[Secure-testing-commits] r3683 - data/CVE
Moritz Muehlenhoff
jmm-guest at costa.debian.org
Fri Mar 24 13:44:04 UTC 2006
Author: jmm-guest
Date: 2006-03-24 13:42:42 +0000 (Fri, 24 Mar 2006)
New Revision: 3683
Modified:
data/CVE/list
Log:
three more kernel issues
opie n-a
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-03-24 13:24:24 UTC (rev 3682)
+++ data/CVE/list 2006-03-24 13:42:42 UTC (rev 3683)
@@ -60,7 +60,6 @@
NOT-FOR-US: MusicBox
CVE-2006-1348 (Cross-site scripting (XSS) vulnerability in index.php in Greg ...)
NOT-FOR-US: Greg Neustaetter gCards
- TODO: check
CVE-2006-1347 (SQL injection vulnerability in loginfunction.php in Greg Neustaetter ...)
NOT-FOR-US: Greg Neustaetter gCards
CVE-2006-1346 (Directory traversal vulnerability in inc/setLang.php in Greg ...)
@@ -189,7 +188,7 @@
CVE-2006-1284 (The installation of SQLAnywhere in Symantec Ghost 8.0 and 8.2, as used ...)
NOT-FOR-US: Symantec Ghost
CVE-2006-1283 (opiepasswd in One-Time Passwords in Everything (OPIE) in FreeBSD ...)
- TODO: check
+ - libpam-opie <not-affected> (FreeBSD specific vulnerability)
CVE-2006-1282 (CRLF injection vulnerability in inc/function.php in MyBulletinBoard ...)
NOT-FOR-US: MyBB
CVE-2006-1281 (Cross-site scripting (XSS) in member.php in MyBulletinBoard (MyBB) ...)
@@ -828,11 +827,11 @@
CVE-2006-1000 (Multiple SQL injection vulnerabilities in Pentacle In-Out Board 3.0 ...)
NOT-FOR-US: Pentacle In-Out Board
CVE-2006-0999 (The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and ...)
- TODO: check
+ NOT-FOR-US: Novell
CVE-2006-0998 (The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and ...)
- TODO: check
+ NOT-FOR-US: Novell
CVE-2006-0997 (The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and ...)
- TODO: check
+ NOT-FOR-US: Novell
CVE-2006-0996
RESERVED
CVE-2006-0995 (EMC Dantz Retrospect 7 backup client 7.0.107, and other versions ...)
@@ -1435,7 +1434,7 @@
CVE-2006-0721 (SQL injection vulnerability in pmlite.php in RunCMS 1.2 and 1.3a ...)
NOT-FOR-US: RunCMS
CVE-2006-0720 (Stack-based buffer overflow in Nullsoft Winamp 5.12 and 5.13 allows ...)
- TODO: check
+ NOT-FOR-US: Winamp
CVE-2006-0719 (SQL injection vulnerability in member_login.php in PHP Classifieds ...)
NOT-FOR-US: PHP Classifieds
CVE-2006-0718 (The Internet Key Exchange version 1 (IKEv1) implementation in Avaya ...)
@@ -1520,7 +1519,7 @@
CVE-2006-0680 (Unspecified vulnerability in WebGUI before 6.8.6-gamma allows remote ...)
- webgui <itp> (bug #139749)
CVE-2006-0679 (SQL injection vulnerability in index.php in the Your_Account module in ...)
- TODO: check
+ NOT-FOR-US: PHP-Nuke
CVE-2006-0678 (PostgreSQL 7.3.x before 7.3.14, 7.4.x before 7.4.12, 8.0.x before ...)
NOTE: Only vulnerable when compiled with asserts
- postgresql <unfixed> (unimportant)
@@ -1566,7 +1565,7 @@
CVE-2006-0668 (SQL injection vulnerability in index.php in PwsPHP 1.2.3 allows remote ...)
NOT-FOR-US: PwsPHP
CVE-2006-0667 (lscfg in IBM AIX 5.2 and 5.3 allows local users to modify arbitrary ...)
- TODO: check
+ NOT-FOR-US: AIX
CVE-2006-0666 (Unspecified vulnerability in the (1) unix_mp and (2) unix_64 kernels ...)
NOT-FOR-US: AIX
CVE-2006-0665 (Unspecified vulnerability in (1) query_store.php and (2) ...)
@@ -1822,7 +1821,7 @@
CVE-2006-0558
RESERVED
CVE-2006-0557 (sys_mbind in mempolicy.c in Linux kernel 2.6.16 and earlier does not ...)
- TODO: check
+ - linux-2.6 <unfixed>
CVE-2006-0556
RESERVED
CVE-2006-0555 (The Linux Kernel before 2.6.15.5 allows local users to cause a denial ...)
@@ -2124,7 +2123,7 @@
CVE-2006-0458 (The DCC ACCEPT command handler in irssi before ...)
TODO: check
CVE-2006-0457 (Race condition in the (1) add_key, (2) request_key, and (3) keyctl ...)
- TODO: check
+ - linux-2.6 <unfixed>
CVE-2006-0456
RESERVED
CVE-2006-0455 (gpgv in GnuPG before 1.4.2.1, when using unattended signature ...)
@@ -2137,11 +2136,11 @@
[sarge] - kernel-source-2.6.8 <not-affected>
[sarge] - kernel-source-2.4.27 <not-affected>
CVE-2006-0453 (The LDAP component in Fedora Directory Server 1.0 allow remote ...)
- TODO: check
+ NOT-FOR-US: Fedora Directory Server
CVE-2006-0452 (dn2ancestor in the LDAP component in Fedora Directory Server 1.0 ...)
- TODO: check
+ NOT-FOR-US: Fedora Directory Server
CVE-2006-0451 (Multiple memory leaks in the LDAP component in Fedora Directory Server ...)
- TODO: check
+ NOT-FOR-US: Fedora Directory Server
CVE-2006-0450 (phpBB 2.0.19 and earlier allows remote attackers to cause a denial of ...)
- phpbb2 <unfixed> (unimportant)
NOTE: As discussed with the phpbb maintainers; this is only a lack of feature
@@ -2270,15 +2269,15 @@
CVE-2006-0401
RESERVED
CVE-2006-0400 (CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2006-0399 (Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2006-0398 (Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2006-0397 (Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2006-0396 (Buffer overflow in Mail in Apple Mac OS X 10.4 up to 10.4.5, when ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2006-0395
RESERVED
CVE-2006-0394
@@ -2288,25 +2287,25 @@
CVE-2006-0392
RESERVED
CVE-2006-0391 (Directory traversal vulnerability in the BOM framework in Mac OS X ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2006-0390
REJECTED
CVE-2006-0389 (Cross-site scripting (XSS) vulnerability in Syndication (Safari RSS) ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2006-0388 (Safari in Mac OS X 10.3 before 10.3.9 and 10.4 before 10.4.5 allows ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2006-0387 (Stack-based buffer overflow in Safari in Mac OS X 10.4.5 and earlier, ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2006-0386 (FileVault in Mac OS X 10.4.5 and earlier does not properly mount user ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2006-0385
RESERVED
CVE-2006-0384 (automount in Mac OS X 10.4.5 and earlier allows remote file servers to ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2006-0383 (IPSec when used with VPN networks in Mac OS X 10.4 through 10.4.5 ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2006-0382 (Apple Mac OS X 10.4.5 and allows local users to cause a denial of ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2006-0381 (A logic error in the IP fragment cache functionality in pf in FreeBSD ...)
- kfreebsd-5 5.4-14
CVE-2006-0380 (A logic error in FreeBSD kernel 5.4-STABLE and 6.0 causes the kernel ...)
@@ -3114,7 +3113,6 @@
NOT-FOR-US: B-Net Software
CVE-2006-0077 (Off-by-one error in the getfattr function in File::ExtAttr before 0.03 ...)
NOT-FOR-US: File::ExtAttr
- TODO: check for further uploads.
CVE-2006-0076 (PHP remote file include vulnerability in forum.php in oaBoard 1.0 ...)
NOT-FOR-US: oaBoard
CVE-2006-0075 (Direct static code injection vulnerability in phpBook 1.3.2 and ...)
@@ -3533,7 +3531,7 @@
CVE-2006-0039
RESERVED
CVE-2006-0038 (Integer overflow in the do_replace function in netfilter for Linux ...)
- TODO: check
+ - linux-2.6 2.6.16-1
CVE-2006-0037 (ip_nat_pptp in the PPTP NAT helper (netfilter/ip_nat_helper_pptp.c) in ...)
- linux-2.6 2.6.15-3
[sarge] - kernel-source-2.6.8 <not-affected> (Vulnerable code not present)
@@ -5521,6 +5519,7 @@
CVE-2006-0014
RESERVED
CVE-2006-0013 (Buffer overflow in the Web Client service (WebClnt.dll) for Microsoft ...)
+ NOT-FOR-US: Microsoft
TODO: check
CVE-2006-0012
RESERVED
@@ -5529,17 +5528,17 @@
CVE-2006-0010 (Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 ...)
NOT-FOR-US: Microsoft
CVE-2006-0009 (Buffer overflow in Microsoft Office 2000 SP3, XP SP3, and other ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-0008 (The ShellAbout API call in Korean Input Method Editor (IME) in Korean ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-0007
RESERVED
CVE-2006-0006 (Heap-based buffer overflow in the bitmap processing routine in ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-0005 (Buffer overflow in the plug-in for Microsoft Windows Media Player ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-0004 (Microsoft PowerPoint 2000 in Office 2000 SP3 has an interaction with ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-0003
RESERVED
CVE-2006-0002 (Unspecified vulnerability in Microsoft Outlook 2000 through 2003, ...)
@@ -5551,7 +5550,7 @@
CVE-2005-3713 (Heap-based buffer overflow in Apple Quicktime before 7.0.4 allows ...)
NOT-FOR-US: Apple Quicktime
CVE-2005-3712 (Heap-based buffer overflow in rsync in Mac OS X 10.4 through 10.4.5 ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2005-3711 (Integer overflow in Apple Quicktime before 7.0.4 allows remote ...)
NOT-FOR-US: Apple Quicktime
CVE-2005-3710 (Integer overflow in Apple Quicktime before 7.0.4 allows remote ...)
@@ -5563,7 +5562,7 @@
CVE-2005-3707 (Buffer overflow in Apple Quicktime before 7.0.4 allows remote ...)
NOT-FOR-US: Apple Quicktime
CVE-2005-3706 (Heap-based buffer overflow in LibSystem in Mac OS X 10.4 through ...)
- TODO: check
+ NOT-FOR-US: Mac OS X
CVE-2005-3705 (Heap-based buffer overflow in WebKit in Mac OS X and OS X Server ...)
NOT-FOR-US: Mac OS X
CVE-2005-3704 (System log server in Mac OS X and OS X Server 10.4 through 10.4.3 ...)
@@ -5650,9 +5649,9 @@
{DSA-904-1}
- netpbm-free 2:10.0-10.1 (medium; bug #351639)
CVE-2005-3631 (udev does not properly set permissions on certain files in /dev/input, ...)
- NOTE: does not appear to affect debian, redhat-specific
+ - udev <not-affected> (Red Hat specific)
CVE-2005-3630 (Fedora Directory Server before 10 allows remote attackers to obtain ...)
- TODO: check
+ NOT-FOR-US: Fedora Directory Server
CVE-2005-3629 (initscripts in Red Hat Enterprise Linux 4 does not properly handle ...)
TODO: check
CVE-2005-3628 (Buffer overflow in the JBIG2Bitmap::JBIG2Bitmap function in ...)
More information about the Secure-testing-commits
mailing list