows remote attackers to execute arbitrary PHP ...)
 	NOT-FOR-US: SaveWebPortal
 CVE-2005-XXXX [Insecure temp files in firehol]
-	- firehol 1.231-4 (low)
+	- firehol 1.231-4 (unimportant)
+	NOTE: Only exploitable inside modified binary installation
 CVE-2005-2684 (nquser.php in Virtual Edge Netquery 3.11 allows remote attackers to ...)
 	NOT-FOR-US: Virtual Edge Netquery
 CVE-2005-2683 (Multiple SQL injection vulnerabilities in PHPKit 1.6.1 allow remote ...)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2006-08-05 20:03:10 UTC (rev 4508)
+++ data/DSA/list	2006-08-06 12:17:37 UTC (rev 4509)
@@ -1047,7 +1047,7 @@
 	[sarge] - openssl096 0.9.6m-1sarge1
 	NOTE: fixed in testing at time of DSA (not present in testing/sid anymore)
 [02 Nov 2005] DSA-880-1 phpmyadmin - several
-	{CVE-2005-2869 CVE-2005-3300 CVE-2005-3301}
+	{CVE-2005-2869 CVE-2005-3300 CVE-2005-3301 CVE-2005-3787}
 	[woody] - phpmyadmin <unfixed>
 	[sarge] - phpmyadmin 4:2.6.2-3sarge1
 	NOTE: fixed in testing at time of DSA

More information about the Secure-testing-commits mailing list