[Secure-testing-commits] r5141 - data/CVE

Stefan Fritsch stef-guest at alioth.debian.org
Sun Dec 17 22:12:26 CET 2006 

Author: stef-guest
Date: 2006-12-17 22:12:24 +0100 (Sun, 17 Dec 2006)
New Revision: 5141

Modified:
   data/CVE/list
Log:
torrentflux issues CVEified (CVE-2006-6331 still unfixed)

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-12-17 20:27:25 UTC (rev 5140)
+++ data/CVE/list	2006-12-17 21:12:24 UTC (rev 5141)
@@ -499,13 +499,14 @@
 	- madwifi 1:0.9.2+r1842.20061207-2 (high; bug #402836)
 	[etch] - madwifi <no-dsa> (Non-free not supported)
 CVE-2006-6331 (metaInfo.php in TorrentFlux 2.2, when $cfg[&quot;enable_file_priority&quot;] is ...)
-	TODO: check
+	- torrentflux <unfixed> (bug #400582; medium)
 CVE-2006-6330 (index.php for TorrentFlux 2.2 allows remote registered users to ...)
-	TODO: check
+	- torrentflux 2.1-6 (bug #399169; medium)
 CVE-2006-6329 (index.php for TorrentFlux 2.2 allows remote attackers to delete files ...)
-	TODO: check
+	- torrentflux 2.1-6 (bug #399169)
 CVE-2006-6328 (Directory traversal vulnerability in index.php for TorrentFlux 2.2 ...)
-	TODO: check
+	- torrentflux 2.1-5 (bug #395930; medium)
+	NOTE: duplicate of CVE-2006-5609
 CVE-2006-6327
 	RESERVED
 CVE-2006-6326
@@ -931,8 +932,6 @@
 CVE-2006-XXXX [smb4k security issue]
 	- smb4k 0.7.5-1
 	[sarge] - smb4k <not-affected> (Vulnerable code not present)
-CVE-2006-XXXX [arbitrary code execution in metaInfo.php in torrentflux]
-	- torrentflux <unfixed> (bug #400582; medium)
 CVE-2006-6129 (Integer overflow in the fatfile_getarch2 in Apple Mac OS X allows ...)
 	NOT-FOR-US: Apple Mac OS X
 CVE-2006-6128 (The ReiserFS functionality in Linux kernel 2.6.18, and possibly other ...)
@@ -1267,8 +1266,6 @@
 	[sarge] - dovecot <not-affected> (Vulnerable code not present)
 CVE-2005-4815 (SAP 6.4 before 6.40 patch 4, 6.2 before 6.20 patch 1364, 4.6 before ...)
 	NOT-FOR-US: SAP
-CVE-2006-XXXX [TorrentFlux Arbitrary Command Execution and Directory Traversal]
-	- torrentflux 2.1-6 (medium; bug #399169)
 CVE-2006-XXXX [Firefox Sage Extension Feed Script Insertion Vulnerability]
 	- firefox-sage <not-affected> (medium; bug #399170)
 	NOTE: Debian's version has HTML disabled

More information about the Secure-testing-commits mailing list