[Secure-testing-commits] r3531 - in data: . CVE

Moritz Muehlenhoff jmm-guest at costa.debian.org
Thu Feb 23 14:47:16 UTC 2006 

Author: jmm-guest
Date: 2006-02-23 14:47:10 +0000 (Thu, 23 Feb 2006)
New Revision: 3531

Modified:
   data/CVE/list
   data/open-issues.txt
Log:
tar off-by-one
honeyd CVEfied
lots of NFUs
two more maintenability issues for Etch


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-02-23 14:23:59 UTC (rev 3530)
+++ data/CVE/list	2006-02-23 14:47:10 UTC (rev 3531)
@@ -4,71 +4,68 @@
 	[sarge] - bugzilla <not-affected> (Only 2.17 and above are affected)
 CVE-2006-XXXX [cherrypy2 information disclosure]
 	- cherrypy2 2.1.1-1 (bug #353542)
-begin claimed by jmm
 CVE-2006-0811 (Cross-site scripting (XSS) vulnerability in reguser.php in Skate Board ...)
-	NOT-FOR-US: 
-	TODO: check
+	NOT-FOR-US: Skate Board
 CVE-2006-0810 (Unspecified vulnerability in config.php in Skate Board 0.9 allows ...)
-	TODO: check
+	NOT-FOR-US: Skate Board
 CVE-2006-0809 (Multiple SQL injection vulnerabilities in Skate Board 0.9 allow remote ...)
-	TODO: check
+	NOT-FOR-US: Skate Board
 CVE-2006-0808 (MUTE 0.4 allows remote attackers to cause a denial of service ...)
-	TODO: check
+	NOT-FOR-US: MUTE
 CVE-2006-0807 (Stack-based buffer overflow in NJStar Chinese and Japanese Word ...)
-	TODO: check
+	NOT-FOR-US: NJStar
 CVE-2006-0806 (Multiple cross-site scripting (XSS) vulnerabilities in ADOdb 4.71 ...)
-	TODO: check
+	- libphp-adodb <unfixed>
 CVE-2006-0805 (The CAPTCHA functionality in php-Nuke 6.0 through 7.9 uses fixed ...)
-	TODO: check
+	NOT-FOR-US: php-Nuke
 CVE-2006-0804 (Off-by-one error in TIN 1.8.0 and earlier might allow attackers to ...)
-	TODO: check
+	- tin 1.8.1 
 CVE-2006-0803
 	RESERVED
 CVE-2006-0802 (Cross-site scripting (XSS) vulnerability in the NS-Languages module ...)
-	TODO: check
+	NOT-FOR-US: PostNuke
 CVE-2006-0801 (SQL injection vulnerability in the NS-Languages module for PostNuke ...)
-	TODO: check
+	NOT-FOR-US: PostNuke
 CVE-2006-0800 (Interpretation conflict in PostNuke 0.761 and earlier allows remote ...)
-	TODO: check
+	NOT-FOR-US: PostNuke
 CVE-2006-0799 (Microsoft Internet Explorer allows remote attackers to conduct ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2006-0798 (Multiple directory traversal vulnerabilities in the IMAP service in ...)
-	TODO: check
+	NOT-FOR-US: Macallan Mail Solution
 CVE-2006-0797 (Nokia N70 cell phone allows remote attackers to caues a denial of ...)
-	TODO: check
+	NOT-FOR-US: Nokia cell phone
 CVE-2006-0796 (Cross-site scripting (XSS) vulnerability in default.php in Clever Copy ...)
-	TODO: check
+	NOT-FOR-US: Clever Copy
 CVE-2006-0795 (Unspecified vulnerability in convert.cgi in Quirex 2.0.2 and earlier ...)
-	TODO: check
+	NOT-FOR-US: Quirex 
 CVE-2006-0794 (help.php in V-webmail 1.6.2 allows remote attackers to obtain the ...)
-	TODO: check
+	NOT-FOR-US: V-webmail
 CVE-2006-0793 (frameset.php in V-webmail 1.6.2 allows remote attackers to conduct ...)
-	TODO: check
+	NOT-FOR-US: V-webmail
 CVE-2006-0792 (Cross-site scripting (XSS) vulnerability in preferences.personal.php ...)
-	TODO: check
+	NOT-FOR-US: V-webmail
 CVE-2006-0791 (PHP remote file inclusion vulnerability in index.php in DreamCost ...)
-	TODO: check
+	NOT-FOR-US: DreamCost HostAdmin
 CVE-2006-0790 (Rockliffe MailSite 7.0 and earlier allows remote attackers to cause a ...)
-	TODO: check
+	NOT-FOR-US: Rockliffe MailSite
 CVE-2006-0789 (Certain unspecified Kyocera printers have a default &quot;admin&quot; account ...)
-	TODO: check
+	NOT-FOR-US: Kyocera printers
 CVE-2006-0788 (Kyocera 3830 (aka FS-3830N) printers have a back door that allows ...)
-	TODO: check
+	NOT-FOR-US: Kyocera printers
 CVE-2006-0787 (wimpy_trackplays.php in Plaino Wimpy MP3 Player, possibly 5.2 and ...)
-	TODO: check
+	NOT-FOR-US: Plaino Wimpy
 CVE-2006-0786 (Incomplete blacklist vulnerability in include.php in PHPKIT 1.6.1 ...)
-	TODO: check
+	NOT-FOR-US: PHPKIT
 CVE-2006-0785 (Absolute path traversal vulnerability in include.php in PHPKIT 1.6.1 ...)
-	TODO: check
+	NOT-FOR-US: PHPKIT
 CVE-2006-0784 (D-Link DWL-G700AP with firmware 2.00 and 2.01 allows remote attackers ...)
-	TODO: check
+	NOT-FOR-US: D-Link hardware
 CVE-2006-0783 (Cross-site scripting (XSS) vulnerability in page.php in in Siteframe ...)
-	TODO: check
+	NOT-FOR-US: Siteframe Beaumont
 CVE-2006-0782 (Unspecified vulnerability in weblog.pl in PerlBlog 1.09b and earlier ...)
-	TODO: check
-end claimed by jmm
+	NOT-FOR-US: PerlBlog 
 CVE-2006-0781 (Directory traversal vulnerability in weblog.pl in PerlBlog 1.09b and ...)
-	TODO: check
+	NOT-FOR-US: PerlBlog 
 CVE-2006-0780 (Multiple cross-site scripting (XSS) vulnerabilities in weblog.pl in ...)
 	TODO: check
 CVE-2006-0779 (Cross-site scripting (XSS) vulnerability in u2u.php in XMB Forums ...)
@@ -126,7 +123,7 @@
 CVE-2006-0753 (Memory leak in Microsoft Internet Explorer 6 for Windows XP Service ...)
 	TODO: check
 CVE-2006-0752 (Niels Provos Honeyd before 1.5 replies to certain illegal IP packet ...)
-	TODO: check
+	- honeyd <unfixed> (bug filed)
 CVE-2006-0751 (Multiple unspecified vulnerabilities in the (1) Filesystem in ...)
 	TODO: check
 CVE-2006-0750 (SQL injection vulnerability in index.php in supersmashbrothers (SSB) ...)
@@ -309,8 +306,6 @@
 	NOT-FOR-US: Microsoft
 CVE-2005-4716 (Hitachi TP1/Server Base and TP1/NET/Library 2 on IBM AIX allow remote ...)
 	NOT-FOR-US: Hitachi TP1
-CVE-2006-XXXX [honeyd info leak]
-	- honeyd <unfixed> (bug filed)
 CVE-2006-0677 (telnetd in Heimdal 0.6.x before 0.6.6 and 0.7.x before 0.7.2 allows ...)
 	{DSA-977-1}
 	- heimdal <unfixed>
@@ -1259,6 +1254,7 @@
 	- libextractor 0.5.10-1 (medium)
 	- pdfkit.framework 0.8-4 (medium)
 CVE-2006-0300 [buffer overflow in tar]
+	RESERVED
 	- tar <unfixed> (bug #354091; high)
 	- dpkg <not-affected> (has completely different tar implementation)
 	[woody] - tar <not-affected>

Modified: data/open-issues.txt
===================================================================
--- data/open-issues.txt	2006-02-23 14:23:59 UTC (rev 3530)
+++ data/open-issues.txt	2006-02-23 14:47:10 UTC (rev 3531)
@@ -29,3 +29,11 @@
 ffmpeg creates libavcodec only statically. It should be evaluated if there's
 really a compelling reason, as it requires massive recompiles for every security
 update. If upstream is reluctant this could be done locally for Etch at least.
+
+=== none
+
+MOTIF 1.2 support has been deprecated upstream. We need to get rid of lesstif1
+for Etch, it already caused us great pain during the last security problems.
+The transition isn't very difficult, it's a recompile against lesstif2-dev
+in most cases. Most packages still using lesstif1 are effectively unmaintained,
+many of them can probably just as well be orphaned or removed.
\ No newline at end of file

More information about the Secure-testing-commits mailing list