[Secure-testing-commits] r4461 - data/CVE

Stefan Fritsch stef-guest at costa.debian.org
Fri Jul 28 16:21:36 UTC 2006 

Author: stef-guest
Date: 2006-07-28 16:21:34 +0000 (Fri, 28 Jul 2006)
New Revision: 4461

Modified:
   data/CVE/list
Log:
- CVE-2006-3747: new apache issue
- ldap-account-manager issues don't affect sarge
- CVE-2006-3486: unimportant mysql issue fixed
- CVE-2006-3320: sitebar issue fixed


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-07-27 19:14:44 UTC (rev 4460)
+++ data/CVE/list	2006-07-28 16:21:34 UTC (rev 4461)
@@ -178,8 +178,10 @@
 	TODO: check
 CVE-2006-3748 (PHP remote file inclusion vulnerability in ...)
 	TODO: check
-CVE-2006-3747
+CVE-2006-3747 [apache mod_rewrite off-by-one bug]
 	RESERVED
+	- apache <unfixed> (medium)
+	- apache2 <unfixed> (medium; bug #380182)
 CVE-2006-3746
 	RESERVED
 CVE-2006-3745
@@ -202,8 +204,10 @@
 	- htdig 1:3.2.0b6-1
 CVE-2006-XXXX [ldap account manager sets trivial password instead of disabling it]
 	- ldap-account-manager 1.0.2-1.1 (bug #368804; medium)
+	[sarge] - ldap-account-manager <not-affected>
 CVE-2006-XXXX [ldap account manager wrongly unlocks some passwords]
 	- ldap-account-manager 1.0.3-1 (bug #375453; medium)
+	[sarge] - ldap-account-manager <not-affected>
 CVE-2006-3737 (Cross-site scripting (XSS) vulnerability in ...)
 	NOT-FOR-US: Plesk
 CVE-2006-3736 (PHP remote file inclusion vulnerability in core/videodb.class.xml.php ...)
@@ -782,7 +786,7 @@
 CVE-2006-3459
 	RESERVED
 CVE-2006-3486 (** DISPUTED ** ...)
-	- mysql-dfsg-5.0 <unfixed> (unimportant)
+	- mysql-dfsg-5.0 5.0.22-4 (unimportant)
 	[sarge] - mysql-dfsg-4.1 <not-affected> (Vulnerable code not present)
 	[sarge] - mysql-dfsg <not-affected> (Vulnerable code not present)
 	NOTE: Only DoS possible, only root can trigger this -> non-issue
@@ -1073,7 +1077,7 @@
 CVE-2006-3321 (Multiple cross-site scripting (XSS) vulnerabilities in openforum.asp ...)
 	NOT-FOR-US: OpenForum
 CVE-2006-3320 (Cross-site scripting (XSS) vulnerability in command.php in SiteBar ...)
-	- sitebar <unfixed> (bug #377299; low)
+	- sitebar 3.3.8-1.1 (bug #377299; low)
 CVE-2006-3319 (Cross-site scripting (XSS) vulnerability in rss/index.php in PHP ...)
 	NOT-FOR-US: PHP iCalendar
 CVE-2006-3318 (SQL injection vulnerability in register.php for phpRaid 3.0.6 and ...)

More information about the Secure-testing-commits mailing list