[Secure-testing-commits] r3635 - data/CVE
Moritz Muehlenhoff
jmm-guest at costa.debian.org
Fri Mar 17 10:55:30 UTC 2006
Author: jmm-guest
Date: 2006-03-17 10:55:24 +0000 (Fri, 17 Mar 2006)
New Revision: 3635
Modified:
data/CVE/list
Log:
potential new kernel issue
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-03-17 10:31:56 UTC (rev 3634)
+++ data/CVE/list 2006-03-17 10:55:24 UTC (rev 3635)
@@ -3,33 +3,36 @@
CVE-2006-XXXX [Multiple issues in libcgi-session-perl]
- libcgi-session-perl 4.07-1
CVE-2006-1244 (Unspecified vulnerability in certain versions of xpdf after 3.00, as ...)
- TODO: check
+ - xpdf <not-affected> (All issues previously fixed)
+ NOTE: Discussion has shown that the revamp patch doesn't fix new vulnerabilities
CVE-2006-1243 (Directory traversal vulnerability in install05.php in Simple PHP Blog ...)
- TODO: check
+ NOT-FOR-US: Simple PHP Blog
CVE-2006-1242 (Certain Linux 2.4 and 2.6 kernels increment the IP ID field after ...)
- TODO: check
+ - linux-2.6 <unfixed>
+ NOTE: Possibly junk
CVE-2006-1241 (Firebird 1.5.2.4731 installs (1) fb_lock_mgr, (2) gds_drop, and (3) ...)
- firebird2 <not-affected> (Not setuid in Debian)
CVE-2006-1240 (Buffer overflow in inet_server.cpp in (1) fb_inet_server and (2) ...)
- firebird2 <not-affected> (Not setuid in Debian)
CVE-2006-1239 (Cross-site scripting (XSS) vulnerability in issue/createissue.aspx in ...)
- TODO: check
+ NOT-FOR-US: Gemini
CVE-2006-1238 (SQL injection vulnerability in DSLogin 1.0, with magic_quotes_gpc ...)
- TODO: check
+ NOT-FOR-US: DSLogin
CVE-2006-1237 (Multiple SQL injection vulnerabilities in DSNewsletter 1.0, with ...)
- TODO: check
+ NOT-FOR-US: DSNewsletter
CVE-2005-4731 (The Next action in PEAR HTML_QuickForm_Controller 1.0.4 includes the ...)
- TODO: check
+ NOT-FOR-US: PEAR HTML_QuickForm_Controller
CVE-2000-1239 (The HTTP interface of Tivoli Lightweight Client Framework (LCF) in IBM ...)
- TODO: check
+ NOT-FOR-US: Tivoli
CVE-2006-1236 (Buffer overflow in the SetUp function in socket/request.c in CrossFire ...)
- crossfire 1.9.0-2 (medium)
CVE-2006-1235 (Directory traversal vulnerability in admin/deleteuser.php in HitHost ...)
- TODO: check
+ NOT-FOR-US: HitHost
CVE-2006-1234 (SQL injection vulnerability in index.php in DSCounter 1.2, with ...)
- TODO: check
+ NOT-FOR-US: DSCounter
CVE-2006-1233 (Multiple cross-site scripting (XSS) vulnerabilities in WMNews allow ...)
- TODO: check
+ NOT-FOR-US: WMNews
+begin claimed by jmm
CVE-2006-1232 (Multiple SQL injection vulnerabilities in DSDownload 1.0, with ...)
TODO: check
CVE-2006-1231 (CAPI4HylaFAX 1.3, when compiled with GENERATE_DEBUGSFFDATAFILE set, ...)
@@ -80,6 +83,7 @@
TODO: check
CVE-2006-1210 (The web interface for IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 ...)
TODO: check
+end claimed by jmm
CVE-2006-1209 (PHP Advanced Transfer Manager 1.00 through 1.30 stores sensitive ...)
TODO: check
CVE-2006-1208 (Sergey Korostel PHP Upload Center allows remote attackers to execute ...)
@@ -1923,8 +1927,7 @@
CVE-2006-0419 (BEA WebLogic Server and WebLogic Express 9.0, 8.1 through SP5, and 7.0 ...)
NOT-FOR-US: BEA WebLogic
CVE-2005-4667 (Buffer overflow in UnZip 5.50 and earlier allows user-complicit ...)
- - unzip 5.52-7 (unimportant; bug #349794)
- NOTE: Overflow can only be triggered, not setuid
+ - unzip 5.52-7 (low; bug #349794)
CVE-2006-0418 (Eval injection vulnerability in 123 Flash Chat Server 5.0 and 5.1 ...)
NOT-FOR-US: 123 Flash Chat Server
CVE-2006-0417 (SQL injection vulnerability in login.php in miniBloggie 1.0 and ...)
More information about the Secure-testing-commits
mailing list