[Secure-testing-commits] r4147 - data/CVE
Florian Weimer
fw at costa.debian.org
Mon Jun 5 12:40:10 UTC 2006
Author: fw
Date: 2006-06-05 12:40:08 +0000 (Mon, 05 Jun 2006)
New Revision: 4147
Modified:
data/CVE/list
Log:
NFUs
CVE-2006-2802: xine-lib CVE was assigned
CVE-2006-2789: evolution alread fixed
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-06-05 12:18:59 UTC (rev 4146)
+++ data/CVE/list 2006-06-05 12:40:08 UTC (rev 4147)
@@ -3,39 +3,41 @@
CVE-2006-XXXX [PHP injection vulnerability in dokuwiki via curly braces]
- dokuwiki <unfixed> (medium)
CVE-2006-2805 (SQL injection vulnerability in VBulletin 3.0.10 allows remote ...)
- TODO: check
+ NOT-FOR-US: vBulletin
CVE-2006-2804 (Cross-site scripting (XSS) vulnerability in index.cfm in Goss iCM 7.0 ...)
- TODO: check
+ NOT-FOR-US: Goss iCM
CVE-2006-2803 (Multiple cross-site scripting (XSS) vulnerabilities in PHP ManualMaker ...)
- TODO: check
+ NOT-FOR-US: PHP ManualMaker
CVE-2006-2802 (Buffer overflow in the HTTP Plugin (xineplug_inp_http.so) for xine-lib ...)
- TODO: check
+ - xine-lib <unfixed> (bug #369876; medium)
CVE-2006-2801 (Multiple SQL injection vulnerabilities in Unak CMS 1.5 RC2 and earlier ...)
- TODO: check
+ NOT-FOR-US: Unak CMS
CVE-2006-2800 (Multiple cross-site scripting (XSS) vulnerabilities in Unak CMS 1.5 ...)
- TODO: check
+ NOT-FOR-US: Unak CMS
CVE-2006-2799 (Cross-site scripting (XSS) vulnerability in content_footer.php in ...)
- TODO: check
+ NOT-FOR-US: toendaCMS
CVE-2006-2798 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- TODO: check
+ NOT-FOR-US: phpCommunityCalendar
CVE-2006-2797 (Multiple SQL injection vulnerabilities in phpCommunityCalendar 4.0.3 ...)
- TODO: check
+ NOT-FOR-US: phpCommunityCalendar
CVE-2006-2796 (Cross-site scripting (XSS) vulnerability in gallery.php in Captivate ...)
- TODO: check
+ NOT-FOR-US: Captivate gallery.php
CVE-2006-2795 (Multiple cross-site scripting (XSS) vulnerabilities in XiTi Tracking ...)
- TODO: check
+ NOT-FOR-US: XiTi Tracking Script
CVE-2006-2794 (Hesabim.asp in ASPSitem 2.0 and earlier allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: ASPSitem
CVE-2006-2793 (SQL injection vulnerability in Anket.asp in ASPSitem 2.0 and earlier ...)
- TODO: check
+ NOT-FOR-US: ASPSitem
CVE-2006-2792 (SQL injection vulnerability in misc.php in Woltlab Burning Board (WBB) ...)
- TODO: check
+ NOT-FOR-US: wbboard
CVE-2006-2791 (Directory traversal vulnerability in index.php in iBoutique.MALL and ...)
- TODO: check
+ NOT-FOR-US: iBoutique.MALL
CVE-2006-2790 (A package component in Sun Storage Automated Diagnostic Environment ...)
- TODO: check
+ NOT-FOR-US: Sun StorADE
CVE-2006-2789 (Evolution 2.2.x and 2.3.x in GNOME 2.7 and 2.8, when "load images if ...)
- TODO: check
+ - evolution 2.4.0-1 (low)
+ NOTE: Verified that the patch has been applied in 2.4.0-1,
+ NOTE: may have been fixed earlier.
CVE-2006-2788 (Double-free vulnerability in the getRawDER function for nsIX509Cert in ...)
TODO: check
CVE-2006-2787 (EvalInSandbox in Mozilla Firefox and Thunderbird before 1.5.0.4 allows ...)
@@ -322,8 +324,6 @@
TODO: check
CVE-2006-2644 (AWStats 6.5, and possibly other versions, allows remote authenticated ...)
TODO: check
-CVE-2006-XXXX [libxine buffer overflow in the HTTP header parser]
- - xine-lib <unfixed> (bug #369876; medium)
CVE-2006-XXXX [libxine1 overflow via a specially-crafted AVI file]
- xine-lib <unfixed> (bug #369876; medium)
CVE-2006-XXXX [specialy crafted WAV turns mkvmerge into a malloc bomb]
More information about the Secure-testing-commits
mailing list