[Secure-testing-commits] r3682 - data/CVE

Moritz Muehlenhoff jmm-guest at costa.debian.org
Fri Mar 24 13:25:59 UTC 2006 

Author: jmm-guest
Date: 2006-03-24 13:24:24 +0000 (Fri, 24 Mar 2006)
New Revision: 3682

Modified:
   data/CVE/list
Log:
new helix issue (unfixed)
new passwd/d-i issue (fixed)
three new kernel issues


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-03-24 10:40:06 UTC (rev 3681)
+++ data/CVE/list	2006-03-24 13:24:24 UTC (rev 3682)
@@ -1,81 +1,83 @@
 CVE-2006-1378 (PasswordSafe 3.0, when running on Windows before XP, uses a weak ...)
-	TODO: check
+	NOT-FOR-US: PasswordSafe
 CVE-2006-1377 (Cross-site scripting (XSS) vulnerability in img.php in (1) EasyMoblog ...)
-	TODO: check
+	NOT-FOR-US: EasyMoblog
 CVE-2006-1376 (The installation of Debian GNU/Linux 3.1r1 from the network install CD ...)
-	TODO: check
+	- passwd 1:4.0.14-9 (bug #358210)
 CVE-2006-1375 (AdMan 1.0.20051221 and earlier allows remote attackers to obtain the ...)
-	TODO: check
+	NOT-FOR-US: AdMan
 CVE-2006-1374 (SQL injection vulnerability in viewStatement.php in AdMan 1.0.20051221 ...)
-	TODO: check
+	NOT-FOR-US: AdMan
 CVE-2006-1373 (Cross-site scripting (XSS) vulnerability in status_image.php in PHP ...)
-	TODO: check
+	NOT-FOR-US: PHP Live!
 CVE-2006-1372 (Multiple SQL injection vulnerabilities in 1WebCalendar 4.0 and earlier ...)
-	TODO: check
+	NOT-FOR-US: 1WebCalendar
 CVE-2006-1371 (Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5 and earlier allows ...)
-	TODO: check
+	NOT-FOR-US: Laurentiu Matei eXpandable Home Page
 CVE-2006-1370 (Buffer overflow in RealNetworks RealPlayer 10.5 6.0.12.1040 through ...)
-	TODO: check
+	NOT-FOR-US: Real Player, according to Real Helix not affected
 CVE-2006-1369 (Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) ...)
-	TODO: check
+	NOT-FOR-US: Invision Power Board
 CVE-2006-1368 (Buffer overflow in the USB Gadget RNDIS implementation in the Linux ...)
-	TODO: check
+	- linux-2.6 2.6.16-1
 CVE-2006-1367 (The Motorola PEBL U6 08.83.76R, the Motorola V600, and possibly the ...)
-	TODO: check
+	NOT-FOR-US: Motorola hardware
 CVE-2006-1366 (Buffer overflow in the Motorola PEBL U6 08.83.76R, and possibly other ...)
-	TODO: check
+	NOT-FOR-US: Motorola hardware
 CVE-2006-1365 (The Motorola PEBL U6, the Motorola V600, and possibly the Motorola ...)
-	TODO: check
+	NOT-FOR-US: Motorola hardware
 CVE-2006-1364 (Microsoft w3wp (aka w3wp.exe) does not properly handle when the ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2006-1363 (images.php in Justin White (aka YTZ) Free Web Publishing System ...)
-	TODO: check
+	NOT-FOR-US: Justin White (aka YTZ) Free Web Publishing System
 CVE-2006-1362 (Multiple SQL injection vulnerabilities in Mini-Nuke CMS System 1.8.2 ...)
-	TODO: check
+	NOT-FOR-US: Mini-Nuke
 CVE-2006-1361 (Cross-site scripting (XSS) vulnerability in OSWiki before 0.3.1 allows ...)
-	TODO: check
+	NOT-FOR-US: OSWiki
 CVE-2006-1360 (Multiple SQL injection vulnerabilities in MusicBox 2.3 Beta 2 allow ...)
-	TODO: check
+	NOT-FOR-US: MusicBox
 CVE-2006-1359 (Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2006-1358 (Unspecified vulnerability in BEA WebLogic Portal 8.1 up to SP5 causes ...)
-	TODO: check
+	NOT-FOR-US: BEA WebLogic
 CVE-2006-1357 (Cross-site scripting (XSS) vulnerability in my.support.php3 in F5 ...)
-	TODO: check
+	NOT-FOR-US: F5 Firepass 4100 SSL VPN
 CVE-2006-1356 (Stack-based buffer overflow in the count_vcards function in LibVC 3, ...)
-	TODO: check
+	NOT-FOR-US: LibVC
 CVE-2006-1355 (avast! Antivirus 4.6.763 and earlier sets "BUILTIN\Everyone" ...)
-	TODO: check
+	NOT-FOR-US: avast AV
 CVE-2006-1354 (Unspecified vulnerability in FreeRADIUS 1.0.0 up to 1.1.0 allows ...)
 	- freeradius <unfixed>
 CVE-2006-1353 (Multiple SQL injection vulnerabilities in ASPPortal 3.1.1 and earlier ...)
-	TODO: check
+	NOT-FOR-US: ASPPortal
 CVE-2006-1352 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 ...)
-	TODO: check
+	NOT-FOR-US: BEA WebLogic
 CVE-2006-1351 (BEA WebLogic Server 6.1 SP7 and earlier allows remote ...)
-	TODO: check
+	NOT-FOR-US: BEA WebLogic
 CVE-2006-1350 (PHP remote file include vulnerability in index.php in 99Articles.com ...)
-	TODO: check
+	NOT-FOR-US: 99Articles.com
 CVE-2006-1349 (Multiple cross-site scripting (XSS) vulnerabilities in Musicbox 2.3 ...)
-	TODO: check
+	NOT-FOR-US: MusicBox
 CVE-2006-1348 (Cross-site scripting (XSS) vulnerability in index.php in Greg ...)
+	NOT-FOR-US: Greg Neustaetter gCards
 	TODO: check
 CVE-2006-1347 (SQL injection vulnerability in loginfunction.php in Greg Neustaetter ...)
-	TODO: check
+	NOT-FOR-US: Greg Neustaetter gCards
 CVE-2006-1346 (Directory traversal vulnerability in inc/setLang.php in Greg ...)
-	TODO: check
+	NOT-FOR-US: Greg Neustaetter gCards
 CVE-2006-1345 (polls.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers ...)
-	TODO: check
+	NOT-FOR-US: MyBB 
 CVE-2006-1344 (Cross-site scripting (XSS) vulnerability in VeriSign haydn.exe, as ...)
-	TODO: check
+	NOT-FOR-US: VeriSign haydn.exe
 CVE-2006-1343 (net/ipv4/netfilter/ip_conntrack_core.c in Linux kernel 2.4 and 2.6, ...)
-	TODO: check
+	- linux-2.6 <unfixed>
 CVE-2006-1342 (net/ipv4/af_inet.c in Linux kernel 2.4 does not clear ...)
-	TODO: check
+	- linux-2.6 <unfixed>
+	NOTE: Possibly not-affected, needs further checking
 CVE-2003-1298 (Multiple directory traversal vulnerabilities in siteman.php3 in ...)
-	TODO: check
+	NOT-FOR-US: Veritas Backup
 CVE-2000-1240 (Unspecified vulnerability in siteman.php3 in AnyPortal(php) before 22 ...)
-	TODO: check
+	NOT-FOR-US: AnyPortal
 CVE-2006-1341 (SQL injection vulnerability in events.php in Maian Events 1.0 allows ...)
 	NOT-FOR-US: Maian Events
 CVE-2006-1340 (CuteNews 1.4.1 and possibly other versions allows remote attackers to ...)
@@ -2428,7 +2430,7 @@
 CVE-2006-0324 (SQL injection vulnerability in WebspotBlogging 3.0 allows remote ...)
 	NOT-FOR-US: WebspotBlogging
 CVE-2006-0323 (Buffer overflow in multiple RealNetworks products and versions ...)
-	TODO: check
+	- helix-player <unfixed> (bug #358754; medium)
 CVE-2006-0322 (Unspecified vulnerability the edit comment formatting functionality in ...)
 	- mediawiki <unfixed> (low)
 CVE-2005-4666 (Cross-site scripting (XSS) vulnerability in PHlyMail before 3.3 Beta1 ...)

More information about the Secure-testing-commits mailing list