[Secure-testing-commits] r3621 - in data: . CVE

Moritz Muehlenhoff jmm-guest at costa.debian.org
Thu Mar 16 09:18:02 UTC 2006 

Author: jmm-guest
Date: 2006-03-16 09:17:03 +0000 (Thu, 16 Mar 2006)
New Revision: 3621

Modified:
   data/CVE/list
   data/ID_pending
Log:
new libcgi-session-perl issues (fixed)
new drupal issues (fixed)
new snmptrapfmt issue (fixed)
peercast updated
removed old gallery2 provisional entry already CVEfied


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-03-16 09:14:21 UTC (rev 3620)
+++ data/CVE/list	2006-03-16 09:17:03 UTC (rev 3621)
@@ -1,3 +1,5 @@
+CVE-2006-XXXX [Multiple issues in libcgi-session-perl]
+	- libcgi-session-perl 4.07-1
 CVE-2006-1244 (Unspecified vulnerability in certain versions of xpdf after 3.00, as ...)
 	TODO: check
 CVE-2006-1243 (Directory traversal vulnerability in install05.php in Simple PHP Blog ...)
@@ -35,13 +37,13 @@
 CVE-2006-1229 (SQL injection vulnerability in search.asp in Hosting Controller 6.1 ...)
 	TODO: check
 CVE-2006-1228 (Session fixation vulnerability in Drupal 4.5.x before 4.5.8 and 4.6.x ...)
-	TODO: check
+	- drupal 4.5.8-1
 CVE-2006-1227 (Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8, when menu.module is ...)
-	TODO: check
+	- drupal 4.5.8-1
 CVE-2006-1226 (Cross-site scripting (XSS) vulnerability in Drupal 4.5.x before 4.5.8 ...)
-	TODO: check
+	- drupal 4.5.8-1
 CVE-2006-1225 (CRLF injection vulnerability in Drupal 4.5.x before 4.5.8 and 4.6.x ...)
-	TODO: check
+	- drupal 4.5.8-1
 CVE-2006-1224 (Directory traversal vulnerability in dwnld.php in GuppY 4.5.11 allows ...)
 	TODO: check
 CVE-2006-1223 (Cross-site scripting (XSS) vulnerability in Jupiter Content Manager ...)
@@ -239,7 +241,7 @@
 CVE-2005-4729 (SQL injection vulnerabilitiy in show.php in VBZooM Forum allows remote ...)
 	TODO: check
 CVE-2006-XXXX [Unspecified security problem in Peercast]
-	- peercast 0.1217-1
+	- peercast 0.1217.toots.20060314-1
 CVE-2006-XXXX [Directory traversal issue in Namazu2]
 	- namazu2 2.0.16-1
 CVE-2006-1166 (Monotone 0.25 and earlier, when a user creates a file in a directory ...)
@@ -658,8 +660,6 @@
 	NOTE: Only an example, not in the binary package
 CVE-2006-XXXX [webcheck XSS]
 	- webcheck 1.9.6
-CVE-2006-XXXX [the usual gallery2 XSS]
-	- gallery2 2.0.3-1
 CVE-2006-XXXX [Insecure rpath in amaya]
 	- amaya 9.4-1 (bug #341424)
 CVE-2006-0937 (U.N.U. Mailgust 1.9 allows remote attackers to obtain sensitive ...)
@@ -2941,8 +2941,9 @@
 	RESERVED
 CVE-2006-0051
 	RESERVED
-CVE-2006-0050
+CVE-2006-0050 [insecure temp file in snmptrapfmt]
 	RESERVED
+	- snmptrapfmt 1.10
 CVE-2006-0049 (gpg in GnuPG before 1.4.2.2 does not properly verify non-detached ...)
 	{DSA-993-2}
 	- gnupg 1.4.2.2-1 (medium)
@@ -7280,8 +7281,6 @@
 	NOT-FOR-US: AlstraSoft E-Friends
 CVE-2005-3061 (Multiple stack-based buffer overflows in PowerArchiver 8.10 through ...)
 	NOT-FOR-US: PowerArchiver
-CVE-2003-XXXX [libsafe: does not prevent some exploit types]
-	- libsafe <removed>
 CVE-2003-XXXX [Insecure temp files in lilo]
 	- lilo 1:22.4-1 (bug #173238; bug #292073; low)
 CVE-2005-XXXX [Multiple security issues when using distcc without ssh auth]

Modified: data/ID_pending
===================================================================
--- data/ID_pending	2006-03-16 09:14:21 UTC (rev 3620)
+++ data/ID_pending	2006-03-16 09:17:03 UTC (rev 3621)
@@ -9,8 +9,6 @@
 	NOTE: Only an example, not in the binary package
 CVE-2006-XXXX [webcheck XSS]
 	- webcheck 1.9.6
-CVE-2006-XXXX [the usual gallery2 XSS]
-	- gallery2 2.0.3-1
 CVE-2006-XXXX [Insecure rpath in amaya]
 	- amaya 9.4-1 (bug #341424)
 CVE-2006-XXXX [cherrypy2 information disclosure]
@@ -75,8 +73,6 @@
 	- drupal 4.5.5-3 (bug #336719; medium)
 CVE-2005-XXXX [double free() in libungif]
 	- libungif4 4.1.4-1 (bug #338542; medium)
-CVE-2005-XXXX [webcalendar's password visible to local users through debconf]
-	- webcalendar <unfixed> (bug #337624)
 CVE-2005-XXXX [Insecure temp files in note]
 	- note 1.3.1-3 (bug #337492; low)
 CVE-2005-XXXX [ntop format string vulnerability]
@@ -196,8 +192,6 @@
 	- icebreaker 1.21-9.1 (bug #297644; low)
 CVE-2001-XXXX [gnupg: inproper flagging of signatures as being local]
 	- gnupg 1.0.7-1 (bug #107374)
-CVE-2003-XXXX [libsafe: does not prevent some exploit types]
-	- libsafe <removed>
 CVE-2003-XXXX [Insecure temp files in lilo]
 	- lilo 1:22.4-1 (bug #173238; bug #292073; low)
 CVE-2005-XXXX [Multiple security issues when using distcc without ssh auth]

More information about the Secure-testing-commits mailing list