[Secure-testing-commits] r3429 - data/CVE

Moritz Muehlenhoff jmm-guest at costa.debian.org
Sun Feb 5 19:04:06 UTC 2006 

Author: jmm-guest
Date: 2006-02-05 19:03:49 +0000 (Sun, 05 Feb 2006)
New Revision: 3429

Modified:
   data/CVE/list
Log:
updates on CVE-2005-2096
new firefox issue
kfreebsd issue
some NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-02-05 13:29:08 UTC (rev 3428)
+++ data/CVE/list	2006-02-05 19:03:49 UTC (rev 3429)
@@ -81,11 +81,13 @@
 CVE-2006-0497 (Multiple SQL injection vulnerabilities in PHP GEN before 1.4 allow ...)
 	TODO: check
 CVE-2006-0496 (Cross-site scripting (XSS) vulnerability in Mozilla 1.7.12 and ...)
-	TODO: check
+	- firefox <unfixed> (bug #349339)
+	- mozilla-firefox <unfixed> (bug #349339)
+	- mozilla <unfixed>
 CVE-2006-0495 (Cross-site scripting (XSS) vulnerability in the Add Thread to ...)
 	TODO: check
 CVE-2006-0494 (Directory traversal vulnerability in MyBB (aka MyBulletinBoard) 1.02 ...)
-	TODO: check
+	NOT-FOR-US: MyBB
 CVE-2006-0493 (Cross-site scripting (XSS) vulnerability in MG2 (formerly known as ...)
 	TODO: check
 CVE-2006-0492 (Multiple SQL injection vulnerabilities in Calendarix allow remote ...)
@@ -101,13 +103,13 @@
 CVE-2006-0487 (Multiple unspecified vulnerabilities in Tumbleweed MailGate Email ...)
 	TODO: check
 CVE-2006-0486 (Certain Cisco IOS releases in 12.2S based trains with maintenance ...)
-	TODO: check
+	NOT-FOR-US: IOS
 CVE-2006-0485 (The TCL shell in Cisco IOS 12.2(14)S before 12.2(14)S16, 12.2(18)S ...)
-	TODO: check
+	NOT-FOR-US: IOS
 CVE-2006-0484 (Directory traversal vulnerability in Vis.pl, as part of the FACE ...)
 	TODO: check
 CVE-2006-0483 (Cisco VPN 3000 series concentrators running software 4.7.0 through ...)
-	TODO: check
+	NOT-FOR-US: Cisco VPN 3000
 CVE-2006-0482 (Linux kernel 2.6.15.1 and earlier, when running on SPARC ...)
 	- linux-2.6 2.6.15-4
 CVE-2006-0481 (Heap-based buffer overflow in the alpha strip capability in libpng ...)
@@ -295,7 +297,7 @@
 CVE-2005-4668 (The embedded HSQLDB in ParosProxy before 3.2.7, when running with JDK ...)
 	NOT-FOR-US: ParoxProxy
 CVE-2006-0433 (Selective Acknowledgement (SACK) in FreeBSD 5.3 and 5.4 does not ...)
-	TODO: check
+	- kfreebsd-5 5.4-13
 CVE-2006-0432 (Unspecified vulnerability in BEA WebLogic Server and WebLogic Express ...)
 	NOT-FOR-US: BEA WebLogic
 CVE-2006-0431 (Unspecified vulnerability in BEA WebLogic Server and WebLogic Express ...)
@@ -9198,10 +9200,13 @@
 	{DSA-936-1 DSA-780-1 DTSA-28-1}
 	- kdegraphics 4:3.4.2-1 (bug #322458; low)
 	- xpdf 3.00-15 (bug #322462; low)
-	- tetex-bin <not-affected> (pdftex doesn't include or use the vulnerable code)
+	[woody] - tetex-bin <not-affected> (pdftex doesn't include or use the vulnerable code)
+	- tetex-bin <unfixed>
+	TODO: Check, when sid was fixed for this
 	- gpdf <unfixed> (bug #334454; low)
-	NOTE: only affects cupsys source package, not used in binary
-	- cupsys 1.1.23-13 (bug #324464; unimportant)
+	NOTE: Cups switched to xpdf-utils
+	- cupsys 1.1.22-7
+	[woody] - cupsys <not-affected> (Vulnerable code not present)
 	- poppler 0.4.0-1 (low)
 	- libextractor 0.5.8-1 (medium)
 CVE-2005-2096 (zlib 1.2 and later versions allows remote attackers to cause a denial ...)

More information about the Secure-testing-commits mailing list