[Secure-testing-commits] r4794 - in data: CVE DSA

Sun Oct 1 12:06:34 UTC 2006

Author: jmm-guest
Date: 2006-10-01 12:06:33 +0000 (Sun, 01 Oct 2006)
New Revision: 4794

Modified:
   data/CVE/list
   data/DSA/list
Log:
fix CVE ID for zope
new kernel dos
some NFUs
mark php issue as non-issue


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2006-10-01 11:21:31 UTC (rev 4793)
+++ data/CVE/list	2006-10-01 12:06:33 UTC (rev 4794)
@@ -40,6 +40,7 @@
 	TODO: check
 CVE-2006-5052 (Unspecified vulnerability in portable OpenSSH before 4.4, when running ...)
 	TODO: check
+	NOTE: This may be a dupe of CVE-2006-4925
 CVE-2006-5051 (Signal handler race condition in OpenSSH before 4.4 allows remote ...)
 	- openssh <unfixed> (unimportant)
 	- openssh-krb5 <unfixed> (high)
@@ -298,7 +299,7 @@
 CVE-2005-4812 (The SISCO OSI stack for Windows, as used by MMS-EASE 7.10 and earlier, ...)
 	TODO: check
 CVE-2005-4811 (The hugepage code (hugetlb.c) in Linux kernel 2.6, possibly 2.6.12 and ...)
-	TODO: check
+	- linux-2.6 2.6.14
 CVE-2006-4925 [openssh GSSAPI information leak)
 	RESERVED
 	- openssh <unfixed> (low)
@@ -353,18 +354,17 @@
 CVE-2006-4902
 	RESERVED
 CVE-2006-4901 (Computer Associates (CA) eTrust Security Command Center 1.0 and r8 up ...)
-	TODO: check
+	NOT-FOR-US: CA eTrust
 CVE-2006-4900 (Directory traversal vulnerability in Computer Associates (CA) eTrust ...)
-	TODO: check
+	NOT-FOR-US: CA eTrust
 CVE-2006-4899 (The ePPIServlet script in Computer Associates (CA) eTrust Security ...)
-	TODO: check
+	NOT-FOR-US: CA eTrust
 CVE-2006-4898 (PHP remote file inclusion vulnerability in include/phpxd/phpXD.php in ...)
 	NOT-FOR-US: guanxiCRM
 CVE-2006-4897 (CMtextS 1.0 and earlier stores users_logins/admin.txt under the web ...)
 	NOT-FOR-US: CMtextS
 CVE-2006-4896
 	REJECTED
-	NOTE: Duplicate of CVE-2006-4785
 CVE-2006-4895 (IDevSpot NexieAffiliate 1.9 and earlier allows remote attackers to ...)
 	NOT-FOR-US: IDevSpot NexieAffiliate
 CVE-2006-4894 (Cross-site scripting (XSS) vulnerability in forms/lostpassword.php in ...)
@@ -784,7 +784,7 @@
 CVE-2006-4695
 	RESERVED
 CVE-2006-4694 (Unspecified vulnerability in PowerPoint in Microsoft Office 2000, ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2006-4693
 	RESERVED
 CVE-2006-4692
@@ -804,7 +804,7 @@
 CVE-2006-4685
 	RESERVED
 CVE-2006-4684 (The docutils module in Zope (Zope2) 2.7.0 through 2.7.9 and 2.8.0 ...)
-	TODO: check
+	- zope2.7 <removed>
 CVE-2006-4683 (IBM Director before 5.10 allows remote attackers to obtain sensitive ...)
 	NOT-FOR-US: IBM Director
 CVE-2006-4682 (Multiple unspecified vulnerabilities in IBM Director before 5.10 allow ...)
@@ -846,7 +846,7 @@
 CVE-2006-4664 (PHP remote file inclusion vulnerability in ...)
 	NOT-FOR-US: Premod Shadow
 CVE-2006-4663 (** DISPUTED ** ...)
-	TODO: check
+	NOT-FOR-US: User problem
 CVE-2006-4662 (Heap-based buffer overflow in the MCRegEx__Search function in AOL ICQ ...)
 	NOT-FOR-US: AOL ICQ
 CVE-2006-4661 (AOL ICQ Toolbar 1.3 for Internet Explorer (toolbaru.dll) does not ...)
@@ -2332,8 +2332,9 @@
 CVE-2006-4021 (The cryptographic module in ScatterChat 1.0.x allows attackers to ...)
 	NOT-FOR-US: ScatterChat
 CVE-2006-4020 (scanf.c in PHP 5.1.4 and earlier, and 4.4.3 and earlier, allows ...)
-	- php5 5.1.6-1 (medium; bug #382256)
-	- php4 4:4.4.4-1 (medium; bug #382261)
+	- php5 5.1.6-1 (unimportant; bug #382256)
+	- php4 4:4.4.4-1 (unimportant; bug #382261)
+	NOTE: Only exploitable by malicious, local user
 CVE-2006-4019 (Dynamic variable evaluation vulnerability in compose.php in ...)
 	{DSA-1154}
 	- squirrelmail 2:1.4.8-1

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2006-10-01 11:21:31 UTC (rev 4793)
+++ data/DSA/list	2006-10-01 12:06:33 UTC (rev 4794)
@@ -26,7 +26,7 @@
 	{CVE-2006-4242}
 	[sarge] - usermin 1.110-3.1
 [13 Sep 2006] DSA-1176-1 zope2.7
-	{CVE-2006-4436}
+	{CVE-2006-4684}
 	[sarge] - zope2.7 2.7.5-2sarge2
 [13 Sep 2006] DSA-1175-1 isakmpd
 	{CVE-2006-4436}


