[Secure-testing-commits] r3965 - data/CVE

Thu May 18 16:36:31 UTC 2006

Author: jmm-guest
Date: 2006-05-18 16:36:27 +0000 (Thu, 18 May 2006)
New Revision: 3965

Modified:
   data/CVE/list
Log:
- some updates by Alec Berryman
- no-dsa for bind9-dos


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2006-05-18 15:48:10 UTC (rev 3964)
+++ data/CVE/list	2006-05-18 16:36:27 UTC (rev 3965)
@@ -27,6 +27,7 @@
 CVE-2006-2347 (E-Business Designer (eBD) 3.1.4 and earlier allows remote attackers to ...)
 	NOT-FOR-US: E-Business Designer
 CVE-2006-2346 (vpopmail 5.4.14 and 5.4.15, with cleartext passwords enabled, allows ...)
+        - vpopmail <not-affected> (vulnerability introduced in 5.4.14)
 	NOTE: Unable to reach CVS to determine if prior versions are affected
 	NOTE: Micah will return to this one
 CVE-2006-2345 (Cross-site scripting (XSS) vulnerability in inc/elementz.php in ...)
@@ -109,25 +110,25 @@
 CVE-2006-2308
 	RESERVED
 CVE-2006-2307 (Cross-site scripting (XSS) vulnerability in Website Baker CMS allows ...)
-	TODO: check
+	NOT-FOR-US: Webiste Banker
 CVE-2006-2306 (Cross-site scripting (XSS) vulnerability in moreinfo.asp in ...)
-	TODO: check
+	NOT-FOR-US: EPublisherPro
 CVE-2006-2305 (Multiple cross-site scripting (XSS) vulnerabilities in Jadu CMS allow ...)
-	TODO: check
+	NOT-FOR-US: Jadu
 CVE-2006-2304 (Buffer overflow in DPRPCW32.DLL in Novell Client 4.83 SP3, 4.90 SP2 ...)
-	TODO: check
+	NOT-FOR-US: Novell software for Windows
 CVE-2006-2303 (Cross-Application Scripting (XAS) vulnerability in ICQ Client 5.04 ...)
-	TODO: check
+	NOT-FOR-US: Windows ICQ client
 CVE-2006-2302 (SQL injection vulnerability in admin_default.asp in DUGallery 2.x ...)
-	TODO: check
+	NOT-FOR-US: DUGallery
 CVE-2006-2301 (SQL injection vulnerability in admin_default.asp in OzzyWork Galeri ...)
-	TODO: check
+	NOT-FOR-US: OzzyWork
 CVE-2006-2300 (Multiple SQL injection vulnerabilities in EImagePro allow remote ...)
-	TODO: check
+	NOT-FOR-US: EImagePro
 CVE-2006-2299
 	RESERVED
 CVE-2006-2298 (The Internet Key Exchange version 1 (IKEv1) implementation in the ...)
-	TODO: check
+	NOT-FOR-US: Solaris
 CVE-2006-2297 (Heap-based buffer overflow in Microsoft Infotech Storage System ...)
 	NOT-FOR-US: Microsoft Infotech Storage System
 CVE-2006-2296 (SQL injection vulnerability in search_result.asp in EDirectoryPro 2.0 ...)
@@ -602,7 +603,8 @@
 CVE-2006-2074 (Unspecified vulnerability in Juniper Networks JUNOSe E-series routers ...)
 	NOT-FOR-US: Juniper Networks JUNOSe
 CVE-2006-2073 (Unspecified vulnerability in ISC BIND allows remote attackers to cause ...)
-	TODO: check
+	- bind9 <unfixed> (low)
+	[sarge] - bind9 <no-dsa> (Only exploitable by trusted users after TSIG transaction)
 CVE-2006-2072 (Multiple unspecified vulnerabilities in DeleGate 9.x before 9.0.6 and ...)
 	TODO: check
 CVE-2005-4793 (Multiple unspecified vulnerabilities in the web utility function in ...)
@@ -2631,7 +2633,7 @@
 CVE-2006-1270 (Multiple cross-site scripting (XSS) vulnerabilities in zones.php in ...)
 	NOT-FOR-US: Inprotect
 CVE-2006-1269 (Buffer overflow in the parse function in parse.c in zoo 2.10 might ...)
-	- zoo <unfixed> (low)
+	- zoo <unfixed> (bug #367858; low)
 	[sarge] - zoo <no-dsa> (Attack vector very far-fetched, hardly exploitable)
 CVE-2006-1268 (The Internet Key Exchange implementation in Funkwerk X2300 7.2.1 ...)
 	NOT-FOR-US: Funkwerk X2300
@@ -3573,7 +3575,7 @@
 	NOT-FOR-US: SmE GB Host
 CVE-2006-0855 (Stack-based buffer overflow in the fullpath function in misc.c for zoo ...)
 	{DSA-991-1}
-	- zoo <unfixed> (bug #354461)
+	- zoo 2.10-17 (bug #354461)
 CVE-2006-0854 (PHP remote file inclusion vulnerability in common.php in Intensive ...)
 	NOT-FOR-US: Intensive Point iUser Ecommerce
 CVE-2006-0853 (Buffer overflow in the IMAP service of TrueNorth Internet Anywhere ...)
@@ -7443,7 +7445,7 @@
 	{DSA-1018-1 DSA-1017-1}
 	- linux-2.6 2.6.12-6
 CVE-2005-3856 (The Popular URL capability (popularurls.cpp) in Krusader 1.60.0 and ...)
-	- krusader <unfixed> (bug #336169; low)
+	- krusader 1.70.0-1 (bug #336169; low)
 CVE-2005-3855 (SQL injection vulnerability in process.php in 1-2-3 music store allows ...)
 	NOT-FOR-US: 1-2-3 music store
 CVE-2005-3854 (Cross-site scripting (XSS) vulnerability in index.php in EasyPageCMS ...)


