[Secure-testing-commits] r5031 - data/CVE
Stefan Fritsch
stef-guest at alioth.debian.org
Thu Nov 30 22:33:54 CET 2006
Author: stef-guest
Date: 2006-11-30 22:33:52 +0100 (Thu, 30 Nov 2006)
New Revision: 5031
Modified:
data/CVE/list
Log:
- CVEified: tdiary, tikiwiki, kronolith, proftpd
- proftpd fixed
- some NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-11-30 21:24:11 UTC (rev 5030)
+++ data/CVE/list 2006-11-30 21:33:52 UTC (rev 5031)
@@ -3,23 +3,24 @@
CVE-2006-6176 (Cross-site scripting (XSS) vulnerability in admin.php in Blogn before ...)
TODO: check
CVE-2006-6175 (Directory traversal vulnerability in lib/FBView.php in Horde Kronolith ...)
- TODO: check
+ - kronolith2 2.1.4-1 (bug #400899)
+ TODO: check kronolith 1.x
CVE-2006-6174 (Cross-site scripting (XSS) vulnerability in tDiary before 2.0.3 and ...)
- TODO: check
+ - tdiary 2.1.4-5 (bug #400447)
CVE-2006-6173 (Buffer overflow in the shared_region_make_private_np function in ...)
- TODO: check
+ NOT-FOR-US: Mac OS X
CVE-2006-6172 (Buffer overflow in the asmrp_eval function for Real Media input plugin ...)
TODO: check
CVE-2006-6171 (** DISPUTED ** ...)
- TODO: check
+ - proftpd-dfsg 1.3.0-13 (low; bug #399070)
CVE-2006-6170 (Buffer overflow in the tls_x509_name_oneline function in the mod_tls ...)
- TODO: check
+ - proftpd-dfsg 1.3.0-16 (medium; bug #400793)
CVE-2003-1310 (The DeviceIoControl function in the Norton Device Driver (NAVAP.sys) ...)
- TODO: check
+ NOT-FOR-US: Norton
CVE-2003-1309 (The DeviceIoControl function in the TrueVector Device Driver ...)
TODO: check
CVE-2006-6168 (tiki-register.php in TikiWiki before 1.9.7 allows remote attackers to ...)
- TODO: check
+ - tikiwiki 1.9.7+dfsg-1 (low)
CVE-2006-6167 (** DISPUTED ** ...)
TODO: check
CVE-2006-6166 (Cross-site scripting (XSS) vulnerability in jce.php in the JCE Admin ...)
@@ -27,9 +28,9 @@
CVE-2006-6165 (** DISPUTED ** ...)
TODO: check
CVE-2006-6164 (The _dl_unsetenv function in loader.c in the ELF ld.so in OpenBSD 3.9 ...)
- TODO: check
+ NOT-FOR-US: OpenBSD
CVE-2006-6163 (Cross-site scripting (XSS) vulnerability in tiki-setup_base.php in ...)
- TODO: check
+ - tikiwiki 1.9.7+dfsg-1 (low)
CVE-2006-6162 (Cross-site scripting (XSS) vulnerability in tiki-edit_structures.php ...)
TODO: check
CVE-2006-6161 (Multiple SQL injection vulnerabilities in Doug Luxem Liberum Help Desk ...)
@@ -96,24 +97,14 @@
TODO: check
CVE-2006-6130 (Apple Mac OS X AppleTalk allows local users to cause a denial of ...)
NOTE: NOT-FOR-US (Apple Mac OS X)
-CVE-2006-XXXX [kronolith arbitrary file inclusion]
- - kronolith2 2.1.4-1 (bug #400899)
- TODO: check kronolith 1.x
-CVE-2006-XXXX [proftpd buffer overflow in mod_tls]
- - proftpd-dfsg 1.3.0-16 (medium; bug #400793)
- - proftpd <removed> (medium)
CVE-2006-6169 (Buffer overflow in the ask_outfile_name function in openfile.c for ...)
- gnupg 1.4.5-3 (medium)
- gnupg2 <unfixed> (medium; bug #400777)
-CVE-2006-XXXX [tikiwiki script insertion vulnerability]
- - tikiwiki 1.9.7+dfsg-1 (low)
CVE-2006-XXXX [several security issues in phpmyadmin]
- phpmyadmin 4:2.9.1.1-1 (bug #399329)
NOTE: PMASA-2006-7, PMASA-2006-8, PMASA-2006-9
CVE-2006-XXXX [smb4k security issue]
- smb4k 0.7.5-1
-CVE-2006-XXXX [tdiary Cross Site Scripting]
- - tdiary 2.1.4-5 (bug #400447)
CVE-2006-XXXX [arbitrary code execution in metaInfo.php in torrentflux]
- torrentflux <unfixed> (bug #400582; medium)
CVE-2006-6129 (Integer overflow in the fatfile_getarch2 in Apple Mac OS X allows ...)
@@ -773,10 +764,6 @@
CVE-2006-5815 (Stack-based buffer overflow in the sreplace function in ProFTPD 1.3.0 ...)
{DSA-1218}
- proftpd-dfsg 1.3.0-15 (bug #399070; high)
- - proftpd <removed> (high)
- NOTE: Previous fix was for a different (low priority) issue, see
- NOTE: http://bugs.proftpd.org/show_bug.cgi?id=2858
- NOTE: http://www.gleg.net/proftpd.txt
CVE-2006-5814 (Unspecified vulnerability in Novell eDirectory allows remote attackers ...)
NOT-FOR-US: Novell eDirectory
CVE-2006-5813 (Unspecified vulnerability in Novell eDirectory 8.8 allows attackers to ...)
More information about the Secure-testing-commits
mailing list