[Secure-testing-commits] r4510 - data/CVE

Moritz Muehlenhoff jmm-guest at costa.debian.org
Sun Aug 6 16:44:31 UTC 2006 

Author: jmm-guest
Date: 2006-08-06 16:44:29 +0000 (Sun, 06 Aug 2006)
New Revision: 4510

Modified:
   data/CVE/list
Log:
chmlib is affected by older problem
libnasl no-dsa
checked two evolution problems to not affect Sarge


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-08-06 12:17:37 UTC (rev 4509)
+++ data/CVE/list	2006-08-06 16:44:29 UTC (rev 4510)
@@ -1761,9 +1761,7 @@
 CVE-2006-3179 (Cross-site scripting (XSS) vulnerability in tools_ftp_pwaendern.php in ...)
 	NOT-FOR-US: Confixx Pro
 CVE-2006-3178 (Directory traversal vulnerability in extract_chmLib example program in ...)
-	NOTE: not a security bug in the library, but rather in one of the uncompiled
-	NOTE: sample programs distributed in /usr/share/doc/libchm-dev/examples
-	- chmlib 0.38-1 (bug #374085; unimportant)
+	- chmlib 0.38-1 (bug #374085; low)
 CVE-2006-3177 (PHP remote file inclusion vulnerability in Admin/rtf_parser.php in The ...)
 	NOT-FOR-US: The Bible Portal Project
 CVE-2006-3176 (SQL injection vulnerability in xarancms_haupt.php in xarancms 2.0 ...)
@@ -2622,6 +2620,7 @@
 	NOT-FOR-US: Sun StorADE
 CVE-2006-2789 (Evolution 2.2.x and 2.3.x in GNOME 2.7 and 2.8, when "load images if ...)
 	- evolution 2.4.0-1 (low)
+	[sarge] - evolution <not-affected> (Not reproducible on Sarge's evolution)
 	NOTE: Verified that the patch has been applied in 2.4.0-1,
 	NOTE: may have been fixed earlier.
 CVE-2006-2788 (Double-free vulnerability in the getRawDER function for nsIX509Cert in ...)
@@ -4237,6 +4236,7 @@
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2006-2093 (Nessus before 2.2.8, and 3.x before 3.0.3, allows user-complicit ...)
 	- libnasl 2.2.8-1 (bug #365898; low)
+	[sarge] - libnasl <no-dsa> (Hardly exploitable, see #365898)
 CVE-2006-2092 (Unspecified vulnerability in HP StorageWorks Secure Path for Windows ...)
 	NOT-FOR-US: HP
 CVE-2006-2091 (admin.php in Virtual War (VWar) 1.5 and versions before 1.2 allows ...)
@@ -9733,6 +9733,7 @@
 	RESERVED
 CVE-2006-0040 (GNOME Evolution 2.4.2.1 and earlier allows remote attackers to cause a ...)
 	- evolution <unfixed>
+	[sarge] - evolution <not-affected> (Not reproducable on Sarge)
 CVE-2006-0039 (Race condition in the do_add_counters function in netfilter for Linux ...)
 	{DSA-1103 DSA-1097-1}
 	- linux-2.6 2.6.16-14

More information about the Secure-testing-commits mailing list