[Secure-testing-commits] r4940 - data/CVE

Stefan Fritsch stef-guest at alioth.debian.org
Wed Nov 8 21:53:59 CET 2006 

Author: stef-guest
Date: 2006-11-08 21:53:57 +0100 (Wed, 08 Nov 2006)
New Revision: 4940

Modified:
   data/CVE/list
Log:
- CVE-2006-5779: new openldap DoS
- CVE-2006-5757: new linux DoS
- phpmyadmin CVEified
- CVE-2006-5706: new php openbasedir issue
- CVE-2006-5705: wordpress issue already fixed


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-11-08 20:27:49 UTC (rev 4939)
+++ data/CVE/list	2006-11-08 20:53:57 UTC (rev 4940)
@@ -29,7 +29,8 @@
 CVE-2006-5780 (Stack-based buffer overflow in nfsd.exe in XLink Omni-NFS Server 5.2 ...)
 	NOT-FOR-US: XLink Omni-NFS
 CVE-2006-5779 (Unspecified vulnerability in the openldap-2.2.29-1 package of OpenLDAP ...)
-	TODO: check
+	- openldap2.2 <unfixed> (bug filed)
+	- openldap2.3 <unfixed>
 CVE-2006-5777 (Creasito E-Commerce Content Manager 1.3.08 allows remote attackers to ...)
 	NOT-FOR-US: Creasito E-Commerce Content Manager
 CVE-2006-5776 (** DISPUTED ** ...)
@@ -71,7 +72,7 @@
 CVE-2006-5758 (Microsoft Windows 2000 through 2000 SP4 and Windows XP through SP2 ...)
 	NOT-FOR-US: Microsoft
 CVE-2006-5757 (Race condition in the __find_get_block_slow function in the ISO9660 ...)
-	TODO: check
+	- linux-2.6 <unfixed> (low)
 CVE-2006-5756
 	RESERVED
 CVE-2006-5755
@@ -147,7 +148,8 @@
 CVE-2006-5719 (SQL injection vulnerability in libs/sessions.lib.php in BytesFall ...)
 	NOT-FOR-US: BytesFall Explorer (bfExplorer)
 CVE-2006-5718 (Cross-site scripting (XSS) vulnerability in error.php in phpMyAdmin ...)
-	TODO: check
+	- phpmyadmin 4:2.9.0.3-1 (low; bug #396638)
+	[sarge]	- phpmyadmin <not-affected> (Vulnerable code not present)
 CVE-2006-5717 (Multiple cross-site scripting (XSS) vulnerabilities in Zend Google ...)
 	NOT-FOR-US: Zend Google Data Client Library (ZendGData)
 CVE-2006-5716 (Directory traversal vulnerability in aff_news.php in FreeNews 2.1 ...)
@@ -171,9 +173,11 @@
 CVE-2006-5707 (SQL injection vulnerability in index.php in PHPEasyData Pro 1.4.1 and ...)
 	NOT-FOR-US: PHPEasyData
 CVE-2006-5706 (Unspecified vulnerabilities in PHP, probably before 5.2.0, allow local ...)
-	TODO: check
+	- php5 5.2.0-1
+	- php4 <unfixed> (low)
+	[sarge] - php4 <no-dsa> (open_basedir not supported)
 CVE-2006-5705 (Directory traversal vulnerability in plugins/wp-db-backup.php in ...)
-	TODO: check
+	- wordpress 2.0.5-0.1
 CVE-2006-5704 (HP NonStop Server G06.29, when running Standard Security T6533G06 ...)
 	NOT-FOR-US: HP
 CVE-2006-5703 (Cross-site scripting (XSS) vulnerability in tiki-featured_link.php in ...)
@@ -284,9 +288,6 @@
 	NOT-FOR-US: DigiOz Guestbook
 CVE-2006-5650 (The ICQPhone.SipxPhoneManager ActiveX control in America Online ICQ ...)
 	NOT-FOR-US: ICQPhone.SipxPhoneManager
-CVE-2006-XXXX [phpmyadmin XSS (PMASA-2006-6)]
-	- phpmyadmin 4:2.9.0.3-1 (low; bug #396638)
-	[sarge]	- phpmyadmin <not-affected> (Vulnerable code not present)
 CVE-2006-XXXX [avahi fake netlink message vulnerability ]
 	- avahi 0.6.15-1 (low)
 CVE-2006-5649

More information about the Secure-testing-commits mailing list