[Secure-testing-commits] r4147 - data/CVE

Florian Weimer fw at costa.debian.org
Mon Jun 5 12:40:10 UTC 2006


Author: fw
Date: 2006-06-05 12:40:08 +0000 (Mon, 05 Jun 2006)
New Revision: 4147

Modified:
   data/CVE/list
Log:
NFUs
CVE-2006-2802: xine-lib CVE was assigned
CVE-2006-2789: evolution alread fixed


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-06-05 12:18:59 UTC (rev 4146)
+++ data/CVE/list	2006-06-05 12:40:08 UTC (rev 4147)
@@ -3,39 +3,41 @@
 CVE-2006-XXXX [PHP injection vulnerability in dokuwiki via curly braces]
 	- dokuwiki <unfixed> (medium)
 CVE-2006-2805 (SQL injection vulnerability in VBulletin 3.0.10 allows remote ...)
-	TODO: check
+	NOT-FOR-US: vBulletin
 CVE-2006-2804 (Cross-site scripting (XSS) vulnerability in index.cfm in Goss iCM 7.0 ...)
-	TODO: check
+	NOT-FOR-US: Goss iCM
 CVE-2006-2803 (Multiple cross-site scripting (XSS) vulnerabilities in PHP ManualMaker ...)
-	TODO: check
+	NOT-FOR-US: PHP ManualMaker
 CVE-2006-2802 (Buffer overflow in the HTTP Plugin (xineplug_inp_http.so) for xine-lib ...)
-	TODO: check
+	- xine-lib <unfixed> (bug #369876; medium)
 CVE-2006-2801 (Multiple SQL injection vulnerabilities in Unak CMS 1.5 RC2 and earlier ...)
-	TODO: check
+	NOT-FOR-US: Unak CMS
 CVE-2006-2800 (Multiple cross-site scripting (XSS) vulnerabilities in Unak CMS 1.5 ...)
-	TODO: check
+	NOT-FOR-US: Unak CMS
 CVE-2006-2799 (Cross-site scripting (XSS) vulnerability in content_footer.php in ...)
-	TODO: check
+	NOT-FOR-US: toendaCMS
 CVE-2006-2798 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
-	TODO: check
+	NOT-FOR-US: phpCommunityCalendar
 CVE-2006-2797 (Multiple SQL injection vulnerabilities in phpCommunityCalendar 4.0.3 ...)
-	TODO: check
+	NOT-FOR-US: phpCommunityCalendar
 CVE-2006-2796 (Cross-site scripting (XSS) vulnerability in gallery.php in Captivate ...)
-	TODO: check
+	NOT-FOR-US: Captivate gallery.php
 CVE-2006-2795 (Multiple cross-site scripting (XSS) vulnerabilities in XiTi Tracking ...)
-	TODO: check
+	NOT-FOR-US: XiTi Tracking Script
 CVE-2006-2794 (Hesabim.asp in ASPSitem 2.0 and earlier allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: ASPSitem
 CVE-2006-2793 (SQL injection vulnerability in Anket.asp in ASPSitem 2.0 and earlier ...)
-	TODO: check
+	NOT-FOR-US: ASPSitem
 CVE-2006-2792 (SQL injection vulnerability in misc.php in Woltlab Burning Board (WBB) ...)
-	TODO: check
+	NOT-FOR-US: wbboard
 CVE-2006-2791 (Directory traversal vulnerability in index.php in iBoutique.MALL and ...)
-	TODO: check
+	NOT-FOR-US: iBoutique.MALL
 CVE-2006-2790 (A package component in Sun Storage Automated Diagnostic Environment ...)
-	TODO: check
+	NOT-FOR-US: Sun StorADE
 CVE-2006-2789 (Evolution 2.2.x and 2.3.x in GNOME 2.7 and 2.8, when &quot;load images if ...)
-	TODO: check
+	- evolution 2.4.0-1 (low)
+	NOTE: Verified that the patch has been applied in 2.4.0-1,
+	NOTE: may have been fixed earlier.
 CVE-2006-2788 (Double-free vulnerability in the getRawDER function for nsIX509Cert in ...)
 	TODO: check
 CVE-2006-2787 (EvalInSandbox in Mozilla Firefox and Thunderbird before 1.5.0.4 allows ...)
@@ -322,8 +324,6 @@
 	TODO: check
 CVE-2006-2644 (AWStats 6.5, and possibly other versions, allows remote authenticated ...)
 	TODO: check
-CVE-2006-XXXX [libxine buffer overflow in the HTTP header parser]
-	- xine-lib <unfixed> (bug #369876; medium)
 CVE-2006-XXXX [libxine1 overflow via a specially-crafted AVI file]
 	- xine-lib <unfixed> (bug #369876; medium)
 CVE-2006-XXXX [specialy crafted WAV turns mkvmerge into a malloc bomb]




More information about the Secure-testing-commits mailing list