[Secure-testing-commits] r4962 - data/CVE
Stefan Fritsch
stef-guest at alioth.debian.org
Mon Nov 13 22:50:19 CET 2006
Author: stef-guest
Date: 2006-11-13 22:50:18 +0100 (Mon, 13 Nov 2006)
New Revision: 4962
Modified:
data/CVE/list
Log:
- CVE-2006-5633, CVE-2006-5464, CVE-2006-5463, CVE-2006-5462:
new mozilla* issues (high)
- CVE-2006-5467: new ruby issue (medium)
- CVE-2006-5397: new libx11 issue (low)
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-11-13 21:14:00 UTC (rev 4961)
+++ data/CVE/list 2006-11-13 21:50:18 UTC (rev 4962)
@@ -394,7 +394,13 @@
CVE-2006-5634 (Multile PHP remote file inclusion vulnerabilities in phpProfiles 2.1 ...)
NOT-FOR-US: phpProfiles
CVE-2006-5633 (Firefox 1.5.0.7 and 2.0 allows remote attackers to cause a denial of ...)
- TODO: check
+ - firefox <unfixed> (low)
+ - thunderbird <removed> (low)
+ - icedove <unfixed> (low)
+ - mozilla <unfixed> (low)
+ - xulrunner <unfixed> (low)
+ - mozilla-firefox <removed> (low)
+ - mozilla-thunderbird <removed> (low)
CVE-2006-5632 (Cross-site scripting (XSS) vulnerability in change_pass.php in iG Shop ...)
NOT-FOR-US: iG Shop
CVE-2006-5631 (Cross-site scripting (XSS) vulnerability in change_pass.php in iG Shop ...)
@@ -637,7 +643,7 @@
CVE-2006-5515 (Cross-site scripting (XSS) vulnerability in lib-history.inc.php in ...)
NOT-FOR-US: phpPgAds / phpAdsNew
CVE-2006-5514 (SQL injection vulnerability in quiz.php in Web Group Communication ...)
- TODO: check
+ NOT-FOR-US: Web Group Communication
CVE-2006-5513 (SQL injection vulnerability in GeoNetwork opensource before 2.0.3 ...)
NOT-FOR-US: GeoNetwork opensource
CVE-2005-4814 (Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when ...)
@@ -743,7 +749,8 @@
CVE-2006-5468 (Unspecified vulnerability in the HTTP dissector in Wireshark (formerly ...)
- wireshark 0.99.4-1 (bug #396258; medium)
CVE-2006-5467 (The cgi.rb CGI library for Ruby 1.8 allows remote attackers to cause a ...)
- TODO: check
+ - ruby1.8 <unfixed> (medium; bug filed)
+ - ruby1.9 <unfixed> (medium)
CVE-2006-5466 (Heap-based buffer overflow in the showQueryPackage function in librpm ...)
- rpm 4.4.1-11 (low)
[sarge] - rpm <no-dsa> (You need to trust the RPMs you're installing)
@@ -753,11 +760,31 @@
- php4 4:4.4.4-4 (high; bug #396764)
- php5 5.1.6-6 (high; bug #396766)
CVE-2006-5464 (Multiple unspecified vulnerabilities in the layout engine in Mozilla ...)
- TODO: check
+ - firefox <unfixed> (low)
+ - thunderbird <removed> (low)
+ - icedove <unfixed> (low)
+ - mozilla <unfixed> (low)
+ - xulrunner <unfixed> (low)
+ - mozilla-firefox <removed> (low)
+ - mozilla-thunderbird <removed> (low)
CVE-2006-5463 (Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, ...)
- TODO: check
+ - firefox <unfixed> (high)
+ - thunderbird <removed> (medium)
+ - icedove <unfixed> (medium)
+ - mozilla <unfixed> (high)
+ - xulrunner <unfixed> (high)
+ - mozilla-firefox <removed> (high)
+ - mozilla-thunderbird <removed> (medium)
CVE-2006-5462 (Mozilla Network Security Service (NSS) library before 3.11.3, as used ...)
- TODO: check
+ NOTE: this is the similar to CVE-2006-4339, see also CVE-2006-4340
+ NOTE: the fixes for CVE-2006-4340 were incomplete
+ - firefox <unfixed> (high)
+ - thunderbird <removed> (medium)
+ - icedove <unfixed> (medium)
+ - mozilla <unfixed> (high)
+ - xulrunner <unfixed> (high)
+ - mozilla-firefox <removed> (high)
+ - mozilla-thunderbird <removed> (medium)
CVE-2006-5461
RESERVED
CVE-2006-XXXX [diffmon information leakage]
@@ -894,7 +921,7 @@
CVE-2006-5398 (SQL injection vulnerability in comments.php in Simplog 0.9.3.1 allows ...)
NOT-FOR-US: Simplog
CVE-2006-5397 (The Xinput module (modules/im/ximcp/imLcIm.c) in X.Org libX11 1.0.2 ...)
- TODO: check
+ - libx11 <unfixed> (low, bug filed)
CVE-2006-5396 (The tcp_fuse_rcv_drain function in the Sun Solaris 10 kernel before ...)
NOT-FOR-US: Sun Solaris
CVE-2006-5395 (Buffer overflow in Microsoft Class Package Export Tool (aka ...)
More information about the Secure-testing-commits
mailing list