[Secure-testing-commits] r4003 - data/CVE

Alec Berryman alec-guest at costa.debian.org
Sat May 20 14:07:48 UTC 2006 

Author: alec-guest
Date: 2006-05-20 14:07:45 +0000 (Sat, 20 May 2006)
New Revision: 4003

Modified:
   data/CVE/list
Log:
* dia bug number
* libopenobex already fixed (sweet!)
* NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-05-20 13:20:47 UTC (rev 4002)
+++ data/CVE/list	2006-05-20 14:07:45 UTC (rev 4003)
@@ -24,8 +24,7 @@
 CVE-2006-2481
 	RESERVED
 CVE-2006-2480 (Format string vulnerability in Dia 0.94 allows user-complicit ...)
-	NOTE: will file a bug when I finish testing the patch - alec
-	- dia <unfixed> (low)
+	- dia <unfixed> (bug #368202; low)
 CVE-2006-2479 (The Update functionality in Bitrix Site Manager 4.1.x does not verify ...)
 	NOT-FOR-US: Bitrix
 CVE-2006-2478 (Bitrix Site Manager 4.1.x allows remote attackers to redirect users to ...)
@@ -55,8 +54,7 @@
 CVE-2006-2466 (BEA WebLogic Server 8.1 up to SP4 and 7.0 up to SP6 allows remote ...)
 	NOT-FOR-US: BEA
 CVE-2006-2465 (Buffer overflow in MP3Info 0.8.4 allows attackers to execute arbitrary ...)
-	NOTE: will file bug soon, poking around for a fix - alec
-	- mp3info <unfixed> (low)
+	- mp3info <unfixed> (bug filed; low)
 CVE-2006-2464 (stopWebLogic.sh in BEA WebLogic Server 8.1 before Service Pack 4 and ...)
 	NOT-FOR-US: BEA
 CVE-2006-2463 (view_album.php in SelectaPix 1.31 and earlier allows remote attackers ...)
@@ -248,15 +246,15 @@
 	- vnc4 4.1.1+X4.3.0-10 (high)
 	[sarge] - vnc4 <not-affected> (vuln not in 4.0)
 CVE-2006-2368 (Cross-site scripting (XSS) vulnerability in index.php in Clansys (aka ...)
-	TODO: check
+	NOT-FOR-US: Clansys
 CVE-2006-2367 (Cross-site scripting (XSS) vulnerability in index.php in Clansys (aka ...)
-	TODO: check
+	NOT-FOR-US: Clansys
 CVE-2006-2366 (ircp_io.c in libopenobex for ircp 1.2, when ircp is run with the -r ...)
-	TODO: check
+	- libopenobex 1.2-3 (bug #366484)
 CVE-2006-2365 (Cross-site scripting (XSS) vulnerability in a_login.php in Vizra ...)
-	TODO: check
+	NOT-FOR-US: Vizra
 CVE-2006-2364 (Cross-site scripting (XSS) vulnerability in the validation feature in ...)
-	TODO: check
+	NOT-FOR-US: Macromedia
 CVE-2006-2363 (SQL injection vulnerability in the weblinks option (weblinks.html.php) ...)
 	TODO: check
 CVE-2006-2362 (Buffer overflow in getsym in tekhex.c in libbfd in Free Software ...)

More information about the Secure-testing-commits mailing list