[Secure-testing-commits] r5125 - data/CVE
Moritz Muehlenhoff
jmm-guest at alioth.debian.org
Fri Dec 15 17:12:02 CET 2006
Author: jmm-guest
Date: 2006-12-15 17:11:59 +0100 (Fri, 15 Dec 2006)
New Revision: 5125
Modified:
data/CVE/list
Log:
new gdm issue
xine-lib issue only in xine
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-12-15 11:48:23 UTC (rev 5124)
+++ data/CVE/list 2006-12-15 16:11:59 UTC (rev 5125)
@@ -331,7 +331,7 @@
- linux-2.6 <unfixed>
[etch] - linux-2.6 <not-affected> (Only affects 2.6.19, introduced after 2.6.18)
CVE-2006-6332 (Stack-based buffer overflow in net80211/ieee80211_wireless.c in ...)
- - madwifi 1:0.9.2+r1842.20061207-2
+ - madwifi 1:0.9.2+r1842.20061207-2 (high; bug #402836)
[etch] - madwifi <no-dsa> (Non-free not supported)
CVE-2006-6331 (metaInfo.php in TorrentFlux 2.2, when $cfg["enable_file_priority"] is ...)
TODO: check
@@ -564,7 +564,7 @@
CVE-2006-6222
RESERVED
CVE-2006-6221 (2X ThinClientServer Enterprise Edition before 4.0.2248 allows remote ...)
- TODO: check
+ NOT-FOR-US: 2X ThinClientServer Enterprise Edition
CVE-2006-6220 (Multiple SQL injection vulnerabilities in Recipes Website (Recipes ...)
NOT-FOR-US: Recipes Complete Website
CVE-2006-6219 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
@@ -582,7 +582,7 @@
CVE-2006-6213 (index.php in PEGames uses the extract function to overwrite critical ...)
NOT-FOR-US: PEGames
CVE-2006-6212 (PHP remote file inclusion vulnerability in centre.php in Site News ...)
- TODO: check
+ NOT-FOR-US: Site News
CVE-2006-6211 (Multiple cross-site scripting (XSS) vulnerabilities in BirdBlog 1.4.0 ...)
NOT-FOR-US: BirdBlog
CVE-2006-6210 (SQL injection vulnerability in listpics.asp in ASP ListPics 5.0 allows ...)
@@ -600,51 +600,51 @@
CVE-2006-6204 (Multiple SQL injection vulnerabilities in Enthrallweb eHomes allow ...)
NOT-FOR-US: Enthrallweb eHomes
CVE-2006-6203 (Directory traversal vulnerability in startdown.php in the Flyspray ME ...)
- TODO: check
+ NOT-FOR-US: Flyspray componenten for Mamba, this appears to be different from the Flyspray bug tracker
CVE-2006-6202 (PHP remote file inclusion vulnerability in modules/NukeAI/util.php in ...)
- TODO: check
+ NOT-FOR-US: PHP-Nuke
CVE-2006-6201 (Heap-based buffer overflow in Borland idsql32.dll 5.1.0.4, as used by ...)
- TODO: check
+ NOT-FOR-US: Borland idsql32.dll
CVE-2006-6200 (Multiple SQL injection vulnerabilities in the (1) rate_article and (2) ...)
- TODO: check
+ NOT-FOR-US: PHP-Nuke
CVE-2006-6199 (Stack-based buffer overflow in BlazeVideo BlazeDVD Standard and ...)
- TODO: check
+ NOT-FOR-US: BlazeVideo BlazeDVD
CVE-2006-6198 (Multiple cross-site scripting (XSS) vulnerabilities in cPanel WebHost ...)
- TODO: check
+ NOT-FOR-US: cPanel
CVE-2006-6197 (Multiple cross-site scripting (XSS) vulnerabilities in b2evolution ...)
- TODO: check b2evolution
+ TODO: check b2evolution
CVE-2006-6196 (Cross-site scripting (XSS) vulnerability in the search functionality ...)
- TODO: check
+ NOT-FOR-US: Fixit iDMS Pro Image Gallery
CVE-2006-6195 (Multiple SQL injection vulnerabilities in Fixit iDMS Pro Image Gallery ...)
- TODO: check
+ NOT-FOR-US: Fixit iDMS Pro Image Gallery
CVE-2006-6194 (Multiple SQL injection vulnerabilities in index.asp in Ultimate Survey ...)
- TODO: check
+ NOT-FOR-US: Ultimate Survey Pro
CVE-2006-6193 (SQL injection vulnerability in edit.asp in BasicForum 1.1 and earlier ...)
- TODO: check
+ NOT-FOR-US: BasicForum
CVE-2006-6192 (Unspecified scripts in the admin directory in 8pixel.net SimpleBlog ...)
- TODO: check
+ NOT-FOR-US: 8pixel.net SimpleBlog
CVE-2006-6191 (SQL injection vulnerability in admin/edit.asp in 8pixel.net simpleblog ...)
- TODO: check
+ NOT-FOR-US: 8pixel.net SimpleBlog
CVE-2006-6190 (SQL injection vulnerability in anna.pl in Anna^ IRC Bot before 0.30 ...)
- TODO: check
+ NOT-FOR-US: Anna^ IRC Bot
CVE-2006-6189 (SQL injection vulnerability in displayCalendar.asp in ClickTech Click ...)
- TODO: check
+ NOT-FOR-US: ClickTech Click Blog
CVE-2006-6188 (Cross-site scripting (XSS) vulnerability in view_search.asp in ...)
- TODO: check
+ NOT-FOR-US: ClickTech Click Gallery
CVE-2006-6187 (Multiple SQL injection vulnerabilities in ClickTech Click Gallery ...)
- TODO: check
+ NOT-FOR-US: ClickTech Click Gallery
CVE-2006-6186 (Multiple directory traversal vulnerabilities in enomphp 4.0 allow ...)
- TODO: check
+ NOT-FOR-US: enomphp
CVE-2006-6185 (Directory traversal vulnerability in script.php in Wabbit PHP Gallery ...)
- TODO: check
+ NOT-FOR-US: Wabbit PHP Gallery
CVE-2006-6184 (Multiple stack-based buffer overflows in Allied Telesyn TFTP Server ...)
- TODO: check
+ NOT-FOR-US: Allied Telesyn TFTP Server
CVE-2006-6183 (Multiple stack-based buffer overflows in 3Com 3CTftpSvc 2.0.1, and ...)
- NOT-FOR-US: 3CTftpSvc
+ NOT-FOR-US: 3Com 3CTftpSvc
CVE-2006-6182 (The Gabriele Teotino GNotebook 0.7.0.1 gadget for Google Desktop ...)
- NOT-FOR-US: GNotebook
+ NOT-FOR-US: Gabriele Teotino GNotebook
CVE-2006-6181 (Multiple SQL injection vulnerabilities in default.asp in ClickTech ...)
- TODO: check
+ NOT-FOR-US: ClickTech ClickContact
CVE-2006-6180 (Cross-site scripting (XSS) vulnerability in articles.asp in ...)
NOT-FOR-US: iNews Publisher
CVE-2006-6179 (Buffer overflow in ...)
@@ -652,7 +652,7 @@
CVE-2006-6178 (Buffer overflow in PCCSRV\Web_console\RemoteInstallCGI\Wizard.exe for ...)
NOT-FOR-US: Trend Micro OfficeScan
CVE-1999-1590 (Directory traversal vulnerability in Muhammad A. Muquit wwwcount ...)
- TODO: check
+ NOT-FOR-US: Muhammad A. Muquit wwwcoun
CVE-2006-XXXX [libxslt segfault / DoS]
- libxslt 1.1.18-3 (low)
[sarge] - libxslt <not-affected> (vulnerability added later)
@@ -669,7 +669,6 @@
NOT-FOR-US: Mac OS X
CVE-2006-6172 (Buffer overflow in the asmrp_eval function for Real Media input plugin ...)
- xine-lib 1.1.2+dfsg-2 (medium; bug #401740)
- TODO: check usual suspects (ffmpeg, ...)
CVE-2006-6171 (** DISPUTED ** ...)
{DSA-1218}
- proftpd-dfsg 1.3.0-13 (low; bug #399070)
@@ -820,8 +819,10 @@
- dbus 1.0.2-1
CVE-2006-6106
RESERVED
-CVE-2006-6105
+CVE-2006-6105 [gdmchooser format string issue]
RESERVED
+ - gdm <unfixed> (medium)
+ [sarge] - gdm <not-affected> (Vulnerable code not present)
CVE-2006-6104
RESERVED
CVE-2006-6103
More information about the Secure-testing-commits
mailing list