[Secure-testing-commits] r5114 - data/CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Wed Dec 13 19:16:09 CET 2006 

Author: jmm-guest
Date: 2006-12-13 19:16:07 +0100 (Wed, 13 Dec 2006)
New Revision: 5114

Modified:
   data/CVE/list
Log:
one new unimportant kdegraphics issue
xine-lib fixed
enemies-of-carlotta fixed
many NMUs (please work on open TODOs, now is the right time!)


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-12-13 08:14:22 UTC (rev 5113)
+++ data/CVE/list	2006-12-13 18:16:07 UTC (rev 5114)
@@ -1,7 +1,7 @@
 CVE-2006-6495 (Stack-based buffer overflow in ld.so.1 in Sun Solaris 8, 9, and 10 ...)
-	TODO: check
+	NOT-FOR-US: Solaris
 CVE-2006-6494 (Directory traversal vulnerability in ld.so.1 in Sun Solaris 8, 9, and ...)
-	TODO: check
+	NOT-FOR-US: Solaris
 CVE-2006-6493 (Buffer overflow in the krbv4_ldap_auth function vin ...)
 	TODO: check
 CVE-2006-6492
@@ -21,19 +21,19 @@
 CVE-2006-6485 (Multiple cross-site scripting (XSS) vulnerabilities in ShopSite 8.1 ...)
 	TODO: check
 CVE-2006-6484 (The IMAP service for MailEnable Professional and Enterprise Edition ...)
-	TODO: check
+	NOT-FOR-US: MailEnable
 CVE-2006-6483 (Adobe ColdFusion MX7 does not properly filter HTML tags when ...)
-	TODO: check
+	NOT-FOR-US: ColdFusion
 CVE-2006-6482 (Adobe ColdFusion MX7 allows remote attackers to obtain sensitive ...)
-	TODO: check
+	NOT-FOR-US: ColdFusion
 CVE-2006-6481 (Clam AntiVirus (ClamAV) 0.88.6 allows remote attackers to cause a ...)
-	TODO: check
+	- clamav 0.88.7-1 (low)
 CVE-2006-6480 (admin/admin_membre/fiche_membre.php in AnnonceScriptHP 2.0 allows ...)
-	TODO: check
+	NOT-FOR-US: AnnonceScriptHP
 CVE-2006-6479 (Multiple cross-site scripting (XSS) vulnerabilities in AnnonceScriptHP ...)
-	TODO: check
+	NOT-FOR-US: AnnonceScriptHP
 CVE-2006-6478 (Multiple SQL injection vulnerabilities in AnnonceScriptHP 2.0 allow ...)
-	TODO: check
+	NOT-FOR-US: AnnonceScriptHP
 CVE-2006-6477
 	RESERVED
 CVE-2006-6476
@@ -143,7 +143,7 @@
 CVE-2006-6424
 	RESERVED
 CVE-2006-6423 (Stack-based buffer overflow in the IMAP service for MailEnable ...)
-	TODO: check
+	NOT-FOR-US: MailEnable
 CVE-2006-6422 (Agileco AgileBill 1.4.x and AgileVoice 1.4.x do not properly handle ...)
 	TODO: check
 CVE-2006-6421 (Cross-site scripting (XSS) vulnerability in the private message box ...)
@@ -253,40 +253,39 @@
 CVE-2000-1242 (The HTTP service in American Power Conversion (APC) PowerChute uses a ...)
 	TODO: check
 CVE-2006-6385 (Stack-based buffer overflow in Intel PRO 10/100, PRO/1000, and ...)
-	- linux-2.6 <not-affected> (Affects only Windows despite other claims)
+	NOT-FOR-US: Affects only Windows despite other claims
 CVE-2006-6368 (PHP remote file inclusion vulnerability in login.php.inc in awrate 1.0 ...)
 	TODO: check
 CVE-2006-6367 (Multiple SQL injection vulnerabilities in detail.asp in DUware ...)
-	TODO: check
+	NOT-FOR-US: Duware
 CVE-2006-6366 (Cross-site scripting (XSS) vulnerability in ...)
 	TODO: check
 CVE-2006-6365 (SQL injection vulnerability in detail.asp in DUware DUpaypal 3.1, and ...)
-	TODO: check
+	NOT-FOR-US: Duware
 CVE-2006-6364 (Cross-site scripting (XSS) vulnerability in error.php in Inside ...)
 	TODO: check
 CVE-2006-6363 (Cross-site scripting (XSS) vulnerability in admin.pl in BlueSocket ...)
 	TODO: check
 CVE-2006-6362
 	REJECTED
-	TODO: check
 CVE-2006-6361 (Heap-based buffer overflow in the uploadprogress_php_rfc1867_file ...)
-	TODO: check
+	NOT-FOR-US: Bitflux Upload Progress Mete
 CVE-2006-6360 (PHP remote file inclusion vulnerability in activate.php in PHP Upload ...)
-	TODO: check
+	NOT-FOR-US: PHP Upload Center
 CVE-2006-6359 (Cross-site scripting (XSS) vulnerability in Stefan Frech ...)
 	TODO: check
 CVE-2006-6358 (SQL injection vulnerability in the login function in auth.inc in ...)
 	TODO: check
 CVE-2006-6357 (Cross-site scripting (XSS) vulnerability in templates/cat_temp.php in ...)
-	TODO: check
+	NOT-FOR-US: PHPNews
 CVE-2006-6356 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
-	TODO: check
+	NOT-FOR-US: PHPNews
 CVE-2006-6355 (SQL injection vulnerability in default.asp in DuWare DuClassmate ...)
-	TODO: check
+	NOT-FOR-US: DuWare
 CVE-2006-6354 (Multiple SQL injection vulnerabilities in detail.asp in DuWare DuNews ...)
-	TODO: check
+	NOT-FOR-US: DuWare
 CVE-2006-6353 (Multiple unspecified vulnerabilities in BOMArchiveHelper in Mac OS X ...)
-	TODO: check
+	NOT-FOR-US: Mac OS X
 CVE-2006-6352 (FRISK Software F-Prot Antivirus before 4.6.7 allows user-assisted ...)
 	NOT-FOR-US: F-Prot Antivirus
 CVE-2006-6351 (KhaledMuratList stores sensitive data under the web root with ...)
@@ -312,7 +311,7 @@
 CVE-2006-6341 (Multiple PHP remote file inclusion vulnerabilities in mg.applanix ...)
 	TODO: check
 CVE-2006-6340 (keystone.exe in nVIDIA nView allows attackers to cause a denial of ...)
-	TODO: check
+	NOT-FOR-US: nVIDIA nView 
 CVE-2006-6339 (SQL injection vulnerability in sites/index.php in deV!L`z Clanportal ...)
 	TODO: check
 CVE-2006-6338 (Unrestricted file upload vulnerability in upload/index.php in deV!L`z ...)
@@ -372,15 +371,15 @@
 CVE-2006-6312
 	RESERVED
 CVE-2006-6311 (Microsoft Internet Explorer 6.0.2900.2180 allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2006-6310 (Microsoft Internet Explorer 6.0 SP1 and earlier allows remote ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2006-6309 (Multiple array index errors in IBM Tivoli Storage Manager (TSM) before ...)
-	TODO: check
+	NOT-FOR-US: Tivoli
 CVE-2006-6308 (** DISPUTED ** ...)
-	TODO: check
+	NOT-FOR-US: Symantec LiveState 
 CVE-2006-6307 (srvloc.sys in Novell Client for Windows before 4.91 SP3 allows remote ...)
-	TODO: check
+	NOT-FOR-US: Novell Netware
 CVE-2006-6306 (Format string vulnerability in Novell Modular Authentication Services ...)
 	TODO: check
 CVE-2006-6305 (Unspecified vulnerability in Net-SNMP 5.3 before 5.3.0.1, when ...)
@@ -398,7 +397,8 @@
 CVE-2006-6298 (SQL injection vulnerability in uye_giris_islem.asp in Metyus Okul ...)
 	TODO: check
 CVE-2006-6297 (Stack overflow in the KFILE JPEG (kfile_jpeg) plugin in kdegraphics 3, ...)
-	TODO: check
+	- kdegraphics <unfixed> (unimportant)
+	NOTE: Generic bug, treating it as a security problem is quite a stretch
 CVE-2006-6296 (The RpcGetPrinterData function in the Print Spooler (spoolsv.exe) ...)
 	TODO: check
 CVE-2006-6295 (PHP remote file inclusion vulnerability in includes/mx_common.php in ...)
@@ -665,7 +665,7 @@
 CVE-2006-6173 (Buffer overflow in the shared_region_make_private_np function in ...)
 	NOT-FOR-US: Mac OS X 
 CVE-2006-6172 (Buffer overflow in the asmrp_eval function for Real Media input plugin ...)
-	- xine-lib <unfixed> (medium; bug #401740)
+	- xine-lib 1.1.2+dfsg-2 (medium; bug #401740)
 	TODO: check usual suspects (ffmpeg, ...)
 CVE-2006-6171 (** DISPUTED ** ...)
 	{DSA-1218}
@@ -1307,8 +1307,9 @@
 	RESERVED
 CVE-2006-5876
 	RESERVED
-CVE-2006-5875
+CVE-2006-5875 [EoC shell command injection]
 	RESERVED
+	- enemies-of-carlotta 1.2.4-1 (medium)
 CVE-2006-5874 (Clam AntiVirus (ClamAV) 0.88 and earlier allows remote attackers to ...)
 	{DSA-1232-1}
 	- clamav 0.86-1

More information about the Secure-testing-commits mailing list