[Secure-testing-commits] r4335 - data/CVE
Alec Berryman
alec-guest at costa.debian.org
Wed Jul 5 19:45:13 UTC 2006
Author: alec-guest
Date: 2006-07-05 19:45:11 +0000 (Wed, 05 Jul 2006)
New Revision: 4335
Modified:
data/CVE/list
Log:
* CVE-2006-3174, CVE-2006-2842 (squirrelmail): fixed, both flaws theoretical/low-impact/disputed
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-07-04 23:32:26 UTC (rev 4334)
+++ data/CVE/list 2006-07-05 19:45:11 UTC (rev 4335)
@@ -326,8 +326,7 @@
CVE-2006-3175 (Multiple PHP remote file inclusion vulnerabilities in mcGuestbook 1.3 ...)
NOT-FOR-US: mcGuestbook
CVE-2006-3174 (Cross-site scripting (XSS) vulnerability in search.php in SquirrelMail ...)
- NOTE: unreproducable
- - squirrelmail <not-affected> (bug #375782; low)
+ - squirrelmail 2:1.4.7-1 (bug #375782; low)
[sarge] - squirrelmail <no-dsa> (Operation with registers_globals not supported)
CVE-2006-3173 (Multiple PHP remote file inclusion vulnerabilities in Content*Builder ...)
TODO: check
@@ -1114,7 +1113,7 @@
CVE-2005-2460 (Multiple cross-site scripting (XSS) vulnerabilities in Kayako ...)
NOT-FOR-US: Kayako liveResponse
CVE-2006-2842 (** DISPUTED ** ...)
- - squirrelmail <unfixed> (unimportant)
+ - squirrelmail 2:1.4.7-1 (unimportant)
NOTE: Only exploitable with register_globals enabled
CVE-2006-XXXX [XSS vulnerability in dokuwikis's "Fullname" and "E-Mail" fields]
- dokuwiki <unfixed> (medium)
More information about the Secure-testing-commits
mailing list