[Secure-testing-commits] r4971 - data/CVE
Moritz Muehlenhoff
jmm-guest at alioth.debian.org
Thu Nov 16 19:13:27 CET 2006
Author: jmm-guest
Date: 2006-11-16 19:13:25 +0100 (Thu, 16 Nov 2006)
New Revision: 4971
Modified:
data/CVE/list
Log:
avahi CVEfied
libx11 fixed
new texinfo issue
several no-dsa for minor issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-11-15 21:59:18 UTC (rev 4970)
+++ data/CVE/list 2006-11-16 18:13:25 UTC (rev 4971)
@@ -494,8 +494,6 @@
NOT-FOR-US: DigiOz Guestbook
CVE-2006-5650 (The ICQPhone.SipxPhoneManager ActiveX control in America Online ICQ ...)
NOT-FOR-US: ICQPhone.SipxPhoneManager
-CVE-2006-XXXX [avahi fake netlink message vulnerability ]
- - avahi 0.6.15-1 (low)
CVE-2006-5649
RESERVED
CVE-2006-5648
@@ -920,7 +918,7 @@
- xulrunner <unfixed> (high)
- mozilla-thunderbird <removed> (medium)
CVE-2006-5461 (Avahi before 0.6.15 does not verify the sender identity of netlink ...)
- TODO: check
+ - avahi 0.6.15-1 (low)
CVE-2006-XXXX [diffmon information leakage]
- diffmon 20020222-2.2 (bug #382132)
CVE-2006-5460 (** DISPUTED ** ...)
@@ -1055,7 +1053,7 @@
CVE-2006-5398 (SQL injection vulnerability in comments.php in Simplog 0.9.3.1 allows ...)
NOT-FOR-US: Simplog
CVE-2006-5397 (The Xinput module (modules/im/ximcp/imLcIm.c) in X.Org libX11 1.0.2 ...)
- - libx11 <unfixed> (low; bug #398460)
+ - libx11 2:1.0.3-3 (low; bug #398460)
CVE-2006-5396 (The tcp_fuse_rcv_drain function in the Sun Solaris 10 kernel before ...)
NOT-FOR-US: Sun Solaris
CVE-2006-5395 (Buffer overflow in Microsoft Class Package Export Tool (aka ...)
@@ -1271,8 +1269,10 @@
NOT-FOR-US: Gcontact
CVE-2006-5298 (The mutt_adv_mktemp function in the Mutt mail client 1.5.12 and ...)
- mutt <unfixed> (bug #396104; low)
+ [sarge] - mutt <no-dsa> (Minor issue, tmp dirs on NFS cause problems in many scenarios)
CVE-2006-5297 (Race condition in the safe_open function in the Mutt mail client ...)
- mutt <unfixed> (bug #396104; low)
+ [sarge] - mutt <no-dsa> (Minor issue, tmp dirs on NFS cause problems in many scenarios)
CVE-2006-5296 (Buffer overflow in Microsoft Office 2003 PowerPoint allows ...)
NOT-FOR-US: Microsoft
CVE-2006-5294 (Cross-site scripting (XSS) vulnerability in index.php in phplist ...)
@@ -1480,7 +1480,7 @@
CVE-2006-5199 (Adobe Contribute Publishing Server leaks the administrator password in ...)
NOT-FOR-US: Adobe
CVE-2006-5198 (The WZFILEVIEW.FileViewCtrl.61 ActiveX control (aka Sky Software ...)
- TODO: check
+ NOT-FOR-US: WinZip
CVE-2006-5197 (PDshopPro stores sensitive information under the web root with ...)
NOT-FOR-US: PDshopPro
CVE-2006-5196 (The HTTP interface in the Motorola SURFboard SB4200 Cable Modem allows ...)
@@ -2304,7 +2304,8 @@
- qt-x11-free 3:3.3.7-1 (bug #394192; bug #394313)
- qt4-x11 4.2.1-1 (bug #394192)
CVE-2006-4810 (Buffer overflow in the readline function in util/texindex.c, as used ...)
- TODO: check
+ - texinfo <unfixed>
+ TODO: File bug
CVE-2006-4809 (Stack-based buffer overflow in loader_pnm.c in imlib2 before 1.2.1, ...)
- imlib2 1.3.0.0debian1-3 (medium; bug #397371)
CVE-2006-4808 (Heap-based buffer overflow in loader_tga.c in imlib2 before 1.2.1, and ...)
@@ -2558,15 +2559,15 @@
CVE-2006-4692 (Argument injection vulnerability in the Windows Object Packager ...)
NOT-FOR-US: Microsoft Word
CVE-2006-4691 (Buffer overflow in the Workstation service in Microsoft Windows 2000 ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-4690
RESERVED
CVE-2006-4689 (Unspecified vulnerability in the driver for the Client Service for ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-4688 (Buffer overflow in Client Service for NetWare (CSNW) in Microsoft ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-4687 (Microsoft Internet Explorer 5.01 through 6 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-4686 (Buffer overflow in the Extensible Stylesheet Language Transformations ...)
NOT-FOR-US: Microsoft
CVE-2006-4685 (The XMLHTTP ActiveX control in Microsoft XML Parser 2.6 and XML Core ...)
@@ -6860,7 +6861,9 @@
- squirrelmail 2:1.4.7-1 (unimportant; bug #373731)
NOTE: Only exploitable with register_globals enabled
CVE-2006-XXXX [webalizer: symlink vulnerability]
- - webalizer 2.01.10-29 (bug #359745)
+ - webalizer 2.01.10-29 (low; bug #359745)
+ [sarge] - webalizer <no-dsa> (Minor issue)
+ NOTE: Only exploitable in far-fetched scenarios, running it as root is insecure anyway
CVE-2006-2805 (SQL injection vulnerability in VBulletin 3.0.10 allows remote ...)
NOT-FOR-US: vBulletin
CVE-2006-2804 (Cross-site scripting (XSS) vulnerability in index.cfm in Goss ...)
@@ -10619,9 +10622,11 @@
CVE-2006-1281 (Cross-site scripting (XSS) vulnerability in member.php in ...)
NOT-FOR-US: MyBB
CVE-2006-1280 (CGI::Session 4.03-1 does not set proper permissions on temporary files ...)
- - libcgi-session-perl 4.07-1 (bug #356555)
+ - libcgi-session-perl 4.07-1 (low; bug #356555)
+ [sarge] - libcgi-session-perl <no-dsa> (Minor issues)
CVE-2006-1279 (CGI::Session 4.03-1 allows local users to overwrite arbitrary files ...)
- - libcgi-session-perl 4.11-1 (bug #356555)
+ - libcgi-session-perl 4.11-1 (low; bug #356555)
+ [sarge] - libcgi-session-perl <no-dsa> (Minor issues)
CVE-2006-1278 (SQL injection vulnerability in @1 File Store 2006.03.07 allows remote ...)
NOT-FOR-US: @1 File Store
CVE-2006-1277 (Cross-site scripting (XSS) vulnerability in signup.php in @1 File ...)
@@ -11385,6 +11390,7 @@
NOT-FOR-US: NOD32
CVE-2006-0950 (unalz 0.53 allows user-assisted attackers to overwrite arbitrary ...)
- unalz 0.55-1 (bug #356832; low)
+ [sarge] - unalz <no-dsa> (Minor issue)
CVE-2006-0949 (RaidenHTTPD 1.1.47 allows remote attackers to obtain source code of ...)
NOT-FOR-US: RaidenHTTPD
CVE-2006-0948 (AOL 9.0 Security Edition revision 4184.2340, and probably other ...)
@@ -12155,6 +12161,7 @@
NOT-FOR-US: Invision Power Board
CVE-2006-0632 (The gen_rand_string function in phpBB 2.0.19 uses insufficiently ...)
- phpbb2 2.0.20 (low)
+ [sarge] - phpbb2 <no-dsa> (Minor issue)
NOTE: According to maintainers phpbb2 doesn't have useful countermeasures against
NOTE: brute-force password guessing and as password seeding is based on milliseconds
NOTE: NTP-timed attacks may even be in the area of a couple thousands attempts
@@ -23268,9 +23275,9 @@
NOT-FOR-US: sysreport
CVE-2005-1759 (Race condition in shtool 2.0.1 and earlier allows local users to ...)
- shtool 2.0.1-2 (low)
+ [sarge] - shtool <no-dsa> (Minor issue)
- mysql-ocaml 1.0.3-6 (unimportant)
- php4 4:4.4.0-1 (low)
- [sarge] - php4 4:4.3.10-16 (low)
CVE-2005-1758 (Buffer overflow in the IMAP command continuation function in Novell ...)
NOT-FOR-US: Novell
CVE-2005-1757 (Buffer overflow in the Modweb agent for Novell NetMail 3.52 before ...)
@@ -23280,9 +23287,9 @@
CVE-2005-1751 (Race condition in shtool 2.0.1 and earlier allows local users to ...)
{DSA-789-1 DTSA-15-1}
- shtool 2.0.1-2 (bug #311206; low)
+ [sarge] - shtool <no-dsa> (Minor issue)
- mysql-ocaml 1.0.3-6 (bug #314464; unimportant)
- php4 4:4.3.10-16 (low)
- [sarge] - php4 4:4.3.10-16 (low)
CVE-2004-2136 (dm-crypt on Linux kernel 2.6.x, when used on certain file systems ...)
TODO: This looks like a minor issue, the paper is from Feb 2004, check whether this still applies
CVE-2004-2135 (cryptoloop on Linux kernel 2.6.x, when used on certain file systems ...)
More information about the Secure-testing-commits
mailing list