[Secure-testing-commits] r3971 - data/CVE

Moritz Muehlenhoff jmm-guest at costa.debian.org
Thu May 18 23:13:32 UTC 2006 

Author: jmm-guest
Date: 2006-05-18 23:13:26 +0000 (Thu, 18 May 2006)
New Revision: 3971

Modified:
   data/CVE/list
Log:
new nessus issues
bugnums
NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-05-18 21:14:24 UTC (rev 3970)
+++ data/CVE/list	2006-05-18 23:13:26 UTC (rev 3971)
@@ -42,7 +42,7 @@
 	- dovecot 1.0.beta8-1 (low)
 	[sarge] - dovecot <not-affected> (vulnerability introduced in 1.0)
 CVE-2006-2341 (The HTTP proxy in Symantec Gateway Security 5000 Series 2.0.1 and 3.0, ...)
-	TODO: check
+	NOT-FOR-US: Symantec Gateway Security
 CVE-2006-2340 (Cross-site scripting (XSS) vulnerability in PassMasterFlex and ...)
 	TODO: check
 CVE-2006-2339 (SQL injection vulnerability in index.php in evoTopsites 2.x and ...)
@@ -52,7 +52,7 @@
 CVE-2006-2337 (Directory traversal vulnerability in webcm in the D-Link DSL-G604T ...)
 	TODO: check
 CVE-2006-2336 (SQL injection vulnerability in showthread.php in MyBB (aka ...)
-	TODO: check
+	NOT-FOR-US: MyBB
 CVE-2006-2335 (Jelsoft vBulletin accepts uploads of Cascading Style Sheets (CSS) and ...)
 	TODO: check
 CVE-2006-2334 (The RtlDosPathNameToNtPathName_U API function in NTDLL.DLL in ...)
@@ -62,9 +62,9 @@
 CVE-2006-2332 (Mozilla Firefox 1.5.0.3 allows remote attackers to cause a denial of ...)
 	TODO: check
 CVE-2006-2331 (Multiple directory traversal vulnerabilities in PHP-Fusion 6.00.306 ...)
-	TODO: check
+	NOT-FOR-US: PHP-Fusion
 CVE-2006-2330 (PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server ...)
-	TODO: check
+	NOT-FOR-US: PHP-Fusion
 CVE-2006-2329 (AngelineCMS 0.6.5 and earlier allow remote attackers to obtain ...)
 	TODO: check
 CVE-2006-2328 (SQL injection vulnerability in lib/adodb/server.php in AngelineCMS ...)
@@ -254,7 +254,7 @@
 	TODO: check
 CVE-2006-2237 (The web interface for AWStats 6.4 and 6.5, when statistics updates are ...)
 	{DSA-1058-1}
-	- awstats 6.5-2 (bug #365909; medium)
+	- awstats 6.5-2 (bug #365909; bug #365910; medium)
 CVE-2006-2236 (Buffer overflow in the Quake 3 Engine, as used by (1) ET 2.60, (2) ...)
 	- quake3 <itp> (bug #337937)
 CVE-2006-2235 (CodeMunkyX (aka free-php.net) Simple Poll 1.0, when authentication is ...)
@@ -418,7 +418,7 @@
 CVE-2006-2163 (Cross-site scripting (XSS) vulnerability in index.php in Pinnacle Cart ...)
 	TODO: check
 CVE-2006-2162 (Buffer overflow in CGI scripts in Nagios 1.x before 1.4 and 2.x before ...)
-	- nagios 2:1.4-1 (bug #366682; medium)
+	- nagios 2:1.4-1 (bug #366682; bug #366803; medium)
 	- nagios2 2.3-1 (bug #366683; medium)
 CVE-2006-2161 (Buffer overflow in TZipBuilder 1.79.03.01 allows remote attackers to ...)
 	TODO: check
@@ -562,7 +562,7 @@
 CVE-2006-2094 (Microsoft Internet Explorer before Windows XP Service Pack 2 and ...)
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2006-2093 (Nessus before 2.2.8, and 3.x before 3.0.3, allows user-complicit ...)
-	TODO: check
+	- libnasl <unfixed> (bug #365898; low)
 CVE-2006-2092 (Unspecified vulnerability in HP StorageWorks Secure Path for Windows ...)
 	TODO: check
 CVE-2006-2091 (admin.php in Virtual War (VWar) 1.5 and versions before 1.2 allows ...)
@@ -835,7 +835,7 @@
 	NOT-FOR-US: FlexBB
 CVE-2006-1993 (Mozilla Firefox 1.5.0.2, when designMode is enabled, allows remote ...)
 	{DSA-1055-1 DSA-1053-1}
-	- firefox 1.5.dfsg+1.5.0.3-1 (high) 
+	- firefox 1.5.dfsg+1.5.0.3-1 (bug #364810; high) 
 	[sarge] - mozilla-firefox 1.0.4-2sarge7 (high) 
 	[sarge] - mozilla 1.7.8-1sarge6 (high) 
 	- mozilla <unfixed> (high) 
@@ -3466,7 +3466,7 @@
 CVE-2006-0904
 	RESERVED
 CVE-2006-0903 (MySQL 5.0.18 and earlier allows local users to bypass logging ...)
-	- mysql-dfsg-5.0 5.0.19-3 (bug #359701)
+	- mysql-dfsg-5.0 5.0.19-3 (bug #359701; bug #366162; bug #366163)
 CVE-2006-0902
 	RESERVED
 CVE-2006-0901 (Unspecified vulnerability in the hsfs filesystem in Solaris 8, 9, and ...)
@@ -4057,7 +4057,7 @@
 	- binutils <not-affected> (SuSE specific vulnerability)
 CVE-2006-0645 (Tiny ASN.1 Library (libtasn1) before 0.2.18, as used by (1) GnuTLS ...)
 	{DSA-986-1 DSA-985-1}
-	- libtasn1-2 <unfixed> (bug #352182)
+	- libtasn1-2 <unfixed> (bug #352182; bug #365234)
 	NOTE: upload of 0.3.1-1 was reverted in 1:0.2.17-2 because of soname change
 	- gnutls13 1.3.5-1
 	- gnutls12 <unfixed>

More information about the Secure-testing-commits mailing list