[Secure-testing-commits] r3225 - data/CVE

Moritz Muehlenhoff jmm-guest at costa.debian.org
Wed Jan 4 13:13:46 UTC 2006 

Author: jmm-guest
Date: 2006-01-04 13:13:38 +0000 (Wed, 04 Jan 2006)
New Revision: 3225

Modified:
   data/CVE/list
Log:
processed block:
three not-affected
the rest are NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-01-04 12:34:33 UTC (rev 3224)
+++ data/CVE/list	2006-01-04 13:13:38 UTC (rev 3225)
@@ -6,65 +6,64 @@
 	NOT-FOR-US: vBulletin
 CVE-2006-0079 (SQL injection vulnerability in auth.php in ScozNet ScozBook BETA 1.1 ...)
 	NOT-FOR-US: ScozNet
-begin claimed by jmm
 CVE-2006-0078 (Multiple cross-site scripting (XSS) vulnerabilities in B-net Software ...)
-	TODO: check
+	NOT-FOR-US: B-Net Software
 CVE-2006-0077 (Off-by-one error in the getfattr function in File::ExtAttr before 0.03 ...)
 	NOT-FOR-US: File::ExtAttr
 	TODO: check for further uploads.
 CVE-2006-0076 (PHP remote file include vulnerability in forum.php in oaBoard 1.0 ...)
-	TODO: check
+	NOT-FOR-US: oaBoard
 CVE-2006-0075 (Direct static code injection vulnerability in phpBook 1.3.2 and ...)
-	TODO: check
+	NOT-FOR-US: phpBook
 CVE-2006-0074 (SQL injection vulnerability in profile.php in PHPenpals allows remote ...)
-	TODO: check
+	NOT-FOR-US: PHPenpals
 CVE-2006-0073 (Cross-site scripting (XSS) vulnerability in DiscusWare Discus Freeware ...)
-	TODO: check
+	NOT-FOR-US: DiscusWare Discus
 CVE-2006-0072 (Buffer overflow in termsh on SCO OpenServer 5.0.7 allows remote ...)
-	TODO: check
+	NOT-FOR-US: SCO Openserver
 CVE-2006-0071 (The ebuild for pinentry before 0.7.2-r2 on Gentoo Linux sets setgid ...)
-	TODO: check
+	- pinentry <not-affected> (Gentoo-specific packaging flaw)
 CVE-2006-0070 (** DISPUTED ** ...)
-	TODO: check
+	- drupal <not-affected> (According to upstream advisory is junk, behaviour intentional)
+	NOTE: This will probably be REJECTED anyway
 CVE-2006-0069 (Cross-site scripting (XSS) vulnerability in addentry.php in Chipmunk ...)
-	TODO: check
+	NOT-FOR-US: Chipmunk Guestbook
 CVE-2006-0068 (SQL injection vulnerability in Primo Cart 1.0 and earlier allows ...)
-	TODO: check
+	NOT-FOR-US: Primo Cart
 CVE-2006-0067 (SQL injection vulnerability in login.php in VEGO Links Builder 2.00 ...)
-	TODO: check
+	NOT-FOR-US: VEGO Links Builder
 CVE-2006-0066 (SQL injection vulnerability in index.php in PHPjournaler 1.0 allows ...)
-	TODO: check
+	NOT-FOR-US: PHPjournaler
 CVE-2006-0065 (SQL injection vulnerability in (1) functions.php, (2) ...)
-	TODO: check
+	NOT-FOR-US: VEGO Web Forum
 CVE-2006-0064 (PHP remote file include vulnerability in includes/orderSuccess.inc.php ...)
-	TODO: check
+	NOT-FOR-US: CubeCart
 CVE-2006-0063
 	RESERVED
 CVE-2005-4617 (SQL injection vulnerability in tickets.php in cSupport 1.0 and earlier ...)
-	TODO: check
+	NOT-FOR-US: cSupport
 CVE-2005-4616 (SQL injection vulnerability in index.php in iSupport 1.06 allows ...)
-	TODO: check
+	NOT-FOR-US: iSupport
 CVE-2005-4615 (SQL injection vulnerability in news.php in DapperDesk 3.0.1 and ...)
-	TODO: check
+	NOT-FOR-US: DapperDesk
 CVE-2005-4614 (Multiple SQL injection vulnerabilities in digiSHOP 3.1.17 and earlier ...)
-	TODO: check
+	NOT-FOR-US: digiSHOP
 CVE-2005-4613 (Cross-site scripting (XSS) vulnerability in VUBB alpha rc1 allows ...)
-	TODO: check
+	NOT-FOR-US: VUBB alpha
 CVE-2005-4612 (Multiple SQL injection vulnerabilities in VUBB alpha rc1 allow remote ...)
-	TODO: check
+	NOT-FOR-US: VUBB alpha
 CVE-2005-4611 (SQL injection vulnerability in search.php in Free ClickBank 1.0 and ...)
-	TODO: check
+	NOT-FOR-US: Free ClickBank
 CVE-2005-4610 (Format string vulnerability in the server for Dopewars before 1.5.12, ...)
-	TODO: check
+	- dopewars <not-affected> (According to upstream Windows-specific)
 CVE-2005-4609 (index.php in BugPort 1.147 and earlier allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: BugPort
 CVE-2005-4608 (SQL injection vulnerability in index.php in BugPort 1.147 allows ...)
-	TODO: check
+	NOT-FOR-US: BugPort
 CVE-2005-4607 (Cross-site scripting (XSS) vulnerability in index.php in BugPort 1.147 ...)
-	TODO: check
+	NOT-FOR-US: BugPort
 CVE-2005-4606 (SQL injection vulnerability in check_user.asp in multiple Web Wiz ...)
-	TODO: check
-end claimed by jmm
+	NOT-FOR-US: Web Wiz
 CVE-2006-XXXX [libmail-audit-perl: insecure /tmp handling]
 	- libmail-audit-perl <unfixed> (bug #344029)
 CVE-2005-4605 (The procfs code (proc_misc.c) in Linux 2.6.14.3 and other versions ...)

More information about the Secure-testing-commits mailing list