[Secure-testing-commits] r3964 - in data: . CVE

Micah Anderson micah at costa.debian.org
Thu May 18 15:48:14 UTC 2006 

Author: micah
Date: 2006-05-18 15:48:10 +0000 (Thu, 18 May 2006)
New Revision: 3964

Modified:
   data/CVE/list
   data/ID_pending
Log:
Some NFUs, and a handful of pending IDs obtained from Mitre


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-05-17 19:27:50 UTC (rev 3963)
+++ data/CVE/list	2006-05-18 15:48:10 UTC (rev 3964)
@@ -3,39 +3,40 @@
 	NOTE: mail to bugtraq implies 4.0 is not vulnerable
 	TODO: sarge needs to be checked
 CVE-2006-2358 (Multiple cross-site scripting (XSS) vulnerabilities in various scripts ...)
-	TODO: check
+	NOT-FOR-US: Web Labs CMS
 CVE-2006-2357 (Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 ...)
-	TODO: check
+	NOT-FOR-US: Ipswitch WhatsUp
 CVE-2006-2356 (NmConsole/utility/RenderMap.asp in Ipswitch WhatsUp Professional 2006 ...)
-	TODO: check
+	NOT-FOR-US: Ipswitch WhatsUp
 CVE-2006-2355 (Ipswitch WhatsUp Professional 2006 and Ipswitch WhatsUp Professional ...)
-	TODO: check
+	NOT-FOR-US: Ipswitch WhatsUp
 CVE-2006-2354 (NmConsole/Login.asp in Ipswitch WhatsUp Professional 2006 and Ipswitch ...)
-	TODO: check
+	NOT-FOR-US: Ipswitch WhatsUp
 CVE-2006-2353 (NmConsole/DeviceSelection.asp in Ipswitch WhatsUp Professional 2006 ...)
-	TODO: check
+	NOT-FOR-US: Ipswitch WhatsUp
 CVE-2006-2352 (Multiple cross-site scripting (XSS) vulnerabilities in IPswitch ...)
-	TODO: check
+	NOT-FOR-US: Ipswitch WhatsUp
 CVE-2006-2351 (Multiple cross-site scripting (XSS) vulnerabilities in IPswitch ...)
-	TODO: check
+	NOT-FOR-US: Ipswitch WhatsUp
 CVE-2006-2350 (SQL injection vulnerability in the inc/elementz.php script in AliPAGER ...)
-	TODO: check
+	NOT-FOR-US: AliPAGER
 CVE-2006-2349 (E-Business Designer (eBD) 3.1.4 and earlier allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: E-Business Designer
 CVE-2006-2348 (Cross-site scripting (XSS) vulnerability in form_grupo.html in ...)
-	TODO: check
+	NOT-FOR-US: E-Business Designer
 CVE-2006-2347 (E-Business Designer (eBD) 3.1.4 and earlier allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: E-Business Designer
 CVE-2006-2346 (vpopmail 5.4.14 and 5.4.15, with cleartext passwords enabled, allows ...)
-	TODO: check
+	NOTE: Unable to reach CVS to determine if prior versions are affected
+	NOTE: Micah will return to this one
 CVE-2006-2345 (Cross-site scripting (XSS) vulnerability in inc/elementz.php in ...)
-	TODO: check
+	NOT-FOR-US: AliPAGER
 CVE-2006-2344 (SQL injection vulnerability in inc/elementz.php in AliPAGER 1.5, with ...)
-	TODO: check
+	NOT-FOR-US: AliPAGER
 CVE-2006-2343 (Cross-site scripting (XSS) vulnerability in Search.do in ManageEngine ...)
-	TODO: check
+	NOT-FOR-US: ManageEngine OpManager
 CVE-2006-2342 (IBM WebSphere Application Server 6.0.2 before FixPack 3 allows remote ...)
-	TODO: check
+	NOT-FOR-US: IBM WebSphere Application Server
 CVE-2006-XXXX [dovecot information disclosure: list .. directory]
 	- dovecot 1.0.beta8-1 (low)
 	[sarge] - dovecot <not-affected> (vulnerability introduced in 1.0)
@@ -3840,7 +3841,7 @@
 	NOT-FOR-US: Geeklog
 CVE-2005-4724 (SQL injection vulnerability in post.php in PhpTagCool 1.0.3 allows ...)
 	NOT-FOR-US: PhpTagCool
-CVE-2006-XXXX [imagemagick: array index overflow in DisplayImageCommand]
+CVE-2006-2440 [imagemagick: array index overflow in DisplayImageCommand]
 	- imagemagick 6:6.2.4.5-0.6 (bug #345595)
 CVE-2006-0735 (Cross-site scripting (XSS) vulnerability in BBcode.pm in M. Blom ...)
 	NOT-FOR-US: My Blog
@@ -4069,7 +4070,7 @@
 CVE-2006-XXXX [dpkg-sig: insecure temp file bug]
 	- dpkg-sig 0.13 (bug #352723; low)
 	[sarge] - dpkg-sig <no-dsa> (Only affected in debug mode)
-CVE-2006-XXXX [pioneers meta-server DoS]
+CVE-2006-2441 [pioneers meta-server DoS]
 	- pioneers 0.9.55-1 (bug #351986; medium)
 	[sarge] - gnocatan <not-affected> (Not exploitable in Sarge per maintainer)
 CVE-2006-0644 (Multiple directory traversal vulnerabilities in install.php in ...)
@@ -5248,7 +5249,7 @@
 	NOT-FOR-US: Illustrate dBpowerAMP Music Converter
 CVE-2003-1290 (BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, with RMI ...)
 	NOT-FOR-US: BEA WebLogic Server
-CVE-2006-XXXX [knowledgetree information disclosure]
+CVE-2006-2443 [knowledgetree information disclosure]
 	- knowledgetree <unfixed> (bug #348306; medium)
 CVE-2006-XXXX [php5 response splitting]
 	- php5 5.1.2-1 (bug #347894)

Modified: data/ID_pending
===================================================================
--- data/ID_pending	2006-05-17 19:27:50 UTC (rev 3963)
+++ data/ID_pending	2006-05-18 15:48:10 UTC (rev 3964)
@@ -1,16 +1,7 @@
-CVE-2006-XXXX [imagemagick: array index overflow in DisplayImageCommand]
-	- imagemagick 6:6.2.4.5-0.6 (bug #345595)
-	NOTE: Requested by Micah March 26, 2006
-CVE-2006-XXXX [pioneers meta-server DoS]
-	- pioneers 0.9.55-1 (bug #351986; medium)
-	[sarge] - gnocatan <not-affected> (Not exploitable in Sarge per maintainer)
-	NOTE: Requested by Micah March 26, 2006
 CVE-2006-XXXX [kphone creates world-readable config file with passwords]
 	- kphone <unfixed> (bug #337830; low)
 	NOTE: Requested by Micah March 26, 2006
-CVE-2006-XXXX [knowledgetree information disclosure]
-	- knowledgetree <unfixed> (bug #348306; medium)
-	NOTE: Requested by Micah March 26, 2006
+	NOTE: CVE-2006-2442 obtained, but might be a duplicate of CVE-2006-2192
 CVE-2006-XXXX [php5 response splitting]
 	- php5 5.1.2-1 (bug #347894)
 	- php4 <not-affected> (vulnerable code was introduced in PHP5)

More information about the Secure-testing-commits mailing list