[Secure-testing-commits] r3590 - data/CVE

Stefan Fritsch stef-guest at costa.debian.org
Fri Mar 10 21:42:37 UTC 2006


Author: stef-guest
Date: 2006-03-10 21:42:31 +0000 (Fri, 10 Mar 2006)
New Revision: 3590

Modified:
   data/CVE/list
Log:
some NFUs; htpasswd setuid unsafeness

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-03-10 21:14:25 UTC (rev 3589)
+++ data/CVE/list	2006-03-10 21:42:31 UTC (rev 3590)
@@ -91,44 +91,46 @@
 	NOT-FOR-US: PHP-Stats
 CVE-2006-1083 (Multiple directory traversal vulnerabilities in PHP-Stats 0.1.9.1 and ...)
 	NOT-FOR-US: PHP-Stats
-begin claimed by stef-guest
 CVE-2006-1082 (Multiple cross-site scripting (XSS) vulnerabilities in phpArcadeScript ...)
-	TODO: check
+	NOT-FOR-US: phpArcadeScript
 CVE-2006-1081 (SQL injection vulnerability in forgotten_password.php in Jonathan ...)
-	TODO: check
+	NOT-FOR-US: PluggedOut Nexus 
 CVE-2006-1080 (Cross-site scripting (XSS) vulnerability in login.php in Game-Panel ...)
-	TODO: check
+	NOT-FOR-US: Game-Panel
 CVE-2006-1079 (htpasswd, as used in Acme thttpd 2.25b and possibly other products ...)
-	TODO: check
+	- thttpd 2.23beta1-2.4 (bug #253816; low)
+	NOTE: apache's htpasswd not vulnerable, but source contains note about
+	NOTE: not being safe for sudo
+	NOTE: filed whishlist bug to add this to manpage
 CVE-2006-1078 (Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, ...)
-	TODO: check
+	- thttpd 2.23beta1-2.4 (bug #253816; low)
+	NOTE: apache's htpasswd not vulnerable
 CVE-2006-1077 (Multiple cross-site scripting (XSS) vulnerabilities in Evo-Dev evoBlog ...)
-	TODO: check
+	NOT-FOR-US: Evo-Dev evoBlog
 CVE-2006-1076 (SQL injection vulnerability in index.php, possibly during a showtopic ...)
-	TODO: check
+	NOT-FOR-US: checkInvision Power Board 
 CVE-2006-1075 (Format string vulnerability in the visualization function in Jason ...)
-	TODO: check
+	NOT-FOR-US: Liero Xtreme 
 CVE-2006-1074 (Jason Boettcher Liero Xtreme 0.62b and earlier allow remote attackers ...)
-	TODO: check
+	NOT-FOR-US: Liero Xtreme 
 CVE-2006-1073 (Directory traversal vulnerability in index.php in Daverave Simplog ...)
-	TODO: check
+	NOT-FOR-US: Daverave Simplog
 CVE-2006-1072 (Cross-site scripting (XSS) vulnerability in Daverave Simplog 1.0.2 and ...)
-	TODO: check
+	NOT-FOR-US: Daverave Simplog
 CVE-2006-1071 (Cross-site scripting (XSS) vulnerability in index.php in DVguestbook ...)
-	TODO: check
+	NOT-FOR-US: DVguestbook
 CVE-2006-1070 (Cross-site scripting (XSS) vulnerability in dv_gbook.php in ...)
-	TODO: check
+	NOT-FOR-US: DVguestbook
 CVE-2006-1069 (Unspecified vulnerability in the session handling for Geeklog 1.4.x ...)
-	TODO: check
+	NOT-FOR-US: Geeklog
 CVE-2006-1068 (Netgear 614 and 624 routers, possibly running VXWorks, allow remote ...)
-	TODO: check
+	NOT-FOR-US: VXWorks
 CVE-2006-1067 (Linksys WRT54G routers version 5 (running VXWorks) allow remote ...)
-	TODO: check
+	NOT-FOR-US: VXWorks
 CVE-2006-1066
 	RESERVED
 CVE-2006-1065 (SQL injection vulnerability in search.php in MyBulletinBoard (MyBB) ...)
-	TODO: check
-end claimed by stef-guest
+	NOT-FOR-US: MyBulletinBoard
 CVE-2006-1064 (Multiple cross-site scripting (XSS) vulnerabilities in Lurker 2.0 and ...)
 	- lurker 2.1-1
 CVE-2006-1063 (Unspecified vulnerability in Lurker 2.0 and earlier allows remote ...)




More information about the Secure-testing-commits mailing list