[Secure-testing-commits] r4514 - data/CVE

Stefan Fritsch stef-guest at costa.debian.org
Sun Aug 6 20:22:12 UTC 2006 

Author: stef-guest
Date: 2006-08-06 20:22:10 +0000 (Sun, 06 Aug 2006)
New Revision: 4514

Modified:
   data/CVE/list
Log:
- CVE-2006-2935: linux issue (low)
- snort bugnum
- some NFUs



Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-08-06 19:50:03 UTC (rev 4513)
+++ data/CVE/list	2006-08-06 20:22:10 UTC (rev 4514)
@@ -1189,9 +1189,9 @@
 CVE-2006-3454
 	RESERVED
 CVE-2006-3453 (Buffer overflow in Adobe Acrobat 6.0 to 6.0.4 allows remote attackers ...)
-	TODO: check
+	NOT-FOR-US: Adobe acrobat
 CVE-2006-3452 (Adobe Reader and Acrobat 6.0.4 and earlier, on Mac OSX, has insecure ...)
-	TODO: check
+	NOT-FOR-US: Adobe acrobat
 CVE-2006-3451
 	RESERVED
 CVE-2006-3450
@@ -2283,7 +2283,8 @@
 	- linux-2.6 2.6.17-5 (low)
 	- linux-2.6.16 <unfixed> (low)
 CVE-2006-2935 (The dvd_read_bca function in the DVD handling code in ...)
-	TODO: check
+	- linux-2.6 2.6.17-5 (low)
+	- linux-2.6.16 <unfixed> (low)
 CVE-2006-2934 (SCTP conntrack (ip_conntrack_proto_sctp.c) in netfilter for Linux ...)
 	- linux-2.6 2.6.17-3
 	- linux-2.6.16 2.6.16-17
@@ -2321,17 +2322,17 @@
 CVE-2006-2919 (Unspecified vulnerability in Microsoft NetMeeting 3.01 allows remote ...)
 	NOT-FOR-US: Microsoft
 CVE-2006-2918 (The Lanap BotDetect APS.NET CAPTCHA component before 1.5.4.0 stores ...)
-	TODO: check
+	NOT-FOR-US: Lanap BotDetect APS.NET CAPTCHA component
 CVE-2006-2917 (Directory traversal vulnerability in the IMAP server in WinGate ...)
-	TODO: check
+	NOT-FOR-US: WinGate
 CVE-2006-2916 (artswrapper in aRts, when running setuid root on Linux 2.6.0 or later ...)
 	- arts 1.5.3-2 (bug #374003; low)
 	[sarge] - arts <not-affected> (Not setuid root in Debian)
 	NOTE: artswrapper is not suid root by default, but README.Debian describes it
 CVE-2006-2915 (Multiple SQL injection vulnerabilities in DeluxeBB 1.06 allow remote ...)
-	TODO: check
+	NOT-FOR-US: DeluxeBB
 CVE-2006-2914 (PHP remote file inclusion vulnerability in DeluxeBB 1.06 allows remote ...)
-	TODO: check
+	NOT-FOR-US: DeluxeBB
 CVE-2006-2913 (Cross-site scripting (XSS) vulnerability in SelectaPix 1.31 allows ...)
 	NOT-FOR-US: SelectaPix
 CVE-2006-2912 (Multiple SQL injection vulnerabilities in SelectaPix 1.31 allow remote ...)
@@ -2339,7 +2340,7 @@
 CVE-2006-2911 (SQL injection vulnerability in controlpanel/index.php in CMS Mundo before 1.0 ...)
 	NOT-FOR-US: CMS Mundo
 CVE-2006-2910 (Buffer overflow in jetAudio 6.2.6.8330 (Basic), and possibly other ...)
-	TODO: check
+	NOT-FOR-US: jetAudio
 CVE-2006-2909 (Stack-based buffer overflow in the info tip shell extension ...)
 	NOT-FOR-US: PicoZip
 CVE-2006-2908 (The domecode function in inc/functions_post.php in MyBulletinBoard ...)
@@ -2436,7 +2437,7 @@
 CVE-2006-2866 (PHP remote file inclusion vulnerability in layout/prepend.php in ...)
 	NOT-FOR-US: DotClear
 CVE-2006-2865 (** DISPUTED ** ...)
-	TODO: check
+	NOTE: phpbb2, but invalid
 CVE-2006-2864 (Multiple PHP remote file inclusion vulnerabilities in BlueShoes ...)
 	NOT-FOR-US: BlueShoes 
 CVE-2006-2863 (PHP remote file inclusion vulnerability in class.cs_phpmailer.php in ...)
@@ -2448,7 +2449,7 @@
 CVE-2006-2860 (PHP remote file inclusion vulnerability in Webspotblogging 3.0.1 ...)
 	NOT-FOR-US: Webspotblogging
 CVE-2006-2859 (** DISPUTED ** ...)
-	TODO: check
+	NOT-FOR-US: MyBloggie
 CVE-2006-2858 (SQL injection vulnerability in viewmsg.asp in LocazoList Classifieds ...)
 	NOT-FOR-US: LocazoList
 CVE-2006-2857 (SQL injection vulnerability in index.php in LifeType 1.0.4 allows ...)
@@ -2516,7 +2517,7 @@
 CVE-2006-2828 (Global variable overwrite vulnerability in PHP-Nuke allows remote ...)
 	NOT-FOR-US: PHP-Nuke
 CVE-2006-2827 (** DISPUTED ** ...)
-	TODO: check
+	NOT-FOR-US: X-Cart
 CVE-2006-2826 (SQL injection vulnerability in sessions.inc in PHP Base Library ...)
 	NOT-FOR-US: PHPLIB
 CVE-2006-2825 (cPanel does not automatically synchronize the PHP open_basedir ...)
@@ -2737,7 +2738,7 @@
 CVE-2006-2770 (Directory traversal vulnerability in randompic.php in pppBLOG 0.3.8 ...)
 	NOT-FOR-US: pppBLOG
 CVE-2006-2769 (The HTTP Inspect preprocessor (http_inspect) in Snort 2.4.0 through ...)
-	- snort <unfixed> (low; bug filed)
+	- snort <unfixed> (low; bug #381726)
 CVE-2006-2768 (PHP remote file inclusion vulnerability in METAjour 2.1, when ...)
 	NOT-FOR-US: METAjour
 CVE-2006-2767 (PHP remote file inclusion vulnerability in Ottoman 1.1.2, when ...)

More information about the Secure-testing-commits mailing list