[Secure-testing-commits] r4351 - data/CVE

Alec Berryman alec-guest at costa.debian.org
Sat Jul 8 02:16:35 UTC 2006 

Author: alec-guest
Date: 2006-07-08 02:16:33 +0000 (Sat, 08 Jul 2006)
New Revision: 4351

Modified:
   data/CVE/list
Log:
* CVE-2006-3334 (libpng): high DoS/buffer-overflow-to-code-execution
* CVE-2006-3325, CVE-2006-3324 (quake3): itp, contrib
* CVE-2006-3320 (sitebar): low XSS


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-07-08 02:13:00 UTC (rev 4350)
+++ data/CVE/list	2006-07-08 02:16:33 UTC (rev 4351)
@@ -35,7 +35,7 @@
 CVE-2006-3335 (Unspecified vulnerability in mkdir in HP-UX B.11.00, B.11.04, B.11.11, ...)
 	NOT-FOR-US: HP-UX
 CVE-2006-3334 (Buffer overflow in the png_decompress_chunk function in pngrutil.c in ...)
-	TODO: check
+	- libpng <unfixed> (bug filed; high)
 CVE-2006-3333 (Cross-site scripting (XSS) vulnerability in index.php in Zorum Forum ...)
 	NOT-FOR-US: Zorum Forum
 CVE-2006-3332 (SQL injection vulnerability in index.php in Zorum Forum 3.5 allows ...)
@@ -53,9 +53,9 @@
 CVE-2006-3326 (Directory traversal vulnerability in QuickZip 3.06.3 allows remote ...)
 	NOT-FOR-US: QuickZip
 CVE-2006-3325 (client/cl_parse.c in the id3 Quake 3 Engine 1.32c and the Icculus ...)
-	TODO: check
+	- quake3 <itp> (bug #337937)
 CVE-2006-3324 (The Automatic Downloading option in the id3 Quake 3 Engine and the ...)
-	TODO: check
+	- quake3 <itp> (bug #337937)
 CVE-2006-3323 (PHP remote file inclusion vulnerability in admin/admin.php in MF ...)
 	NOT-FOR-US: MF Piadas
 CVE-2006-3322 (SQL injection vulnerability in includes/functions_logging.php in ...)
@@ -63,7 +63,7 @@
 CVE-2006-3321 (Multiple cross-site scripting (XSS) vulnerabilities in openforum.asp ...)
 	NOT-FOR-US: OpenForum
 CVE-2006-3320 (Cross-site scripting (XSS) vulnerability in command.php in SiteBar ...)
-	TODO: check
+	- sitebar <unfixed> (bug filed; low)
 CVE-2006-3319 (Cross-site scripting (XSS) vulnerability in rss/index.php in PHP ...)
 	TODO: check
 CVE-2006-3318 (SQL injection vulnerability in register.php for phpRaid 3.0.6 and ...)

More information about the Secure-testing-commits mailing list