[Secure-testing-commits] r5040 - data/CVE

Stefan Fritsch stef-guest at alioth.debian.org
Fri Dec 1 23:25:58 CET 2006 

Author: stef-guest
Date: 2006-12-01 23:25:55 +0100 (Fri, 01 Dec 2006)
New Revision: 5040

Modified:
   data/CVE/list
Log:
- CVE-2006-3122: dhcp issue still unfixed in sid
- CVE-2006-1066: linux issue already fixed
- CVE-2005-0378: horde3 issue already fixed
- some NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-12-01 22:01:02 UTC (rev 5039)
+++ data/CVE/list	2006-12-01 22:25:55 UTC (rev 5040)
@@ -671,7 +671,7 @@
 CVE-2006-5862 (Directory traversal vulnerability in the session mechanism of the web ...)
 	NOT-FOR-US: Network Administration Visualized
 CVE-2006-5861 (The Independent Management Architecture (IMA) service (ImaSrv.exe) in ...)
-	TODO: check
+	NOT-FOR-US: Citrix
 CVE-2006-5860
 	RESERVED
 CVE-2006-5859
@@ -687,11 +687,11 @@
 CVE-2006-5854
 	RESERVED
 CVE-2006-5853 (Cross-site scripting (XSS) vulnerability in logon.aspx in Immediacy ...)
-	TODO: check
+	NOT-FOR-US: Immediacy CMS
 CVE-2006-5852 (Untrusted search path vulnerability in openexec in OpenBase SQL before ...)
-	TODO: check
+	NOT-FOR-US: OpenBase SQL
 CVE-2006-5851 (openexec in OpenBase SQL before 10.0.1 allows local users to create ...)
-	TODO: check
+	NOT-FOR-US: OpenBase SQL
 CVE-2006-5850 (Stack-based buffer overflow in Essentia Web Server 2.15 for Windows ...)
 	NOT-FOR-US: Essentia Web Server
 CVE-2006-5849 (PHP remote file inclusion vulnerability in inc/irayofuncs.php in ...)
@@ -738,13 +738,13 @@
 CVE-2006-5829 (Multiple SQL injection vulnerabilities in All In One Control Panel ...)
 	NOT-FOR-US: All In One Control Panel (AIOCP)
 CVE-2006-5828 (SQL injection vulnerability in detail.php in DeltaScripts PHP ...)
-	TODO: check
+	NOT-FOR-US: PHP Classifieds
 CVE-2006-5827 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
-	TODO: check
+	NOT-FOR-US: phpComasy CMS
 CVE-2006-5826 (Buffer overflow in Texas Imperial Software WFTPD Pro Server 3.23.1.1 ...)
-	TODO: check
+	NOT-FOR-US: Texas Imperial Software WFTPD Pro Server
 CVE-2006-5825 (Cross-site scripting (XSS) vulnerability in index.php in Kayako ...)
-	TODO: check
+	NOT-FOR-US: Kayako SupportSuite
 CVE-2006-5824 (Integer overflow in the ffs_rdextattr function in FreeBSD 6.1 allows ...)
 	TODO: check
 CVE-2006-5823 (The zlib_inflate function in Linux kernel 2.6.x allows local users to ...)
@@ -752,11 +752,11 @@
 CVE-2006-5822
 	RESERVED
 CVE-2006-5821 (Heap-based buffer overflow in the IMA_SECURE_DecryptData1 function in ...)
-	TODO: check
+	NOT-FOR-US: Citrix
 CVE-2006-5820
 	RESERVED
 CVE-2006-5819 (Verity Ultraseek before 5.7 allows remote attackers to use the server ...)
-	TODO: check
+	NOT-FOR-US: Verity Ultraseek
 CVE-2006-5864 (Stack-based buffer overflow in the ps_gettext function in ps.c for GNU ...)
 	{DSA-1214}
 	- gv 1:3.6.2-2 (medium; bug #398292)
@@ -840,7 +840,7 @@
 CVE-2006-5783 (** DISPUTED ** ...)
 	NOTE: irreproducible firefox issue
 CVE-2006-5782 (radexecd.exe in HP OpenView Client Configuraton Manager (CCM) does not ...)
-	TODO: check
+	NOT-FOR-US: HP OpenView
 CVE-2006-5781 (Stack-based buffer overflow in the handshake function in iodine 0.3.2 ...)
 	NOT-FOR-US: iodine
 CVE-2006-5780 (Stack-based buffer overflow in nfsd.exe in XLink Omni-NFS Server 5.2 ...)
@@ -903,7 +903,7 @@
 CVE-2006-5751
 	RESERVED
 CVE-2006-5750 (Directory traversal vulnerability in JBoss Application Server ...)
-	TODO: check
+	NOT-FOR-US: JBoss
 CVE-2006-5749
 	RESERVED
 CVE-2006-5748 (Multiple unspecified vulnerabilities in the JavaScript engine in ...)
@@ -1389,7 +1389,7 @@
 CVE-2006-5520 (PHP remote file inclusion vulnerability in functions.php in ...)
 	NOT-FOR-US: PHP Classifieds
 CVE-2006-5519 (PHP remote file inclusion vulnerability in ...)
-	TODO: check
+	TODO: check egroupware
 CVE-2006-5518 (Multiple PHP remote file inclusion vulnerabilities in Christopher ...)
 	NOT-FOR-US: RSSonate
 CVE-2006-5517 (Multiple PHP remote file inclusion vulnerabilities in Rhode Island ...)
@@ -1587,7 +1587,7 @@
 CVE-2006-5443 (Unspecified vulnerability in XIAO Gang WWW Interactive Mathematics ...)
 	- wims 3.60-1 (bug #395102)
 CVE-2006-5442 (ViewVC 1.0.2 and earlier does not specify a charset in its HTTP ...)
-	TODO: check
+	TODO: check viewcvs
 CVE-2006-5441 (PHP remote file inclusion vulnerability in adminfoot.php in Comdev Web ...)
 	NOT-FOR-US: Comdev Web Blogger
 CVE-2006-5440 (PHP remote file inclusion vulnerability in adminfoot.php in Comdev ...)
@@ -3604,7 +3604,7 @@
 CVE-2006-4519
 	RESERVED
 CVE-2006-4518 (Qbik WinGate 6.1.4 and earlier allows remote attackers to cause a ...)
-	TODO: check
+	NOT-FOR-US: Qbik WinGate
 CVE-2006-4517 (Novell iManager 2.5 and 2.0.2 allows remote attackers to cause a ...)
 	NOT-FOR-US: Novell iManager
 CVE-2006-4516 (Integer signedness error in FreeBSD 6.0-RELEASE allows local users to ...)
@@ -4393,7 +4393,7 @@
 	{DSA-1196-1}
 	- clamav 0.88.5-1 (high; bug #393445)
 CVE-2006-4181 (Format string vulnerability in the sqllog function in the SQL ...)
-	TODO: check
+	NOT-FOR-US: GNU Radius 
 CVE-2006-4180
 	REJECTED
 CVE-2006-4179
@@ -4852,7 +4852,7 @@
 CVE-2006-3974
 	RESERVED
 CVE-2006-3973 (My Firewall Plus 5.0 Build 1119 does not verify if explorer.exe is ...)
-	TODO: check
+	NOT-FOR-US: My Firewall Plus
 CVE-2006-3972 (Directory traversal vulnerability in ...)
 	NOT-FOR-US: Ajax Chat
 CVE-2006-3971 (Cross-site scripting (XSS) vulnerability in ...)
@@ -5028,7 +5028,7 @@
 CVE-2006-3891
 	RESERVED
 CVE-2006-3890 (Stack-based buffer overflow in the Sky Software FileView ActiveX ...)
-	TODO: check
+	NOT-FOR-US: Sky Software FileView ActiveX
 CVE-2006-3889
 	RESERVED
 CVE-2006-3888 (Buffer overflow in AOL You've Got Pictures (YGP) Pic Downloader ...)
@@ -6769,7 +6769,7 @@
 	- cfs 1.4.1-17
 CVE-2006-3122 (The supersede_lease function in memory.c in ISC DHCP (dhcpd) server ...)
 	{DSA-1143-1}
-	TODO: check
+	- dhcp <unfixed> (bug #380273)
 CVE-2006-3121 (The peel_netstring function in cl_netstring.c in the heartbeat ...)
 	{DSA-1151-1}
 	- heartbeat-2 2.0.6-2
@@ -11755,7 +11755,7 @@
 	NOT-FOR-US: VXWorks
 CVE-2006-1066 (Linux kernel 2.6.16-rc2 and earlier, when running on x86_64 systems ...)
 	{DSA-1017-1}
-	TODO: check
+	- linux-2.6 2.6.16-1
 CVE-2006-1065 (SQL injection vulnerability in search.php in MyBulletinBoard (MyBB) ...)
 	NOT-FOR-US: MyBulletinBoard
 CVE-2006-1064 (Multiple cross-site scripting (XSS) vulnerabilities in Lurker 2.0 and ...)
@@ -24117,7 +24117,6 @@
 	NOT-FOR-US: Serendipity
 CVE-2005-1711 (Gibraltar Firewall 2.2 and earlier, when using the ClamAV update to ...)
 	NOT-FOR-US: Gibraltar Firewall
-	TODO: check, whether gibraltar-bootcd is in any way related/affected
 CVE-2005-1710 (Multiple cross-site scripting (XSS) vulnerabilities in Blue Coat ...)
 	NOT-FOR-US: Blue Coat
 CVE-2005-1709 (Unknown vulnerability in Blue Coat Reporter before 7.1.2 allows remote ...)
@@ -28975,7 +28974,7 @@
 	NOT-FOR-US: ZeroBoard
 CVE-2005-0378 (Multiple cross-site scripting (XSS) vulnerabilities in Horde 3.0 allow ...)
 	- horde2 <not-affected>
-	TODO: check horde3
+	- horde3 3.0.1-1
 CVE-2005-0377 (SQL injection vulnerability in imageview.php for SGallery 1.01 allows ...)
 	NOT-FOR-US: sgallery
 CVE-2005-0376 (PHP remote file inclusion vulnerability in SGallery 1.01 allows local ...)

More information about the Secure-testing-commits mailing list