[Secure-testing-commits] r4999 - data/CVE

Stefan Fritsch stef-guest at alioth.debian.org
Wed Nov 22 23:10:37 CET 2006 

Author: stef-guest
Date: 2006-11-22 23:10:36 +0100 (Wed, 22 Nov 2006)
New Revision: 4999

Modified:
   data/CVE/list
Log:
- CVE-2006-6008: linux-ftpd issue already fixed
- dovecot CVEified
- some NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-11-22 22:04:06 UTC (rev 4998)
+++ data/CVE/list	2006-11-22 22:10:36 UTC (rev 4999)
@@ -69,13 +69,13 @@
 CVE-2006-6028 (Directory traversal vulnerability in textview.php in Anton Vlasov ...)
 	TODO: check
 CVE-2006-6027 (Adobe Reader (Adobe Acrobat Reader) 7.0 through 7.0.8 allows remote ...)
-	TODO: check
+	NOT-FOR-US: Adobe Reader
 CVE-2006-6026 (Heap-based buffer overflow in Helix DNA Server 11.0 and 11.1 has ...)
 	TODO: check
 CVE-2006-6025 (QUALCOMM Eudora WorldMail 4.0 allows remote attackers to cause a ...)
-	TODO: check
+	NOT-FOR-US: QUALCOMM Eudora WorldMail
 CVE-2006-6024 (Multiple buffer overflows in Eudora Worldmail, possibly Worldmail 3 ...)
-	TODO: check
+	NOT-FOR-US: Eudora Worldmail
 CVE-2006-6023 (** DISPUTED ** ...)
 	TODO: check
 CVE-2006-6022 (Cross-site scripting (XSS) vulnerability in login_form.asp in ...)
@@ -101,13 +101,13 @@
 CVE-2006-6012 (Cross-site scripting (XSS) vulnerability in csm/asp/listings.asp in ...)
 	TODO: check
 CVE-2006-6011 (Unspecified vulnerability in SAP Web Application Server before 6.40 ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2006-6010 (SAP allows remote attackers to obtain potentially sensitive ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2006-6009 (Unspecified vulnerability in the Java Runtime Environment (JRE) Swing ...)
 	TODO: check
 CVE-2006-6008 (ftpd in Linux Netkit (linux-ftpd) 0.17, and possibly other versions, ...)
-	TODO: check
+	- linux-ftpd 0.17-22
 CVE-2006-6007 (save_profile.asp in WebEvents (Online Event Registration Template) 2.0 ...)
 	TODO: check
 CVE-2006-6006
@@ -147,7 +147,7 @@
 CVE-2006-5989 (Off-by-one error in the der_get_oid function in mod_auth_kerb 5.0 ...)
 	- libapache-mod-auth-kerb 5.3-1 (low)
 CVE-2006-5988 (Unspecified vulnerability in Windows 2000 Advanced Server SP4 running ...)
-	TODO: check
+	NOT-FOR-US: Windows
 CVE-2006-5987 (SQL injection vulnerability in default.asp in ASPintranet 2.1 allows ...)
 	TODO: check
 CVE-2006-5986 (admin/options.php in Extreme CMS 0.9, and possibly earlier, does not ...)
@@ -177,12 +177,10 @@
 CVE-2006-5974
 	RESERVED
 CVE-2006-5973 (Off-by-one buffer overflow in Dovecot 1.0test53 through 1.0.rc14, and ...)
-	TODO: check
-CVE-2005-4815 (SAP 6.4 before 6.40 patch 4, 6.2 before 6.20 patch 1364, 4.6 before ...)
-	TODO: check
-CVE-2006-XXXX [dovecot off-by-one]
 	- dovecot 1.0.rc15-1
 	[sarge] - dovecot <not-affected> (Vulnerable code not present)
+CVE-2005-4815 (SAP 6.4 before 6.40 patch 4, 6.2 before 6.20 patch 1364, 4.6 before ...)
+	NOT-FOR-US: SAP
 CVE-2006-XXXX [TorrentFlux Arbitrary Command Execution and Directory Traversal]
 	- torrentflux <unfixed> (medium; bug #399169)
 CVE-2006-XXXX [Firefox Sage Extension Feed Script Insertion Vulnerability]

More information about the Secure-testing-commits mailing list