[Secure-testing-commits] r3369 - data/CVE

Joey Hess joeyh at costa.debian.org
Wed Jan 25 21:14:27 UTC 2006 

Author: joeyh
Date: 2006-01-25 21:14:21 +0000 (Wed, 25 Jan 2006)
New Revision: 3369

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-01-25 20:12:20 UTC (rev 3368)
+++ data/CVE/list	2006-01-25 21:14:21 UTC (rev 3369)
@@ -1,3 +1,83 @@
+CVE-2006-0418 (Eval injection vulnerability in 123 Flash Chat Server 5.0 and 5.1 ...)
+	TODO: check
+CVE-2006-0417 (SQL injection vulnerability in login.php in miniBloggie 1.0 and ...)
+	TODO: check
+CVE-2006-0416 (SleeperChat 0.3f an earlier allows remote attackers to bypass ...)
+	TODO: check
+CVE-2006-0415 (Cross-site scripting (XSS) vulnerability in index.php in SleeperChat ...)
+	TODO: check
+CVE-2006-0414 (Tor 0.1.1.10-alpha and earlier allows remote attackers to identify ...)
+	TODO: check
+CVE-2006-0413 (Multiple SQL injection vulnerabilities in index.php in NewsPHP allow ...)
+	TODO: check
+CVE-2006-0412 (SQL injection vulnerability in CyberShop allows remote attackers to ...)
+	TODO: check
+CVE-2006-0411 (Claroline 1.7.2 uses guessable session cookies (md5 hash of connection ...)
+	TODO: check
+CVE-2006-0410 (SQL injection vulnerability in ADOdb before 4.71, when using ...)
+	TODO: check
+CVE-2006-0409 (Cross-site scripting (XSS) vulnerability in index.php in Pixelpost ...)
+	TODO: check
+CVE-2006-0408 (rsh utility in Sun Grid Engine (SGE) before 6.0u7_1 allows local users ...)
+	TODO: check
+CVE-2006-0407 (Cross-site scripting (XSS) vulnerability in post.php in AZ Bulletin ...)
+	TODO: check
+CVE-2006-0406 (search.php in MyBB 1.0.2 allows remote attackers to obtain sensitive ...)
+	TODO: check
+CVE-2006-0405 (The TIFFFetchShortPair function in tif_dirread.c in libtiff 3.8.0 ...)
+	TODO: check
+CVE-2006-0404 (Note-A-Day Weblog 2.2 stores sensitive data under the web document ...)
+	TODO: check
+CVE-2006-0403 (Multiple SQL injection vulnerabilities in e-moBLOG 1.3 allow remote ...)
+	TODO: check
+CVE-2006-0402 (SQL injection vulnerability in Zoph before 0.5pre1 allows remote ...)
+	TODO: check
+CVE-2006-0401
+	RESERVED
+CVE-2006-0400
+	RESERVED
+CVE-2006-0399
+	RESERVED
+CVE-2006-0398
+	RESERVED
+CVE-2006-0397
+	RESERVED
+CVE-2006-0396
+	RESERVED
+CVE-2006-0395
+	RESERVED
+CVE-2006-0394
+	RESERVED
+CVE-2006-0393
+	RESERVED
+CVE-2006-0392
+	RESERVED
+CVE-2006-0391
+	RESERVED
+CVE-2006-0390
+	RESERVED
+CVE-2006-0389
+	RESERVED
+CVE-2006-0388
+	RESERVED
+CVE-2006-0387
+	RESERVED
+CVE-2006-0386
+	RESERVED
+CVE-2006-0385
+	RESERVED
+CVE-2006-0384
+	RESERVED
+CVE-2006-0383
+	RESERVED
+CVE-2006-0382
+	RESERVED
+CVE-2006-0381
+	RESERVED
+CVE-2006-0380
+	RESERVED
+CVE-2006-0379
+	RESERVED
 CVE-2006-0378 (Cross-site scripting (XSS) vulnerability in Netrix X-Site Manager ...)
 	TODO: check
 CVE-2006-0377
@@ -68,7 +148,7 @@
 	TODO: check
 CVE-2006-0343 (Unspecified vulnerability in the Port Discovery Standard and Advanced ...)
 	TODO: check
-CVE-2006-0342 (MailSite HTTP Mail management agent (httpma) 7.0.3.1 allows remote ...)
+CVE-2006-0342 (RockLiffe MailSite HTTP Mail management agent (httpma) 7.0.3.1 allows ...)
 	TODO: check
 CVE-2006-0341 (Cross-site scripting (XSS) vulnerability in WCONSOLE.DLL in Rockliffe ...)
 	TODO: check
@@ -117,7 +197,7 @@
 	- mydns 1.1.0+pre-3 (medium)
 CVE-2006-XXXX [tor discovery of hidden services]
 	- tor <unfixed> (bug #349283)
-CVE-2006-0353 (unix_random.c in lsh before 2.0.1 leaks file descriptors related to ...)
+CVE-2006-0353 (unix_random.c in lsh 2.0.1 leaks file descriptors related to the ...)
 	- lsh-utils 2.0.1cdbs-4 (low; bug #349303)
 CVE-2006-0283 (Unspecified vulnerability in Oracle Database Server 10.1.0.4.2, ...)
 	NOT-FOR-US: Oracle
@@ -317,11 +397,10 @@
 	NOT-FOR-US: lpsched in Sun Solaris
 CVE-2006-0226 (Integer overflow in IEEE 802.11 network subsystem (ieee80211_ioctl.c) ...)
 	NOT-FOR-US: freebsd kernel
-CVE-2006-0225 [scp in OpenSSH suffers from shell code injection in local-to-local copies]
-	RESERVED
+CVE-2006-0225 (scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands ...)
 	- openssh <unfixed> (low; bug #349645)
-CVE-2006-0224
-	RESERVED
+CVE-2006-0224 (Buffer overflow in Library of Assorted Spiffy Things (LibAST) 0.6.1 ...)
+	TODO: check
 CVE-2005-4665 (Cross-site scripting (XSS) vulnerability in PunBB 1.2.6 and earlier ...)
 	NOT-FOR-US: PunBB
 CVE-2006-0223 (Directory traversal vulnerability in Shanghai TopCMM 123 Flash Chat ...)
@@ -739,6 +818,7 @@
 	[sarge] - smstools 1.14.8-1sarge0
 	- smstools 1.16-1.1 (bug #347221; medium)
 CVE-2006-0106 (gdi/driver.c and gdi/printdrv.c in Wine 20050930, and other versions, ...)
+	{DSA-954-1}
 	{CVE-2005-4560}
 	- wine 0.9.2-1 (bug #346197; medium)
 CVE-2006-0082 (Format string vulnerability in the SetImageInfo function in image.c ...)
@@ -1859,6 +1939,7 @@
 	- php5 5.1.1-1
 	NOTE: PHP 5 in Debian is vulnerable according to the changelog.
 CVE-2005-4153 (Mailman 2.1.4 through 2.1.6 allows remote attackers to cause a denial ...)
+	{DSA-955-1}
 	- mailman 2.1.5-10
 CVE-2005-4152 (Soti Pocket Controller-Professional 5.0 allows remote attackers to ...)
 	NOT-FOR-US: Soti Pocket Controller-Professional 
@@ -3276,14 +3357,14 @@
 CVE-2005-3629
 	RESERVED
 CVE-2005-3628 (Buffer overflow in the JBIG2Bitmap::JBIG2Bitmap function in ...)
-	{DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1}
+	{DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1 DTSA-28-1}
 	- kdegraphics 3.5.0-3
 	- gpdf 2.10.0-2 (bug #342286)
 	- xpdf 3.01-4
 	- koffice 1:1.4.2-6 (bug #342294)
 	- libextractor 0.5.9-1
 CVE-2005-3627 (Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, ...)
-	{DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1}
+	{DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1 DTSA-28-1}
 	- poppler 0.4.4-1 (bug #346076)
 	- tetex <not-affected> (Links dynamically to poppler)
 	- kdegraphics 3.5.0-3
@@ -3292,7 +3373,7 @@
 	- koffice 1:1.4.2-6 (bug #342294)
 	- libextractor 0.5.9-1
 CVE-2005-3626 (Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, ...)
-	{DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1}
+	{DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1 DTSA-28-1}
 	- poppler 0.4.3-2
 	- kdegraphics 3.5.0-3
 	- xpdf 3.01-4
@@ -3300,7 +3381,7 @@
 	- koffice 1:1.4.2-6 (bug #342294)
 	- libextractor 0.5.9-1
 CVE-2005-3625 (Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, ...)
-	{DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1}
+	{DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1 DTSA-28-1}
 	- poppler 0.4.4-1 (bug #346076)
 	- tetex <not-affected> (Links dynamically to poppler)
 	- kdegraphics 3.5.0-3
@@ -3309,7 +3390,7 @@
 	- koffice 1:1.4.2-6 (bug #342294)
 	- libextractor 0.5.9-1
 CVE-2005-3624 (The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, ...)
-	{DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1}
+	{DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1 DTSA-28-1}
 	- poppler 0.4.4-1 (bug #346076)
 	- tetex <not-affected> (Links dynamically to poppler)
 	- gpdf 2.10.0-2 (bug #342286)
@@ -3415,6 +3496,7 @@
 CVE-2005-3574 (PHP file inclusion vulnerability in index.php of iCMS allows remote ...)
 	NOT-FOR-US: iCMS
 CVE-2005-3573 (Scrubber.py in Mailman 2.1.5-8 does not properly handle UTF8 character ...)
+	{DSA-955-1}
 	- mailman 2.1.5-10 (bug #327732; bug #339095; medium)
 CVE-2005-3572 (SQL injection vulnerability in index.php in Peel 2.6 through 2.7 ...)
 	NOT-FOR-US: Peel
@@ -4752,7 +4834,7 @@
 CVE-2005-3194 (Multiple buffer overflows in ALZip 6.12 (Korean), 6.1 (International), ...)
 	NOT-FOR-US: ALZip
 CVE-2005-3193 (Heap-based buffer overflow in the JPXStream::readCodestream function ...)
-	{DSA-950-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1}
+	{DSA-950-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1 DTSA-28-1}
 	- xpdf 3.01-3 (bug #342281; bug #342337; medium)
 	- gpdf 2.10.0-1 (bug #342286; medium)
 	- pdftohtml <not-affected> (Vulnerable xpdf code not contained)
@@ -8714,7 +8796,7 @@
 	NOTE: 2.6.8 and 2.4.27 not affected
 	- linux-2.6 2.6.12-3 (bug #323039; medium)
 CVE-2005-2097 (xpdf and kpdf do not properly validate the &quot;loca&quot; table in PDF files, ...)
-	{DSA-936-1 DSA-780-1}
+	{DSA-936-1 DSA-780-1 DTSA-28-1}
 	- kdegraphics 4:3.4.2-1 (bug #322458; low)
 	- xpdf 3.00-15 (bug #322462; low)
 	- tetex-bin <not-affected> (pdftex doesn't include or use the vulnerable code)

More information about the Secure-testing-commits mailing list