[Secure-testing-commits] r3635 - data/CVE

Moritz Muehlenhoff jmm-guest at costa.debian.org
Fri Mar 17 10:55:30 UTC 2006


Author: jmm-guest
Date: 2006-03-17 10:55:24 +0000 (Fri, 17 Mar 2006)
New Revision: 3635

Modified:
   data/CVE/list
Log:
potential new kernel issue
NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-03-17 10:31:56 UTC (rev 3634)
+++ data/CVE/list	2006-03-17 10:55:24 UTC (rev 3635)
@@ -3,33 +3,36 @@
 CVE-2006-XXXX [Multiple issues in libcgi-session-perl]
 	- libcgi-session-perl 4.07-1
 CVE-2006-1244 (Unspecified vulnerability in certain versions of xpdf after 3.00, as ...)
-	TODO: check
+	- xpdf <not-affected> (All issues previously fixed)
+	NOTE: Discussion has shown that the revamp patch doesn't fix new vulnerabilities
 CVE-2006-1243 (Directory traversal vulnerability in install05.php in Simple PHP Blog ...)
-	TODO: check
+	NOT-FOR-US: Simple PHP Blog 
 CVE-2006-1242 (Certain Linux 2.4 and 2.6 kernels increment the IP ID field after ...)
-	TODO: check
+	- linux-2.6 <unfixed>
+	NOTE: Possibly junk
 CVE-2006-1241 (Firebird 1.5.2.4731 installs (1) fb_lock_mgr, (2) gds_drop, and (3) ...)
 	- firebird2 <not-affected> (Not setuid in Debian)
 CVE-2006-1240 (Buffer overflow in inet_server.cpp in (1) fb_inet_server and (2) ...)
 	- firebird2 <not-affected> (Not setuid in Debian)
 CVE-2006-1239 (Cross-site scripting (XSS) vulnerability in issue/createissue.aspx in ...)
-	TODO: check
+	NOT-FOR-US: Gemini 
 CVE-2006-1238 (SQL injection vulnerability in DSLogin 1.0, with magic_quotes_gpc ...)
-	TODO: check
+	NOT-FOR-US: DSLogin 
 CVE-2006-1237 (Multiple SQL injection vulnerabilities in DSNewsletter 1.0, with ...)
-	TODO: check
+	NOT-FOR-US: DSNewsletter
 CVE-2005-4731 (The Next action in PEAR HTML_QuickForm_Controller 1.0.4 includes the ...)
-	TODO: check
+	NOT-FOR-US: PEAR HTML_QuickForm_Controller
 CVE-2000-1239 (The HTTP interface of Tivoli Lightweight Client Framework (LCF) in IBM ...)
-	TODO: check
+	NOT-FOR-US: Tivoli
 CVE-2006-1236 (Buffer overflow in the SetUp function in socket/request.c in CrossFire ...)
 	- crossfire 1.9.0-2 (medium)
 CVE-2006-1235 (Directory traversal vulnerability in admin/deleteuser.php in HitHost ...)
-	TODO: check
+	NOT-FOR-US: HitHost
 CVE-2006-1234 (SQL injection vulnerability in index.php in DSCounter 1.2, with ...)
-	TODO: check
+	NOT-FOR-US: DSCounter
 CVE-2006-1233 (Multiple cross-site scripting (XSS) vulnerabilities in WMNews allow ...)
-	TODO: check
+	NOT-FOR-US: WMNews
+begin claimed by jmm
 CVE-2006-1232 (Multiple SQL injection vulnerabilities in DSDownload 1.0, with ...)
 	TODO: check
 CVE-2006-1231 (CAPI4HylaFAX 1.3, when compiled with GENERATE_DEBUGSFFDATAFILE set, ...)
@@ -80,6 +83,7 @@
 	TODO: check
 CVE-2006-1210 (The web interface for IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 ...)
 	TODO: check
+end claimed by jmm
 CVE-2006-1209 (PHP Advanced Transfer Manager 1.00 through 1.30 stores sensitive ...)
 	TODO: check
 CVE-2006-1208 (Sergey Korostel PHP Upload Center allows remote attackers to execute ...)
@@ -1923,8 +1927,7 @@
 CVE-2006-0419 (BEA WebLogic Server and WebLogic Express 9.0, 8.1 through SP5, and 7.0 ...)
 	NOT-FOR-US: BEA WebLogic
 CVE-2005-4667 (Buffer overflow in UnZip 5.50 and earlier allows user-complicit ...)
-	- unzip 5.52-7 (unimportant; bug #349794)
-	NOTE: Overflow can only be triggered, not setuid
+	- unzip 5.52-7 (low; bug #349794)
 CVE-2006-0418 (Eval injection vulnerability in 123 Flash Chat Server 5.0 and 5.1 ...)
 	NOT-FOR-US: 123 Flash Chat Server
 CVE-2006-0417 (SQL injection vulnerability in login.php in miniBloggie 1.0 and ...)




More information about the Secure-testing-commits mailing list