[Secure-testing-commits] r4202 - data/CVE

Stefan Fritsch stef-guest at costa.debian.org
Tue Jun 13 23:18:32 UTC 2006 

Author: stef-guest
Date: 2006-06-13 23:18:28 +0000 (Tue, 13 Jun 2006)
New Revision: 4202

Modified:
   data/CVE/list
Log:
asterisk fixed
acidbase fixed
php4 fixed
php5 fixed
cscope fixed
xine-ui fixed


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-06-13 22:34:15 UTC (rev 4201)
+++ data/CVE/list	2006-06-13 23:18:28 UTC (rev 4202)
@@ -222,7 +222,7 @@
 CVE-2006-2899 (Unspecified vulnerability in ESTsoft InternetDISK versions before ...)
 	NOT-FOR-US: ESTsoft InternetDISK
 CVE-2006-2898 (The IAX2 channel driver (chan_iax2) for Asterisk 1.2.x before 1.2.9 ...)
-	- asterisk <unfixed>
+	- asterisk 1:1.2.7.1.dfsg-3
 	- iax 0.2.2-5
 	- iaxmodem 0.1.8.dfsg-2
 CVE-2006-2897 (Cross-site scripting (XSS) vulnerability in FunkBoard 0.71 allows ...)
@@ -746,7 +746,7 @@
 CVE-2006-2686 (PHP remote file inclusion vulnerabilities in ActionApps 2.8.1 allow ...)
 	NOT-FOR-US: ActionApps
 CVE-2006-2685 (PHP remote file inclusion vulnerability in Basic Analysis and Security ...)
-	- acidbase <unfixed> (bug #370576; low)
+	- acidbase 1.2.5-1 (bug #370576; low)
 CVE-2006-2684 (Cross-site scripting (XSS) vulnerability in the search module in CMS ...)
 	NOT-FOR-US: Mundo
 CVE-2006-2683 (PHP remote file inclusion vulnerability in 404.php in open-medium.CMS ...)
@@ -2299,10 +2299,10 @@
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2006-1991 (The substr_compare function in string.c in PHP 4.4.2 and 5.1.2 allows ...)
 	- php4 <unfixed> (bug #365311; medium)
-	- php5 <unfixed> (bug #365312; medium)
+	- php5 5.1.4-0.1 (bug #365312; medium)
 CVE-2006-1990 (Integer overflow in the wordwrap function in string.c in PHP 4.4.2 and ...)
-	- php4 <unfixed> (bug #365311; medium)
-	- php5 <unfixed> (bug #365312; medium)
+	- php4 4:4.4.2-1.1 (bug #365311; medium)
+	- php5 5.1.4-0.1 (bug #365312; medium)
 CVE-2006-1989 (Buffer overflow in the get_database function in the HTTP client in ...)
 	{DSA-1050-1}
 	- clamav 0.88.2
@@ -2534,7 +2534,7 @@
 CVE-2006-1906 (Cross-site scripting (XSS) vulnerability in index.php in jjgan852 ...)
 	NOT-FOR-US: phpLister
 CVE-2006-1905 (Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine ...)
-	- xine-ui <unfixed> (bug #363370; medium)
+	- xine-ui 0.99.4-1 (bug #363370; medium)
 CVE-2006-1904 (Cross-site scripting (XSS) vulnerability in index.php in AnimeGenesis ...)
 	NOT-FOR-US: AnimeGenesis Gallery
 CVE-2006-1903 (Multiple cross-site scripting (XSS) vulnerabilities in UserLand Manila ...)
@@ -3311,7 +3311,7 @@
 CVE-2006-1608 (The copy function in file.c in PHP 4.4.2 and 5.1.2 allows local users ...)
 	- php4 <unfixed> (bug #361856)
 	[sarge] - php4 <no-dsa> (Safe mode violations not supported)
-	- php5 <unfixed> (bug #361915)
+	- php5 5.1.4-0.1 (bug #361915)
 CVE-2006-1607 (Unspecified vulnerability in the banner module in Exponent CMS before ...)
 	NOT-FOR-US: Exponent CMS
 CVE-2006-1606 (Unspecified vulnerability in the image module in Exponent CMS before ...)
@@ -3354,7 +3354,7 @@
 CVE-2006-1591 (Heap-based buffer overflow in Microsoft Windows Help winhlp32.exe ...)
 	NOT-FOR-US: Microsoft Windows Help 
 CVE-2006-1590 (Cross-site scripting (XSS) vulnerability in the PrintFreshPage ...)
-	- acidbase <unfixed> (bug #363548; low)
+	- acidbase 1.2.5-1 (bug #363548; low)
 	[sarge] - acidbase <no-dsa> (Hardly exploitable)
 	- acidlab <unfixed> (bug #363549; low)
 	[sarge] - acidlab <no-dsa> (Hardly exploitable)
@@ -3453,7 +3453,7 @@
 	NOT-FOR-US: PAJAX
 CVE-2006-1549 (PHP 4.4.2 and 5.1.2 allows local users to cause a crash (segmentation ...)
 	- php4 <unfixed> (bug #361854)
-	- php5 <unfixed> (bug #361917)
+	- php5 5.1.4-0.1 (bug #361917)
 CVE-2005-4767 (BEA WebLogic Server and WebLogic Express 8.1 SP5 and earlier, and 7.0 ...)
 	NOT-FOR-US: BEA WebLogic
 CVE-2005-4766 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 ...)
@@ -3649,7 +3649,7 @@
 	NOT-FOR-US: PHPCollab / NetOffice
 CVE-2006-1494 (Directory traversal vulnerability in file.c in PHP 4.4.2 and 5.1.2 ...)
 	- php4 <unfixed> (bug #361855)
-	- php5 <unfixed> (bug #361916)
+	- php5 5.1.4-0.1 (bug #361916)
 CVE-2006-1493 (Cross-site scripting (XSS) vulnerability in dir.php in Explorer XP ...)
 	NOT-FOR-US: Explorer XP
 CVE-2006-1492 (Directory traversal vulnerability in dir.php in Explorer XP allows ...)
@@ -3683,8 +3683,8 @@
 	{DSA-1034-1 DSA-1033-1}
 	- horde3 3.1.1-1 (bug #361967)
 CVE-2006-1490 (PHP before 5.1.3-RC1 might allow remote attackers to obtain portions ...)
-	- php5 <unfixed> (bug #359904; low)
-	- php4 <unfixed> (bug #359907; low)
+	- php5 5.1.4-0.1 (bug #359907; low)
+	- php4 4:4.4.2-1.1 (bug #359904; low)
 CVE-2006-1488 (ActiveCampaign SupportTrio 2.5 allows remote attackers to obtain the ...)
 	NOT-FOR-US: ActiveCampaign SupportTrio
 CVE-2006-1487 (Cross-site scripting (XSS) vulnerability in ActiveCampaign SupportTrio ...)
@@ -4740,10 +4740,10 @@
 CVE-2006-1016 (Buffer overflow in the IsComponentInstalled method in Internet ...)
 	NOT-FOR-US: Windows
 CVE-2006-1015 (Argument injection vulnerability in certain PHP 3.x, 4.x, and 5.x ...)
-	- php5 <unfixed> (bug #368595; low)
+	- php5 5.1.4-0.1 (bug #368595; low)
 	- php4 <unfixed> (bug #368592; low)
 CVE-2006-1014 (Argument injection vulnerability in certain PHP 4.x and 5.x ...)
-	- php5 <unfixed> (bug #368595; low)
+	- php5 5.1.4-0.1 (bug #368595; low)
 	- php4 <unfixed> (bug #368592; low)
 CVE-2006-1013 (PHP remote file include vulnerability in index.php in SMartBlog (aka ...)
 	NOT-FOR-US: SMartBlog
@@ -4782,7 +4782,7 @@
 	NOT-FOR-US: Novell
 CVE-2006-0996 (Cross-site scripting (XSS) vulnerability in phpinfo (info.c) in PHP ...)
 	- php4 <unfixed> (bug #361853)
-	- php5 <unfixed> (bug #361914)
+	- php5 5.1.4-0.1 (bug #361914)
 CVE-2006-0995 (EMC Dantz Retrospect 7 backup client 7.0.107, and other versions ...)
 	NOT-FOR-US: EMC Dantz Retrospect
 CVE-2006-0994 (Multiple Sophos Anti-Virus products, including Anti-Virus for Windows ...)
@@ -9506,7 +9506,7 @@
 	NOT-FOR-US: Dynix WebPac
 CVE-2004-2541 (Buffer overflow in Cscope 15.5, and possibly multiple overflows, ...)
 	{DSA-1064-1}
-	- cscope <unfixed> (bug #340177; medium)
+	- cscope 15.5+cvs20050816-1.1 (bug #340177; medium)
 	NOTE: Sarge and Woody are affected
 CVE-2005-XXXX [unsafe file permissions in vpnc]
 	- vpnc 0.3.3+SVN20051028-3 (bug #340105; unimportant)

More information about the Secure-testing-commits mailing list