[Secure-testing-commits] r4961 - data/CVE

Stefan Fritsch stef-guest at alioth.debian.org
Mon Nov 13 22:14:01 CET 2006 

Author: stef-guest
Date: 2006-11-13 22:14:00 +0100 (Mon, 13 Nov 2006)
New Revision: 4961

Modified:
   data/CVE/list
Log:
- postgresql DoSs CVEified
- some freebsd issues
- CVE-2006-5747/8: new mozilla* issues (high)


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-11-13 20:59:58 UTC (rev 4960)
+++ data/CVE/list	2006-11-13 21:14:00 UTC (rev 4961)
@@ -148,9 +148,21 @@
 CVE-2006-5749
 	RESERVED
 CVE-2006-5748 (Multiple unspecified vulnerabilities in the JavaScript engine in ...)
-	TODO: check
+	- firefox <unfixed> (high)
+	- thunderbird <removed> (medium)
+	- icedove <unfixed> (medium)
+	- mozilla <unfixed> (high)
+	- xulrunner <unfixed> (high)
+	- mozilla-firefox <removed> (high)
+	- mozilla-thunderbird <removed> (medium)
 CVE-2006-5747 (Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, ...)
-	TODO: check
+	- firefox <unfixed> (high)
+	- thunderbird <removed> (medium)
+	- icedove <unfixed> (medium)
+	- mozilla <unfixed> (medium)
+	- xulrunner <unfixed> (high)
+	- mozilla-firefox <removed> (high)
+	- mozilla-thunderbird <removed> (medium)
 CVE-2006-5746 (The console in AirMagnet Enterprise does not properly validate the ...)
 	NOT-FOR-US: AirMagnet
 CVE-2006-5745 (Unspecified vulnerability in the setRequestHeader method in the ...)
@@ -287,7 +299,8 @@
 CVE-2006-5680
 	RESERVED
 CVE-2006-5679 (Integer overflow in the ffs_mountfs function in FreeBSD 6.1 allows ...)
-	TODO: check
+	- kfreebsd-5 <unfixed>
+	[etch] - kfreebsd-5 <no-dsa> (no security support for freebsd)
 CVE-2006-5678 (** DISPUTED ** ...)
 	NOT-FOR-US: Les Visiteurs
 CVE-2006-5677 (resmom/start_exec.c in pbs_mom in TORQUE Resource Manager 2.0.0p8 and ...)
@@ -543,7 +556,8 @@
 CVE-2006-5551 (Stack-based buffer overflow in QK SMTP 3.01 and earlier might allow ...)
 	NOT-FOR-US: QK SMTP
 CVE-2006-5550 (The kernel in FreeBSD 6.1 and OpenBSD 4.0 allows local users to cause ...)
-	TODO: check
+	- kfreebsd-5 <unfixed>
+	[etch] - kfreebsd-5 <no-dsa> (no security support for freebsd)
 CVE-2006-5549 (** DISPUTED ** ...)
 	NOT-FOR-US: Adobe PHP SDK
 CVE-2006-5548 (PHP remote file inclusion vulnerability in OTSCMS/OTSCMS.php in Open ...)
@@ -559,11 +573,19 @@
 CVE-2006-5543 (PHP remote file inclusion vulnerability in misc/function.php3 in PHP ...)
 	NOT-FOR-US: PHP Generator of Object SQL Database
 CVE-2006-5542 (backend/tcop/postgres.c in PostgreSQL 8.1.x before 8.1.5 allows remote ...)
-	TODO: check
+	- postgresql-8.1 8.1.5-1 (unimportant)
+	NOTE: All crashes can only be triggered by authenticated users, these are not
+	NOTE: treated as vulnerabilities.
 CVE-2006-5541 (backend/parser/parse_coerce.c in PostgreSQL 7.4.1 through 7.4.14, ...)
-	TODO: check
+	- postgresql-7.4 1:7.4.14-1 (unimportant)
+	- postgresql-8.1 8.1.5-1 (unimportant)
+	[sarge] - postgresql <unfixed> (unimportant)
+	NOTE: All crashes can only be triggered by authenticated users, these are not
+	NOTE: treated as vulnerabilities.
 CVE-2006-5540 (backend/parser/analyze.c in PostgreSQL 8.1.x before 8.1.5 allows ...)
-	TODO: check
+	- postgresql-8.1 8.1.5-1 (unimportant)
+	NOTE: All crashes can only be triggered by authenticated users, these are not
+	NOTE: treated as vulnerabilities.
 CVE-2006-5539 (PHP remote file inclusion vulnerability in login/secure.php in ...)
 	NOT-FOR-US: UeberProject Management System
 CVE-2006-5538 (D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allows remote ...)
@@ -687,9 +709,11 @@
 CVE-2006-5484 (SSH Tectia Client/Server/Connector 5.1.0 and earlier, Manager 2.2.0 ...)
 	NOT-FOR-US: SSH Tectia
 CVE-2006-5483 (p1003_1b.c in FreeBSD 6.1 allows local users to cause an unspecified ...)
-	TODO: check
+	- kfreebsd-5 <unfixed>
+	[etch] - kfreebsd-5 <no-dsa> (no security support for freebsd)
 CVE-2006-5482 (ufs_vnops.c in FreeBSD 6.1 allows local users to cause an unspecified ...)
-	TODO: check
+	- kfreebsd-5 <unfixed>
+	[etch] - kfreebsd-5 <no-dsa> (no security support for freebsd)
 CVE-2006-5481 (Multiple PHP remote file inclusion vulnerabilities in Castor 1.1.1 ...)
 	NOT-FOR-US: Castor
 CVE-2006-5480 (PHP remote file inclusion vulnerability in lib/rs.php in Castor 1.1.1 ...)
@@ -738,12 +762,6 @@
 	RESERVED
 CVE-2006-XXXX [diffmon information leakage]
 	- diffmon 20020222-2.2 (bug #382132)
-CVE-2006-XXXX [postgres DoSs]
-	- postgresql-7.4 1:7.4.14-1 (unimportant)
-	- postgresql-8.1 8.1.5-1 (unimportant)
-	[sarge] - postgresql <unfixed> (unimportant)
-	NOTE: All crashes can only be triggered by authenticated users, these are not
-	NOTE: treated as vulnerabilities.
 CVE-2006-5460 (** DISPUTED ** ...)
 	NOT-FOR-US: phpht Topsites
 CVE-2006-5459 (Multiple PHP remote file inclusion vulnerabilities in Download-Engine ...)
@@ -2805,7 +2823,8 @@
 CVE-2006-4517 (Novell iManager 2.5 and 2.0.2 allows remote attackers to cause a ...)
 	NOT-FOR-US: Novell iManager
 CVE-2006-4516 (Integer signedness error in FreeBSD 6.0-RELEASE allows local users to ...)
-	TODO: check
+	- kfreebsd-5 <unfixed>
+	[etch] - kfreebsd-5 <no-dsa> (no security support for freebsd)
 CVE-2006-4515
 	RESERVED
 CVE-2006-4514

More information about the Secure-testing-commits mailing list