[Secure-testing-commits] r4549 - data/CVE
Stefan Fritsch
stef-guest at costa.debian.org
Thu Aug 10 18:11:23 UTC 2006
Author: stef-guest
Date: 2006-08-10 18:11:14 +0000 (Thu, 10 Aug 2006)
New Revision: 4549
Modified:
data/CVE/list
Log:
- new ruby on rails issue fixed (medium)
- xulrunner fixed
- knowledgeroot had all problems fixed before first upload
- snort fixed
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-08-10 09:14:48 UTC (rev 4548)
+++ data/CVE/list 2006-08-10 18:11:14 UTC (rev 4549)
@@ -1,3 +1,5 @@
+CVE-2006-XXXX [unspecified vulnerability in ruby on rails]
+ - rails 1.1.5-1 (bug #382255; medium)
CVE-2006-4071 (Sign extension vulnerability in the createBrushIndirect function in ...)
TODO: check
CVE-2006-4070 (Format string vulnerability in Imendio Planner 0.13 allows ...)
@@ -551,7 +553,7 @@
CVE-2006-3812 (Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and ...)
NOTE: MFSA-2006-56
- mozilla <unfixed> (medium)
- - xulrunner <unfixed> (medium)
+ - xulrunner 1.8.0.5-1 (medium)
- mozilla-firefox <removed> (medium)
- firefox 1.5.dfsg+1.5.0.5-1 (medium)
- thunderbird <unfixed> (unimportant)
@@ -559,7 +561,7 @@
CVE-2006-3811 (Multiple vulnerabilities in Mozilla Firefox before 1.5.0.5, ...)
NOTE: MFSA-2006-55
- mozilla <unfixed> (high)
- - xulrunner <unfixed> (high)
+ - xulrunner 1.8.0.5-1 (high)
- mozilla-firefox <removed> (high)
- firefox 1.5.dfsg+1.5.0.5-1 (high)
- thunderbird <unfixed> (medium)
@@ -567,7 +569,7 @@
CVE-2006-3810 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox 1.5 before ...)
NOTE: MFSA-2006-54
- mozilla <not-affected> (mozilla 1.7 not affected)
- - xulrunner <unfixed> (high)
+ - xulrunner 1.8.0.5-1 (high)
- mozilla-firefox <not-affected> (only firefox >= 1.5)
- firefox 1.5.dfsg+1.5.0.5-1 (high)
- thunderbird <unfixed> (medium)
@@ -575,7 +577,7 @@
CVE-2006-3809 (Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and ...)
NOTE: MFSA-2006-53
- mozilla <unfixed> (medium)
- - xulrunner <unfixed> (medium)
+ - xulrunner 1.8.0.5-1 (medium)
- mozilla-firefox <removed> (medium)
- firefox 1.5.dfsg+1.5.0.5-1 (medium)
- thunderbird <unfixed> (medium)
@@ -583,13 +585,13 @@
CVE-2006-3808 (Mozilla Firefox before 1.5.0.5 and SeaMonkey before 1.0.3 allows ...)
NOTE: MFSA-2006-52
- mozilla <unfixed> (medium)
- - xulrunner <unfixed> (medium)
+ - xulrunner 1.8.0.5-1 (medium)
- mozilla-firefox <removed> (medium)
- firefox 1.5.dfsg+1.5.0.5-1 (medium)
CVE-2006-3807 (Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and ...)
NOTE: MFSA-2006-51
- mozilla <unfixed> (high)
- - xulrunner <unfixed> (high)
+ - xulrunner 1.8.0.5-1 (high)
- mozilla-firefox <removed> (high)
- firefox 1.5.dfsg+1.5.0.5-1 (high)
- thunderbird <unfixed> (medium)
@@ -597,7 +599,7 @@
CVE-2006-3806 (Multiple integer overflows in the Javascript engine in Mozilla Firefox ...)
NOTE: MFSA-2006-50
- mozilla <unfixed> (high)
- - xulrunner <unfixed> (high)
+ - xulrunner 1.8.0.5-1 (high)
- mozilla-firefox <removed> (high)
- firefox 1.5.dfsg+1.5.0.5-1 (high)
- thunderbird <unfixed> (medium)
@@ -605,7 +607,7 @@
CVE-2006-3805 (The Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird ...)
NOTE: MFSA-2006-50
- mozilla <unfixed> (high)
- - xulrunner <unfixed> (high)
+ - xulrunner 1.8.0.5-1 (high)
- mozilla-firefox <removed> (high)
- firefox 1.5.dfsg+1.5.0.5-1 (high)
- thunderbird <unfixed> (medium)
@@ -618,7 +620,7 @@
CVE-2006-3803 (Race condition in the JavaScript garbage collection in Mozilla Firefox ...)
NOTE: MFSA-2006-48
- mozilla <not-affected> (mozilla 1.7 not affected)
- - xulrunner <unfixed> (high)
+ - xulrunner 1.8.0.5-1 (high)
- mozilla-firefox <not-affected> (only firefox >= 1.5)
- firefox 1.5.dfsg+1.5.0.5-1 (high)
- thunderbird <unfixed> (medium)
@@ -626,7 +628,7 @@
CVE-2006-3802 (Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and ...)
NOTE: MFSA-2006-47
- mozilla <not-affected> (mozilla 1.7 not affected)
- - xulrunner <unfixed> (medium)
+ - xulrunner 1.8.0.5-1 (medium)
- mozilla-firefox <not-affected> (only firefox >= 1.5)
- firefox 1.5.dfsg+1.5.0.5-1 (medium)
- thunderbird <unfixed> (medium)
@@ -637,7 +639,7 @@
- mozilla-thunderbird <not-affected> (only firefox >= 1.5)
- mozilla <not-affected> (mozilla 1.7 not affected)
- firefox 1.5.dfsg+1.5.0.5-1 (high)
- - xulrunner <unfixed> (high)
+ - xulrunner 1.8.0.5-1 (high)
- thunderbird <unfixed> (medium)
CVE-2006-3800 (Cross-site scripting (XSS) vulnerability in Amazing Flash AFCommerce ...)
NOT-FOR-US: AFCommerce
@@ -909,7 +911,7 @@
CVE-2006-3677 (Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 allows ...)
NOTE: MFSA-2006-45
- mozilla <not-affected> (mozilla 1.7 not affected)
- - xulrunner <unfixed> (high)
+ - xulrunner 1.8.0.5-1 (high)
- mozilla-firefox <not-affected> (only firefox >= 1.5)
- firefox 1.5.dfsg+1.5.0.5-1 (high)
- thunderbird <not-affected>
@@ -1078,7 +1080,8 @@
CVE-2006-3603 (Cross-site scripting (XSS) vulnerability in index.php in FlexWATCH ...)
NOT-FOR-US: FlexWATCH Network Camera
CVE-2006-3602 (Directory traversal vulnerability in ...)
- TODO: check wordpress, moodle, knowledgeroot
+ TODO: check wordpress, moodle
+ - knowledgeroot <not-affected> (fixed before first upload; see bug #381912)
CVE-2006-3601 (** UNVERIFIABLE ** ...)
NOT-FOR-US: DotNetNuke
CVE-2006-3600 (Multiple stack-based buffer overflows in the LookupTRM::lookup ...)
@@ -1578,7 +1581,7 @@
CVE-2006-3363 (PHP remote file inclusion vulnerability in index.php in the Glossaire ...)
NOT-FOR-US: Glossaire for Xoops
CVE-2006-3362 (connectors/php/connector.php in FCKeditor mcpuk file manager, as used ...)
- - knowledgeroot <unfixed> (bug #381912)
+ - knowledgeroot <not-affected> (fixed before first upload; see bug #381912)
CVE-2006-3361 (PHP remote file inclusion vulnerability in Stud.IP 1.3.0-2 and ...)
NOT-FOR-US: Stud.IP
CVE-2006-3360 (Directory traversal vulnerability in index.php in phpSysInfo 2.5.1 ...)
@@ -2109,7 +2112,7 @@
CVE-2006-3113 (Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and ...)
NOTE: MFSA-2006-46
- mozilla <not-affected> (mozilla 1.7 not affected)
- - xulrunner <unfixed> (high)
+ - xulrunner 1.8.0.5-1 (high)
- mozilla-firefox <not-affected> (only firefox >= 1.5)
- firefox 1.5.dfsg+1.5.0.5-1 (high)
- thunderbird <unfixed> (medium)
@@ -2952,7 +2955,7 @@
CVE-2006-2770 (Directory traversal vulnerability in randompic.php in pppBLOG 0.3.8 ...)
NOT-FOR-US: pppBLOG
CVE-2006-2769 (The HTTP Inspect preprocessor (http_inspect) in Snort 2.4.0 through ...)
- - snort <unfixed> (low; bug #381726)
+ - snort 2.3.3-8 (low; bug #381726)
CVE-2006-2768 (PHP remote file inclusion vulnerability in METAjour 2.1, when ...)
NOT-FOR-US: METAjour
CVE-2006-2767 (PHP remote file inclusion vulnerability in Ottoman 1.1.2, when ...)
@@ -3486,7 +3489,7 @@
CVE-2006-2530 (avatar_upload.asp in Avatar MOD 1.3 for Snitz Forums 3.4, and possibly ...)
NOT-FOR-US: Snitz mod
CVE-2006-2529 (editor/filemanager/upload/php/upload.php in FCKeditor before 2.3 Beta, ...)
- TODO: check knowledgeroot
+ - knowledgeroot <not-affected> (fixed before first upload; see bug #381912)
CVE-2006-2528 (PHP remote file inclusion vulnerability in classified_right.php in ...)
NOT-FOR-US: phpBazar
CVE-2006-2527 (Admin/admin.php in phpBazar 2.1.0 and earlier allows remote attackers ...)
@@ -7364,7 +7367,7 @@
CVE-2006-0922 (CubeCart 3.0 through 3.6 does not properly check authorization for an ...)
NOT-FOR-US: CubeCart
CVE-2006-0921 (Multiple directory traversal vulnerabilities in connector.php in ...)
- TODO: check knowledgeroot
+ - knowledgeroot <not-affected> (fixed before first upload; see bug #381912)
CVE-2006-0920 (Oi! Email Marketing System 3.0 (aka Oi! 3) stores the server's FTP ...)
NOT-FOR-US: Oi! Email Marketing System
CVE-2006-0919 (SQL injection vulnerability in index.php (aka the login page) in Oi! ...)
@@ -7985,7 +7988,7 @@
CVE-2006-0659 (Multiple PHP remote file include vulnerabilities in RunCMS 1.2 and ...)
NOT-FOR-US: Runcms
CVE-2006-0658 (Incomplete blacklist vulnerability in connector.php in FCKeditor 2.0 ...)
- TODO: check knowledgeroot
+ - knowledgeroot <not-affected> (fixed before first upload; see bug #381912)
CVE-2006-0657 (Cross-site scripting (XSS) vulnerability in Softcomplex PHP Event ...)
NOT-FOR-US: Softcomplex
CVE-2006-0656 (Directory traversal vulnerability in HP Systems Insight Manager 4.2 ...)
@@ -9635,9 +9638,11 @@
CVE-2005-4602 (SQL injection vulnerability in inc/function_upload.php in MyBB before ...)
NOT-FOR-US: MyBB
CVE-2005-4600 (tiny_mce_gzip.php in TinyMCE Compressor PHP before 1.06 allows remote ...)
- TODO: check wordpress, moodle, knowledgeroot
+ TODO: check wordpress, moodle
+ - knowledgeroot <not-affected> (fixed before first upload; see bug #381912)
CVE-2005-4599 (Cross-site scripting (XSS) vulnerability in tiny_mce_gzip.php in ...)
- TODO: check wordpress, moodle, knowledgeroot
+ TODO: check wordpress, moodle
+ - knowledgeroot <not-affected> (fixed before first upload; see bug #381912)
CVE-2005-4598 (Cross-site scripting (XSS) vulnerability in home.php in OoApp ...)
NOT-FOR-US: OoApp Guestbook
CVE-2005-4597 (Cross-site scripting (XSS) vulnerability in index.php in iPei ...)
@@ -10793,10 +10798,8 @@
NOT-FOR-US: Apache James
CVE-2005-4095 (Directory traversal vulnerability in connector.php in the ...)
NOT-FOR-US: DoceboLMS
- TODO: check knowledgeroot
CVE-2005-4094 (connector.php in the fckeditor2rc2 addon in DoceboLMS 2.0.4 allows ...)
NOT-FOR-US: DoceboLMS
- TODO: check knowledgeroot
CVE-2005-4093 (Check Point VPN-1 SecureClient NG with Application Intelligence R56, ...)
NOT-FOR-US: Check Point
CVE-2005-4092 (Multiple heap-based buffer overflows in QuickTime.qts in Apple ...)
@@ -23078,8 +23081,7 @@
CVE-2005-0614 (sessions.php in phpBB 2.0.12 and earlier allows remote attackers to ...)
- phpbb2 2.0.13-1
CVE-2005-0613 (Unknown vulnerability in FCKeditor 2.0 RC2, when used with PHP-Nuke, ...)
- NOT-FOR-US: FCKeditor
- TODO: check knowledgeroot
+ - knowledgeroot <not-affected> (fixed before first upload; see bug #381912)
CVE-2005-0612 (Cisco IP/VC Videoconferencing System 3510, 3520, 3525 and 3530 contain ...)
NOT-FOR-US: Cisco
CVE-2005-0611 (Heap-based buffer overflow in RealNetworks RealPlayer 10.5 ...)
More information about the Secure-testing-commits
mailing list