[Secure-testing-commits] r3928 - data/CVE
Stefan Fritsch
stef-guest at costa.debian.org
Tue May 9 19:25:08 UTC 2006
Author: stef-guest
Date: 2006-05-09 19:25:04 +0000 (Tue, 09 May 2006)
New Revision: 3928
Modified:
data/CVE/list
Log:
unimportant openvpn issue
hostapd issue in sarge
quake3 issue (itp'ed)
awstats issue
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-05-09 19:08:08 UTC (rev 3927)
+++ data/CVE/list 2006-05-09 19:25:04 UTC (rev 3928)
@@ -65,9 +65,9 @@
CVE-2006-2238
RESERVED
CVE-2006-2237 (The web interface for AWStats 6.4 and 6.5, when statistics updates are ...)
- TODO: check
+ - awstats <unfixed> (bug #365909; medium)
CVE-2006-2236 (Buffer overflow in the Quake 3 Engine, as used by (1) ET 2.60, (2) ...)
- TODO: check
+ - quake3 <itp> (bug #337937)
CVE-2006-2235 (CodeMunkyX (aka free-php.net) Simple Poll 1.0, when authentication is ...)
TODO: check
CVE-2006-2234 (Multiple cross-site scripting (XSS) vulnerabilities in TyroCMS beta ...)
@@ -81,7 +81,9 @@
CVE-2006-2230 (Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine ...)
TODO: check
CVE-2006-2229 (OpenVPN 2.0.7 and earlier, when configured to use the --management ...)
- TODO: check
+ - openvpn <unfixed> (unimportant)
+ NOTE: One needs to explicitly set the IP to something else than 127.0.0.1
+ NOTE: in order to be vulnerable. The man page recommends not to do it.
CVE-2006-2228 (Cross-site scripting (XSS) vulnerability in w-Agora (aka Web-Agora) ...)
TODO: check
CVE-2006-2227 (Cross-site scripting (XSS) vulnerability in misc.php in PunBB 1.2.11 ...)
@@ -124,7 +126,8 @@
CVE-2006-2214 (Multiple SQL injection vulnerabilities in 4images 1.7.1 and earlier ...)
TODO: check
CVE-2006-2213 (Hostapd 0.3.7-2 allows remote attackers to cause a denial of service ...)
- TODO: check
+ - hostapd 0.5.0-1 (bug #365897; high)
+ [sarge] -hostapd <unfixed> (bug #365897; high)
CVE-2006-2212 (Buffer overflow in KarjaSoft Sami FTP Server 2.0.2 and earlier allows ...)
TODO: check
CVE-2006-2211 (Absolute path traversal vulnerability in index.php in 321soft ...)
More information about the Secure-testing-commits
mailing list