[Secure-testing-commits] r3506 - data/CVE

Moritz Muehlenhoff jmm-guest at costa.debian.org
Sat Feb 18 12:55:34 UTC 2006 

Author: jmm-guest
Date: 2006-02-18 12:55:28 +0000 (Sat, 18 Feb 2006)
New Revision: 3506

Modified:
   data/CVE/list
Log:
postgres fixed
unimportant postgres issues
new firefox issues
NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-02-17 20:19:47 UTC (rev 3505)
+++ data/CVE/list	2006-02-18 12:55:28 UTC (rev 3506)
@@ -81,7 +81,6 @@
 	TODO: check
 CVE-2006-0697 (Zen Cart before 1.2.7 does not protect the admin/includes directory, ...)
 	TODO: check
-begin claimed by jmm
 CVE-2006-0696 (SQL injection vulnerability in Zen Cart before 1.2.7 allows remote ...)
 	TODO: check
 CVE-2006-0695 (Ansilove before 1.03 does not filter uploaded file extensions, which ...)
@@ -93,50 +92,53 @@
 CVE-2006-0692 (Multiple SQL injection vulnerabilities in Carey Briggs PHP/MYSQL ...)
 	TODO: check
 CVE-2006-0691 (edituser.php in TTS Time Tracking Software 3.0 does not verify that ...)
-	TODO: check
+	NOT-FOR-US: TTS Time Tracking Software
 CVE-2006-0690 (Multiple SQL injection vulnerabilities in TTS Time Tracking Software ...)
-	TODO: check
+	NOT-FOR-US: TTS Time Tracking Software
 CVE-2006-0689 (Cross-site scripting (XSS) vulnerability in the Registration Form in ...)
-	TODO: check
+	NOT-FOR-US: TTS Time Tracking Software
 CVE-2006-0688 (PHP remote file include vulnerability in application.php in ...)
-	TODO: check
+	NOT-FOR-US: nicecoder.com indexu
 CVE-2006-0687 (process.php in DocMGR 0.54.2 does not initialize the $siteModInfo ...)
-	TODO: check
+	NOT-FOR-US: DocMGR
 CVE-2006-0686 (add_user.php in Virtual Hosting Control System (VHCS) 2.4.7.1 and ...)
-	TODO: check
+	NOT-FOR-US: Virtual Hosting Control System
 CVE-2006-0685 (The check_login function in login.php in Virtual Hosting Control ...)
-	TODO: check
+	NOT-FOR-US: Virtual Hosting Control System
 CVE-2006-0684 (change_password.php in Virtual Hosting Control System (VHCS) 2.4.7.1 ...)
-	TODO: check
+	NOT-FOR-US: Virtual Hosting Control System
 CVE-2006-0683 (Cross-site scripting (XSS) vulnerability in Virtual Hosting Control ...)
-	TODO: check
+	NOT-FOR-US: Virtual Hosting Control System
 CVE-2006-0682 (Multiple cross-site scripting (XSS) vulnerabilities in bbcodes system ...)
-	TODO: check
+	NOT-FOR-US: e107
 CVE-2006-0681 (Format string vulnerability in powerd.c in Power Daemon (powerd) 2.0.2 ...)
 	TODO: check
 CVE-2006-0680 (Unspecified vulnerability in WebGUI before 6.8.6-gamma allows remote ...)
-	TODO: check
+	NOT-FOR-US: WebGUI
 CVE-2006-0679
 	RESERVED
 CVE-2006-0678 (PostgreSQL 7.3.x before 7.3.14, 7.4.x before 7.4.12, 8.0.x before ...)
-	TODO: check
+	NOTE: Only vulnerable when compiled with asserts
+	- postgresql <unfixed> (unimportant)
+	- postgresql-8.0 8.0.7-1 (unimportant)
+	- postgresql-8.1 8.1.3-1 (unimportant)
 CVE-2005-4723 (D-Link DI-524 Wireless Router, DI-624 Wireless Router, and DI-784 ...)
-	TODO: check
+	NOT-FOR-US: D-Link hardware
 CVE-2005-4722 (_Request_Message.cfm in tmsPUBLISHER 3.3 allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: tmsPUBLISHER
 CVE-2005-4721 (Cross-site scripting (XSS) vulnerability in search.cfm in tmsPUBLISHER ...)
-	TODO: check
+	NOT-FOR-US: tmsPUBLISHER
 CVE-2005-4720 (Mozilla Firefox 1.0.7 and earlier on Linux allows remote attackers to ...)
-	TODO: check
+	- mozilla-firefox <unfixed>
+	- firefox <unfixed>
 CVE-2005-4719 (Multiple SQL injection vulnerabilities in Sysbotz Systems Panel 1.0.6 ...)
-	TODO: check
+	NOT-FOR-US: Sysbotz Systems Panel
 CVE-2005-4718 (Opera 8.02 and earlier allows remote attackers to cause a denial of ...)
-	TODO: check
+	NOT-FOR-US: Opera
 CVE-2005-4717 (Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2005-4716 (Hitachi TP1/Server Base and TP1/NET/Library 2 on IBM AIX allow remote ...)
-	TODO: check
-end claimed by jmm
+	NOT-FOR-US: Hitachi TP1
 CVE-2006-XXXX [honeyd info leak]
 	- honeyd <unfixed> (bug filed)
 CVE-2006-0677 (telnetd in Heimdal 0.6.x before 0.6.6 and 0.7.x before 0.7.2 allows ...)
@@ -424,7 +426,7 @@
 CVE-2006-0554
 	RESERVED
 CVE-2006-0553 (PostgreSQL 8.1.0 through 8.1.2 allows authenticated database users to ...)
-	TODO: check
+	- postgresql-8.1 8.1.3-1
 CVE-2006-0552 (Unspecified vulnerability in the Net Listener component of Oracle ...)
 	NOT-FOR-US: Oracle
 CVE-2006-0551 (SQL injection vulnerability in the Data Pump Metadata API in Oracle ...)

More information about the Secure-testing-commits mailing list