[Secure-testing-commits] r3655 - data/CVE

Joey Hess joeyh at costa.debian.org
Tue Mar 21 09:14:37 UTC 2006 

Author: joeyh
Date: 2006-03-21 09:14:27 +0000 (Tue, 21 Mar 2006)
New Revision: 3655

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-03-21 08:57:53 UTC (rev 3654)
+++ data/CVE/list	2006-03-21 09:14:27 UTC (rev 3655)
@@ -1,3 +1,83 @@
+CVE-2006-1341 (SQL injection vulnerability in events.php in Maian Events 1.0 allows ...)
+	TODO: check
+CVE-2006-1340 (CuteNews 1.4.1 and possibly other versions allows remote attackers to ...)
+	TODO: check
+CVE-2006-1339 (Directory traversal vulnerability in inc/functions.inc.php in CuteNews ...)
+	TODO: check
+CVE-2006-1338 (Webmail in MailEnable Professional Edition before 1.73 and Enterprise ...)
+	TODO: check
+CVE-2006-1337 (Unspecified vulnerability in the POP service in MailEnable Standard ...)
+	TODO: check
+CVE-2006-1336 (Cross-site scripting vulnerability in calendar.php in ExtCalendar 1.0 ...)
+	TODO: check
+CVE-2006-1335 (gnome screensaver before 2.14, when running on an X server with ...)
+	TODO: check
+CVE-2006-1334 (Multiple SQL injection vulnerabilities in Maian Weblog 2.0 allow ...)
+	TODO: check
+CVE-2006-1333 (Multpile SQL injection vulnerabilities in BetaParticle Blog 6.0 and ...)
+	TODO: check
+CVE-2006-1332 (Noah's Classifieds 1.3 and earlier allows remote attackers to obtain ...)
+	TODO: check
+CVE-2006-1331 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
+	TODO: check
+CVE-2006-1330 (Multiple SQL injection vulnerabilities in phpWebsite allow remote ...)
+	TODO: check
+CVE-2006-1329 (The SASL negotiation in Jabber Studio jabberd before 2.0s11 allows ...)
+	TODO: check
+CVE-2006-1328 (SQL injection vulnerability in count.php in Skull-Splitter PHP ...)
+	TODO: check
+CVE-2006-1327 (SQL injection vulnerability in reg.php in SoftBB 0.1 allows remote ...)
+	TODO: check
+CVE-2006-1326 (Multiple cross-site scripting (XSS) vulnerabilities in Invision Power ...)
+	TODO: check
+CVE-2006-1325 (Cross-site scripting (XSS) vulnerability in Streber 0.055 allows ...)
+	TODO: check
+CVE-2006-1324 (Cross-site scripting (XSS) vulnerability in acp/lib/class_db_mysql.php ...)
+	TODO: check
+CVE-2006-1323 (Directory traversal vulnerability in WinHKI 1.6 and earlier allows ...)
+	TODO: check
+CVE-2006-1322 (Novell Netware NWFTPD 5.06.05 allows remote attackers to cause a ...)
+	TODO: check
+CVE-2006-1318
+	RESERVED
+CVE-2006-1317
+	RESERVED
+CVE-2006-1316
+	RESERVED
+CVE-2006-1315
+	RESERVED
+CVE-2006-1314
+	RESERVED
+CVE-2006-1313
+	RESERVED
+CVE-2006-1312
+	RESERVED
+CVE-2006-1311
+	RESERVED
+CVE-2006-1310
+	RESERVED
+CVE-2006-1309
+	RESERVED
+CVE-2006-1308
+	RESERVED
+CVE-2006-1307
+	RESERVED
+CVE-2006-1306
+	RESERVED
+CVE-2006-1305
+	RESERVED
+CVE-2006-1304
+	RESERVED
+CVE-2006-1303
+	RESERVED
+CVE-2006-1302
+	RESERVED
+CVE-2006-1301
+	RESERVED
+CVE-2006-1300
+	RESERVED
+CVE-2006-1299
+	RESERVED
 CVE-2006-1298 (Format string vulnerability in the Job Engine service (bengine.exe) in ...)
 	TODO: check
 CVE-2006-1297 (Unspecified vulnerability in Veritas Backup Exec for Windows Server ...)
@@ -534,8 +614,7 @@
 CVE-2006-1062 (Unspecified vulnerability in lurker.cgi for Lurker 2.0 and earlier ...)
 	{DSA-999-1}
 	- lurker 2.1-1
-CVE-2006-1061 [curl tftp buffer overflow]
-	RESERVED
+CVE-2006-1061 (Heap-based buffer overflow in cURL and libcURL 7.15.0 through 7.15.2 ...)
 	- curl 7.15.3-1 
 	[woody] - curl <not-affected> (Vulnerable code not present)
 	[sarge] - curl <not-affected> (Vulnerable code not present)
@@ -563,7 +642,7 @@
 	TODO: check
 CVE-2005-4728 (Untrusted search path vulnerability (RPATH) in amaya 9.2.1 on Debian ...)
 	- amaya 9.4-1 (bug #341424)
-CVE-2006-1319 [runit local privilege escalation]
+CVE-2006-1319 (chpst in runit 1.3.3-1 for Debian GNU/Linux, when compiled on little ...)
 	- runit <unfixed> (bug #356016; medium)
 	[sarge] - runit <not-affected>
 CVE-2006-1049 (Multiple SQL injection vulnerabilities in Joomla! 1.0.7 and earlier ...)
@@ -799,13 +878,13 @@
 	TODO: check
 CVE-2006-0938 (Cross-site scripting (XSS) vulnerability in eZ publish 3.7.3 and ...)
 	TODO: check
-CVE-2006-1320 [minor bypass of rssh sanitising]
+CVE-2006-1320 (util.c in rssh 2.3.0 in Debian GNU/Linux does not use braces to make a ...)
 	- rssh 2.3.0-1.1 (bug #346322; low)
 	[sarge] - rssh <not-affected> (Problem has been introduced in 2.3.0)
 CVE-2006-XXXX [buffer overflow in netcat example]
 	- netcat 1.10-31 (bug #352369; unimportant)
 	NOTE: Only an example, not in the binary package
-CVE-2006-1321 [webcheck XSS]
+CVE-2006-1321 (Cross-site scripting (XSS) vulnerability in webcheck before 1.9.6 ...)
 	- webcheck 1.9.6
 CVE-2006-0937 (U.N.U. Mailgust 1.9 allows remote attackers to obtain sensitive ...)
 	TODO: check
@@ -1212,8 +1291,7 @@
 	{DSA-1008-1}
 	- kdegraphics 3.5.0-3
 	NOTE: Only affected the 3.3.2 KDE backport
-CVE-2006-0745 [local root exploit in x.org]
-	RESERVED
+CVE-2006-0745 (X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 ...)
 	- xorg-x11 <unfixed>
 	- xfree86 <not-affected>
 CVE-2006-0744
@@ -1728,7 +1806,7 @@
 	NOT-FOR-US: CA Message Queuing
 	NOTE: CA Message Queuing is embeded in a lot of products, but they all seem
 	NOTE: to be commercial products (see list in referenced URL)
-CVE-2006-0528 (GNOME Evolution allows remote attackers to cause a denial of service ...)
+CVE-2006-0528 (The cairo library (libcairo), as used in GNOME Evolution and possibly ...)
 	- evolution 2.2.3-4 (low)
 	[sarge] - evolution <not-affected> (Vulnerability was apparantly introduced in 2.3.1)
 	[woody] - evolution <not-affected> (Vulnerability was apparantly introduced in 2.3.1)
@@ -2067,6 +2145,7 @@
 CVE-2006-0419 (BEA WebLogic Server and WebLogic Express 9.0, 8.1 through SP5, and 7.0 ...)
 	NOT-FOR-US: BEA WebLogic
 CVE-2005-4667 (Buffer overflow in UnZip 5.50 and earlier allows user-complicit ...)
+	{DSA-1012-1}
 	- unzip 5.52-7 (low; bug #349794)
 CVE-2006-0418 (Eval injection vulnerability in 123 Flash Chat Server 5.0 and 5.1 ...)
 	NOT-FOR-US: 123 Flash Chat Server
@@ -3651,9 +3730,11 @@
 	- fetchmail 6.3.1-1 (bug #343836; bug #345944; low)
 CVE-2005-4418 [Default policy in util-vserver prior to 0.30.208 trusted unknown capabilities]
 	RESERVED
+	{DSA-1011-1}
 	- util-vserver 0.30.208-1
 CVE-2005-4347 [Improper barrier code allows for chroot escape]
 	RESERVED
+	{DSA-1011-1}
 	- util-vserver 0.30.208-1 (bug #329090; medium)
 	- kernel-patch-vserver 2.3 (bug #329087; medium)
 	NOTE: both util-vserver and the kernel-patch-vserver need to be upgraded to fix this vulnerability

More information about the Secure-testing-commits mailing list