[Secure-testing-commits] r3978 - data/CVE

Fri May 19 13:55:39 UTC 2006

Author: alec-guest
Date: 2006-05-19 13:55:35 +0000 (Fri, 19 May 2006)
New Revision: 3978

Modified:
   data/CVE/list
Log:
* found fixed versions of hamlib and mozilla-thunderbird
* opened bug for twiki


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2006-05-19 09:28:16 UTC (rev 3977)
+++ data/CVE/list	2006-05-19 13:55:35 UTC (rev 3978)
@@ -2361,7 +2361,7 @@
 	- tcpquota <unfixed> (bug #358369; low)
 	[sarge] - tcpquota <no-dsa> (Only exploitable with strange AFS cell name)
 CVE-2006-XXXX [hamlib3-perl rpath set to user home]
-	- hamlib <unfixed> (bug #358166; low)
+	- hamlib 1.2.5-3 (bug #358166; low)
 	[sarge] - hamlib <no-dsa> (Only exploitable with strange user name)
 CVE-2006-1550 (Multiple buffer overflows in the xfig import code (xfig-import.c) in ...)
 	{DSA-1025-1}
@@ -2593,7 +2593,7 @@
 CVE-2006-1388 (Unspecified vulnerability in Microsoft Internet Explorer 6.0 allows ...)
 	NOT-FOR-US: Internet Explorer
 CVE-2006-1387 (TWiki 4.0, 4.0.1, and 20010901 through 20040904 allows remote ...)
-	- twiki <unfixed>
+	- twiki <unfixed> (bug #367973)
 	TODO: see if fw's patch secures this in Debian
 CVE-2006-1386 (The (1) rdiff and (2) preview scripts in TWiki 4.0 and 4.0.1 ignore ...)
 	- twiki <not-affected> (only affects 4.0.0 - 4.1.0, version in Debian too young) 
@@ -5303,7 +5303,7 @@
 CVE-2006-0237 (Cross-site scripting (XSS) vulnerability in index.php in GTP iCommerce ...)
 	NOT-FOR-US: GTP iCommerce
 CVE-2006-0236 (GUI display truncation vulnerability in Mozilla Thunderbird 1.0.2, ...)
-	- mozilla-thunderbird <unfixed> (bug #349242; bug #363777; medium)
+	- mozilla-thunderbird 1.5.0.2-1 (bug #349242; bug #363777; medium)
 CVE-2006-0235 (SQL injection vulnerability in WhiteAlbum 2.5 allows remote attackers ...)
 	NOT-FOR-US: WhiteAlbum
 CVE-2006-0234 (SQL injection vulnerability in index.php in microBlog 2.0 RC-10 allows ...)


