[Secure-testing-commits] r4166 - data/CVE

Moritz Muehlenhoff jmm-guest at costa.debian.org
Fri Jun 9 08:11:48 UTC 2006 

Author: jmm-guest
Date: 2006-06-09 08:11:44 +0000 (Fri, 09 Jun 2006)
New Revision: 4166

Modified:
   data/CVE/list
Log:
new asterisk issue
mediawiki not-affected
mozilla non-issue
NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-06-08 12:28:44 UTC (rev 4165)
+++ data/CVE/list	2006-06-09 08:11:44 UTC (rev 4166)
@@ -1,27 +1,30 @@
 CVE-2006-2899 (Unspecified vulnerability in ESTsoft InternetDISK versions before ...)
-	TODO: check
+	NOT-FOR-US: ESTsoft InternetDISK
 CVE-2006-2898 (Unspecified vulnerability in the IAX2 channel driver (chan_iax2) for ...)
-	TODO: check
+	- asterisk <unfixed>
 CVE-2006-2897 (Cross-site scripting (XSS) vulnerability in FunkBoard 0.71 allows ...)
-	TODO: check
+	NOT-FOR-US: Funkboard
 CVE-2006-2896 (profile.php in FunkBoard CF0.71 allows remote attackers to change ...)
-	TODO: check
+	NOT-FOR-US: Funkboard
 CVE-2006-2895 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.6.0 up to ...)
-	TODO: check
+	- mediawiki <not-affected> (Affects only 1.6.0-1.6.6)
 CVE-2006-2894 (Mozilla Firefox 1.5.0.4, Mozilla Suite 1.7.13, Mozilla SeaMonkey ...)
-	TODO: check
+	NOTE: There are very few scenarios, where this could be exploited
+	NOTE: We can probably ignore this
+	TODO: check further
 CVE-2006-2893 (index.php in GANTTy 1.0.3 allows remote attackers to obtain the full ...)
+	NOT-FOR-US: GANTTy
 	TODO: check
 CVE-2006-2892 (Cross-site scripting (XSS) vulnerability in index.php in GANTTy 1.0.3 ...)
-	TODO: check
+	NOT-FOR-US: GANTTy
 CVE-2006-2891 (Cross-site scripting (XSS) vulnerability in admin/index.php for ...)
-	TODO: check
+	NOT-FOR-US: Pixelpost
 CVE-2006-2890 (Pixelpost 1-5rc1-2 and earlier, when register_globals is enabled, ...)
-	TODO: check
+	NOT-FOR-US: Pixelpost
 CVE-2006-2889 (Multiple SQL injection vulnerabilities in index.php in Pixelpost ...)
-	TODO: check
+	NOT-FOR-US: Pixelpost
 CVE-2006-2888 (PHP remote file inclusion vulnerability in _wk/wk_lang.php in Wikiwig ...)
-	TODO: check
+	NOT-FOR-US: Wikiwig
 CVE-2006-2887 (Multiple SQL injection vulnerabilities in myNewsletter 1.1.2 and ...)
 	TODO: check
 CVE-2006-2886 (view.php in KnowledgeTree Open Source 3.0.3 and earlier allows remote ...)

More information about the Secure-testing-commits mailing list