[Secure-testing-commits] r4003 - data/CVE
Alec Berryman
alec-guest at costa.debian.org
Sat May 20 14:07:48 UTC 2006
Author: alec-guest
Date: 2006-05-20 14:07:45 +0000 (Sat, 20 May 2006)
New Revision: 4003
Modified:
data/CVE/list
Log:
* dia bug number
* libopenobex already fixed (sweet!)
* NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-05-20 13:20:47 UTC (rev 4002)
+++ data/CVE/list 2006-05-20 14:07:45 UTC (rev 4003)
@@ -24,8 +24,7 @@
CVE-2006-2481
RESERVED
CVE-2006-2480 (Format string vulnerability in Dia 0.94 allows user-complicit ...)
- NOTE: will file a bug when I finish testing the patch - alec
- - dia <unfixed> (low)
+ - dia <unfixed> (bug #368202; low)
CVE-2006-2479 (The Update functionality in Bitrix Site Manager 4.1.x does not verify ...)
NOT-FOR-US: Bitrix
CVE-2006-2478 (Bitrix Site Manager 4.1.x allows remote attackers to redirect users to ...)
@@ -55,8 +54,7 @@
CVE-2006-2466 (BEA WebLogic Server 8.1 up to SP4 and 7.0 up to SP6 allows remote ...)
NOT-FOR-US: BEA
CVE-2006-2465 (Buffer overflow in MP3Info 0.8.4 allows attackers to execute arbitrary ...)
- NOTE: will file bug soon, poking around for a fix - alec
- - mp3info <unfixed> (low)
+ - mp3info <unfixed> (bug filed; low)
CVE-2006-2464 (stopWebLogic.sh in BEA WebLogic Server 8.1 before Service Pack 4 and ...)
NOT-FOR-US: BEA
CVE-2006-2463 (view_album.php in SelectaPix 1.31 and earlier allows remote attackers ...)
@@ -248,15 +246,15 @@
- vnc4 4.1.1+X4.3.0-10 (high)
[sarge] - vnc4 <not-affected> (vuln not in 4.0)
CVE-2006-2368 (Cross-site scripting (XSS) vulnerability in index.php in Clansys (aka ...)
- TODO: check
+ NOT-FOR-US: Clansys
CVE-2006-2367 (Cross-site scripting (XSS) vulnerability in index.php in Clansys (aka ...)
- TODO: check
+ NOT-FOR-US: Clansys
CVE-2006-2366 (ircp_io.c in libopenobex for ircp 1.2, when ircp is run with the -r ...)
- TODO: check
+ - libopenobex 1.2-3 (bug #366484)
CVE-2006-2365 (Cross-site scripting (XSS) vulnerability in a_login.php in Vizra ...)
- TODO: check
+ NOT-FOR-US: Vizra
CVE-2006-2364 (Cross-site scripting (XSS) vulnerability in the validation feature in ...)
- TODO: check
+ NOT-FOR-US: Macromedia
CVE-2006-2363 (SQL injection vulnerability in the weblinks option (weblinks.html.php) ...)
TODO: check
CVE-2006-2362 (Buffer overflow in getsym in tekhex.c in libbfd in Free Software ...)
More information about the Secure-testing-commits
mailing list