[Secure-testing-commits] r4065 - data/CVE

Alec Berryman alec-guest at costa.debian.org
Tue May 23 23:49:17 UTC 2006


Author: alec-guest
Date: 2006-05-23 23:49:14 +0000 (Tue, 23 May 2006)
New Revision: 4065

Modified:
   data/CVE/list
Log:
* xmcd (medium)
* need to check for packages (if any?) shipping FCKeditor


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-05-23 23:45:04 UTC (rev 4064)
+++ data/CVE/list	2006-05-23 23:49:14 UTC (rev 4065)
@@ -15,7 +15,8 @@
 CVE-2006-2543 (Xtreme Topsites 1.1 allows remote attackers to trigger MySQL errors ...)
 	NOT-FOR-US: Xtreme Topsites
 CVE-2006-2542 (xmcdconfig in Debian GNU/Linux 2.6-17.1 creates /var/lib/cddb and ...)
-	TODO: check
+	TODO: check sarge and woody
+	- xmcd <unfixed> (bug #366816; medium)
 CVE-2006-2541 (SQL injection vulnerability in settings.asp in Zixforum 1.12 allows ...)
 	NOT-FOR-US: Zixforum
 CVE-2006-2540 (Privacy leak in install.php for Diesel PHP Job Site sends sensitive ...)
@@ -41,7 +42,7 @@
 CVE-2006-2530 (avatar_upload.asp in Avatar MOD 1.3 for Snitz Forums 3.4, and possibly ...)
 	NOT-FOR-US: Snitz mod
 CVE-2006-2529 (editor/filemanager/upload/php/upload.php in FCKeditor before 2.3 Beta, ...)
-	TODO: check
+	TODO: check packages that include FCKeditor (if any?)
 CVE-2006-2528 (PHP remote file inclusion vulnerability in classified_right.php in ...)
 	NOT-FOR-US: phpBazar
 CVE-2006-2527 (Admin/admin.php in phpBazar 2.1.0 and earlier allows remote attackers ...)




More information about the Secure-testing-commits mailing list