[Secure-testing-commits] r5031 - data/CVE

[Stefan Fritsch]

Author: stef-guest
Date: 2006-11-30 22:33:52 +0100 (Thu, 30 Nov 2006)
New Revision: 5031

Modified:
   data/CVE/list
Log:
- CVEified: tdiary, tikiwiki, kronolith, proftpd
- proftpd fixed
- some NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-11-30 21:24:11 UTC (rev 5030)
+++ data/CVE/list	2006-11-30 21:33:52 UTC (rev 5031)
@@ -3,23 +3,24 @@
 CVE-2006-6176 (Cross-site scripting (XSS) vulnerability in admin.php in Blogn before ...)
 	TODO: check
 CVE-2006-6175 (Directory traversal vulnerability in lib/FBView.php in Horde Kronolith ...)
-	TODO: check
+	- kronolith2 2.1.4-1 (bug #400899)
+	TODO: check kronolith 1.x
 CVE-2006-6174 (Cross-site scripting (XSS) vulnerability in tDiary before 2.0.3 and ...)
-	TODO: check
+	- tdiary 2.1.4-5 (bug #400447)
 CVE-2006-6173 (Buffer overflow in the shared_region_make_private_np function in ...)
-	TODO: check
+	NOT-FOR-US: Mac OS X 
 CVE-2006-6172 (Buffer overflow in the asmrp_eval function for Real Media input plugin ...)
 	TODO: check
 CVE-2006-6171 (** DISPUTED ** ...)
-	TODO: check
+	- proftpd-dfsg 1.3.0-13 (low; bug #399070)
 CVE-2006-6170 (Buffer overflow in the tls_x509_name_oneline function in the mod_tls ...)
-	TODO: check
+	- proftpd-dfsg 1.3.0-16 (medium; bug #400793)
 CVE-2003-1310 (The DeviceIoControl function in the Norton Device Driver (NAVAP.sys) ...)
-	TODO: check
+	NOT-FOR-US: Norton
 CVE-2003-1309 (The DeviceIoControl function in the TrueVector Device Driver ...)
 	TODO: check
 CVE-2006-6168 (tiki-register.php in TikiWiki before 1.9.7 allows remote attackers to ...)
-	TODO: check
+	- tikiwiki 1.9.7+dfsg-1 (low)
 CVE-2006-6167 (** DISPUTED ** ...)
 	TODO: check
 CVE-2006-6166 (Cross-site scripting (XSS) vulnerability in jce.php in the JCE Admin ...)
@@ -27,9 +28,9 @@
 CVE-2006-6165 (** DISPUTED ** ...)
 	TODO: check
 CVE-2006-6164 (The _dl_unsetenv function in loader.c in the ELF ld.so in OpenBSD 3.9 ...)
-	TODO: check
+	NOT-FOR-US: OpenBSD
 CVE-2006-6163 (Cross-site scripting (XSS) vulnerability in tiki-setup_base.php in ...)
-	TODO: check
+	- tikiwiki 1.9.7+dfsg-1 (low)
 CVE-2006-6162 (Cross-site scripting (XSS) vulnerability in tiki-edit_structures.php ...)
 	TODO: check
 CVE-2006-6161 (Multiple SQL injection vulnerabilities in Doug Luxem Liberum Help Desk ...)
@@ -96,24 +97,14 @@
 	TODO: check
 CVE-2006-6130 (Apple Mac OS X AppleTalk allows local users to cause a denial of ...)
 	NOTE: NOT-FOR-US (Apple Mac OS X)
-CVE-2006-XXXX [kronolith arbitrary file inclusion]
-	- kronolith2 2.1.4-1 (bug #400899)
-	TODO: check kronolith 1.x
-CVE-2006-XXXX [proftpd buffer overflow in mod_tls]
-	- proftpd-dfsg 1.3.0-16 (medium; bug #400793)
-	- proftpd <removed> (medium)
 CVE-2006-6169 (Buffer overflow in the ask_outfile_name function in openfile.c for ...)
 	- gnupg 1.4.5-3 (medium)
 	- gnupg2 <unfixed> (medium; bug #400777)
-CVE-2006-XXXX [tikiwiki script insertion vulnerability]
-	- tikiwiki 1.9.7+dfsg-1 (low)
 CVE-2006-XXXX [several security issues in phpmyadmin]
 	- phpmyadmin 4:2.9.1.1-1 (bug #399329)
 	NOTE: PMASA-2006-7, PMASA-2006-8, PMASA-2006-9
 CVE-2006-XXXX [smb4k security issue]
 	- smb4k 0.7.5-1
-CVE-2006-XXXX [tdiary Cross Site Scripting]
-	- tdiary 2.1.4-5 (bug #400447)
 CVE-2006-XXXX [arbitrary code execution in metaInfo.php in torrentflux]
 	- torrentflux <unfixed> (bug #400582; medium)
 CVE-2006-6129 (Integer overflow in the fatfile_getarch2 in Apple Mac OS X allows ...)
@@ -773,10 +764,6 @@
 CVE-2006-5815 (Stack-based buffer overflow in the sreplace function in ProFTPD 1.3.0 ...)
 	{DSA-1218}
 	- proftpd-dfsg 1.3.0-15 (bug #399070; high) 
-	- proftpd <removed> (high)
-	NOTE: Previous fix was for a different (low priority) issue, see
-	NOTE: http://bugs.proftpd.org/show_bug.cgi?id=2858
-	NOTE: http://www.gleg.net/proftpd.txt
 CVE-2006-5814 (Unspecified vulnerability in Novell eDirectory allows remote attackers ...)
 	NOT-FOR-US: Novell eDirectory 
 CVE-2006-5813 (Unspecified vulnerability in Novell eDirectory 8.8 allows attackers to ...)