[Secure-testing-commits] r3444 - data/CVE

Moritz Muehlenhoff jmm-guest at costa.debian.org
Wed Feb 8 10:01:28 UTC 2006 

Author: jmm-guest
Date: 2006-02-08 10:01:22 +0000 (Wed, 08 Feb 2006)
New Revision: 3444

Modified:
   data/CVE/list
Log:
two elog issues fixed since some time
lots of NFUs
four provisional placeholders for requested elog CVEs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-02-08 09:14:21 UTC (rev 3443)
+++ data/CVE/list	2006-02-08 10:01:22 UTC (rev 3444)
@@ -1,3 +1,11 @@
+CVE-2006-XXXX [elog: buffer overflow in write_logfile]
+	- elog 2.6.1+r1642-1
+CVE-2006-XXXX [elog: remote DoS through overly long attributes]
+	- elog 2.6.1+r1642-1
+CVE-2006-XXXX [elog: information discloure in password denial]
+	- elog 2.6.1+r1642-1
+CVE-2006-XXXX [elog: remote DoS through endless loop]
+	- elog 2.6.1+r1642-1
 CVE-2006-0593 (Cross-site scripting (XSS) vulnerability in PHP-Fusion before 6.00.304 ...)
 	TODO: check
 CVE-2006-0592 (Unspecified vulnerability in the Lexmark Printer Sharing service ...)
@@ -54,17 +62,16 @@
 	TODO: check
 CVE-2006-XXXX [bluez-hcidump DoS]
 	- bluez-hcidump <unfixed> (bug filed)
-begin claimed by jmm
 CVE-2006-0566 (The LDAP component in CommuniGate Pro Core Server 5.0.7 allows remote ...)
-	TODO: check
+	NOT-FOR-US: Communigate Pro
 CVE-2006-0565 (PHP remote file include vulnerability in inc/backend_settings.php in ...)
-	TODO: check
+	NOT-FOR-US: LoudBlog
 CVE-2006-0564 (Stack-based buffer overflow in Microsoft HTML Help Workshop ...)
-	TODO: check
+	NOT-FOR-US: Microsoft 
 CVE-2006-0563 (SQL injection vulnerability in exec.php in PluggedOut Blog 1.9.9c ...)
-	TODO: check
+	NOT-FOR-US: PluggedOut Blog
 CVE-2006-0562 (Cross-site scripting (XSS) vulnerability in problem.php in PluggedOut ...)
-	TODO: check
+	NOT-FOR-US: PluggedOut Blog
 CVE-2006-0561
 	RESERVED
 CVE-2006-0560
@@ -84,50 +91,50 @@
 CVE-2006-0553
 	RESERVED
 CVE-2006-0552 (Unspecified vulnerability in the Net Listener component of Oracle ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2006-0551 (SQL injection vulnerability in the Data Pump Metadata API in Oracle ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2006-0550 (Buffer overflow in an unspecified Oracle Client utility might allow ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2006-0549 (SQL injection vulnerability in the SYS.DBMS_METADATA_UTIL package in ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2006-0548 (SQL injection vulnerability in the Oracle Text component of Oracle ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2006-0547 (Oracle Database 8i, 9i, and 10g allow remote authenticated users to ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2006-0546 (Unspecified vulnerability in index.php in a certain application ...)
-	TODO: check
+	NOT-FOR-US: Strange app at www.egeinternet.com
 CVE-2006-0545 (SQL injection vulnerability in showflat.php in Groupee (formerly known ...)
-	TODO: check
+	NOT-FOR-US: UBB.threads
 CVE-2006-0544 (urlmon.dll in Microsoft Internet Explorer 7.0 beta 2 (aka 7.0.5296.0) ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2006-0543 (Cerulean Trillian 3.1.0.120 allows remote attackers to cause a denial ...)
-	TODO: check
+	NOT-FOR-US: Cerulean Trillian 
 CVE-2006-0542 (Multiple SQL injection vulnerabilities in config.php in NukedWeb ...)
-	TODO: check
+	NOT-FOR-US: NukedWeb
 CVE-2006-0541 (Multiple cross-site scripting (XSS) vulnerabilities in Tachyon Vanilla ...)
-	TODO: check
+	NOT-FOR-US: Tachyon Vanilla Guestbook
 CVE-2006-0540 (Multiple SQL injection vulnerabilities in Tachyon Vanilla Guestbook ...)
-	TODO: check
+	NOT-FOR-US: Tachyon Vanilla Guestbook
 CVE-2006-0539 (The convert-fcrontab program in fcron 3.0.0 might allow local users to ...)
-	TODO: check
+	- fcron <not-affected> (Vulnerable app in the Debian package, not setuid anyway)
 CVE-2006-0538 (CipherTrust IronMail 5.0.1, when &quot;Denial of Service Protection&quot; is ...)
-	TODO: check
+	NOT-FOR-US: IronMail
 CVE-2006-0537 (Buffer overflow in eXchange POP3 before 5.0.060125 allows remote ...)
-	TODO: check
+	NOT-FOR-US: eXchange POP3
 CVE-2006-0536 (Cross-site scripting (XSS) vulnerability in neomail.pl in NeoMail 1.27 ...)
-	TODO: check
+	NOT-FOR-US: NeoMail
 CVE-2006-0535 (Multiple cross-site scripting (XSS) vulnerabilities in Community ...)
-	TODO: check
+	NOT-FOR-US: Community Server
 CVE-2006-0534 (Multiple cross-site scripting (XSS) vulnerabilities in default.asp in ...)
-	TODO: check
+	NOT-FOR-US: CyberShop Ultimate E-commerce
 CVE-2006-0533 (Cross-site scripting (XSS) vulnerability in webmailaging.cgi in cPanel ...)
-	TODO: check
+	NOT-FOR-US: cPanel
+	NOTE: Not Debian's cpanel
 CVE-2006-0532 (Cross-site scripting (XSS) vulnerability in resultat.asp in SoftMaker ...)
-	TODO: check
+	NOT-FOR-US: SoftMaker Shop 
 CVE-2006-0531 (Unspecified vulnerability in Sun Java System Access Manager 7.0 allows ...)
-	TODO: check
-end claimed by jmm
+	NOT-FOR-US: Sun Java System Access Manager
 CVE-2003-1293 (Multiple cross-site scripting (XSS) vulnerabilities in NukedWeb ...)
 	TODO: check
 CVE-2006-XXXX [kphone creates world-readable config file with passwords]
@@ -211,9 +218,9 @@
 CVE-2003-1292 (PHP remote file include vulnerability in Derek Ashauer ashNews 0.83 ...)
 	NOT-FOR-US: Derek Ashauer ashNews
 CVE-2006-0498 (Multiple cross-site scripting (XSS) vulnerabilities in PHP GEN before ...)
-	TODO: check
+	NOT-FOR-US: PHP GEN
 CVE-2006-0497 (Multiple SQL injection vulnerabilities in PHP GEN before 1.4 allow ...)
-	TODO: check
+	NOT-FOR-US: PHP GEN
 CVE-2006-0496 (Cross-site scripting (XSS) vulnerability in Mozilla 1.7.12 and ...)
 	- firefox <unfixed> (bug #349339)
 	- mozilla-firefox <unfixed> (bug #349339)
@@ -612,9 +619,9 @@
 CVE-2006-0349 (SQL injection vulnerability in eggblog 2.0 allows remote attackers to ...)
 	NOT-FOR-US: eggblog
 CVE-2006-0348 (Format string vulnerability in the write_logfile function in ELOG ...)
-	- elog <unfixed> (bug #349528; medium)
+	- elog 2.6.1+r1642-1 (bug #349528; medium)
 CVE-2006-0347 (Directory traversal vulnerability in ELOG before 2.6.1 allows remote ...)
-	- elog <unfixed> (bug #349528; medium)
+	- elog 2.6.1+r1642-1 (bug #349528; medium)
 CVE-2006-0346 (Cross-site scripting (XSS) vulnerability in SaralBlog 1.0 allows ...)
 	NOT-FOR-US: SaralBlog
 CVE-2006-0345 (Multiple SQL injection vulnerabilities in SaralBlog 1.0 allow remote ...)

More information about the Secure-testing-commits mailing list