[Secure-testing-commits] r4253 - data/CVE

Alec Berryman alec-guest at costa.debian.org
Sat Jun 17 06:07:41 UTC 2006 

Author: alec-guest
Date: 2006-06-17 06:07:39 +0000 (Sat, 17 Jun 2006)
New Revision: 4253

Modified:
   data/CVE/list
Log:
* CVE-2006-2230 (xine-ui): found fixed version
* CVE-2006-1991 (php4): found fixed version
* CVE-2005-3330 (wordpress): bug closed last year, maintainer says the
                             component isn't vulnerable, marking unaffected


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-06-16 22:30:51 UTC (rev 4252)
+++ data/CVE/list	2006-06-17 06:07:39 UTC (rev 4253)
@@ -1879,7 +1879,7 @@
 	NOT-FOR-US: Big Webmaster Guestbook Script
 CVE-2006-2230 (Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine ...)
 	{DSA-1093-1}
-	- xine-ui <unfixed> (medium; bug #363370)
+	- xine-ui 0.99.4-1 (medium; bug #363370)
 CVE-2006-2229 (OpenVPN 2.0.7 and earlier, when configured to use the --management ...)
 	- openvpn <unfixed> (unimportant)
 	NOTE: One needs to explicitly set the IP to something else than 127.0.0.1
@@ -2421,7 +2421,7 @@
 CVE-2006-1992 (mshtml.dll 6.00.2900.2873, as used in Microsoft Internet Explorer, ...)
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2006-1991 (The substr_compare function in string.c in PHP 4.4.2 and 5.1.2 allows ...)
-	- php4 <unfixed> (bug #365311; medium)
+	- php4 4:4.4.2-1.1 (bug #365311; medium)
 	- php5 5.1.4-0.1 (bug #365312; medium)
 CVE-2006-1990 (Integer overflow in the wordwrap function in string.c in PHP 4.4.2 and ...)
 	- php4 4:4.4.2-1.1 (bug #365311; medium)
@@ -10824,9 +10824,8 @@
 CVE-2005-3331 (viewpatch in mgdiff 1.0 allows local users to overwrite arbitrary ...)
 	- mgdiff 1.0-28 (bug #335188; unimportant)
 CVE-2005-3330 (The _httpsrequest function in Snoopy 1.2, as used in products such as ...)
-	- wordpress <unfixed> (bug #335817; unimportant)
-	NOTE: The vulnerability is only exposed if the administrator edits
-	NOTE: non-configuration PHP files and adds https:// URLs.
+	- wordpress <not-affected> (bug #335817; unimportant)
+	NOTE: Upstream claims the modified Snoopy class is secure
 CVE-2005-3329 (Cross-site scripting (XSS) vulnerability in RSA Authentication Agent ...)
 	NOT-FOR-US: RSA Authentication Agent
 CVE-2005-3328 (PHP remote file inclusion vulnerability in common.php in PunBB 1.1.2 ...)

More information about the Secure-testing-commits mailing list