[Secure-testing-commits] r4795 - data/CVE
Stefan Fritsch
stef-guest at costa.debian.org
Sun Oct 1 15:03:45 UTC 2006
Author: stef-guest
Date: 2006-10-01 15:03:44 +0000 (Sun, 01 Oct 2006)
New Revision: 4795
Modified:
data/CVE/list
Log:
- new graphicsmagick issue fixed
- new moodle issue fixed
- new elog issue fixed
- openssh fixed
- phpbb2 fixed
- dokuwiki fixed
- mpg123 fixed
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-10-01 12:06:33 UTC (rev 4794)
+++ data/CVE/list 2006-10-01 15:03:44 UTC (rev 4795)
@@ -1,3 +1,10 @@
+CVE-2006-XXXX [elog XSS]
+ - elog 2.6.2+r1719-1 (bug #389361)
+CVE-2006-XXXX [graphicsmagic buffer overflows]
+ - graphicsmagick 1.1.7-9
+ TODO: check for security relevance and CVE-ids. Maybe imagemagick is affected, too
+CVE-2006-XXXX [moodle SQL injection]
+ - moodle 1.6.2+20060930-1 (bug #390294)
CVE-2006-5072
RESERVED
CVE-2006-5071 (Multiple cross-site scripting (XSS) vulnerabilities in eyeOS before ...)
@@ -42,7 +49,7 @@
TODO: check
NOTE: This may be a dupe of CVE-2006-4925
CVE-2006-5051 (Signal handler race condition in OpenSSH before 4.4 allows remote ...)
- - openssh <unfixed> (unimportant)
+ - openssh 1:4.3p2-4 (unimportant)
- openssh-krb5 <unfixed> (high)
NOTE: From my analysis only openssh with Kerberos support should be vulnerable
NOTE: However, we'll fix openssh as well just to make sure
@@ -307,7 +314,7 @@
[sarge] - openssh <not-affected>
[sarge] - openssh-krb5 <not-affected>
CVE-2006-4924 (sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, ...)
- - openssh <unfixed> (low; bug #389995)
+ - openssh 1:4.3p2-4 (low; bug #389995)
- openssh-krb5 <unfixed> (low)
CVE-2006-4923 (Cross-site scripting (XSS) vulnerability in search.php in eSyndiCat ...)
NOT-FOR-US: eSyndiCat Portal System
@@ -649,7 +656,7 @@
CVE-2006-4759 (PunBB 1.2.12 does not properly handle an avatar directory pathname ...)
NOT-FOR-US: PunBB
CVE-2006-4758 (phpBB 2.0.21 does not properly handle pathnames ending in %00, which ...)
- - phpbb2 <unfixed> (bug #388120; unimportant)
+ - phpbb2 2.0.21-4 (bug #388120; unimportant)
NOTE: Only exploitable by admins, which you'd need to trust
CVE-2006-4757 (Multiple SQL injection vulnerabilities in the admin section in e107 ...)
NOT-FOR-US: e107
@@ -814,7 +821,7 @@
CVE-2006-4680 (The Remote UI in Canon imageRUNNER includes usernames and passwords ...)
NOT-FOR-US: Canon imageRUNNER
CVE-2006-4679 (DokuWiki before 2006-03-09c enables the debug feature by default, ...)
- - dokuwiki <unfixed> (low; bug #388082)
+ - dokuwiki 0.0.20060309-5.1 (low; bug #388082)
CVE-2006-4678 (PHP remote file inclusion vulnerability in News Evolution 3.0.3 allows ...)
NOT-FOR-US: News Evolution
CVE-2006-4677 (** DISPUTED ** ...)
@@ -822,9 +829,9 @@
CVE-2006-4676 (TIBCO RendezVous 7.4.11 and earlier logs base64-encoded usernames and ...)
NOT-FOR-US: TIBCO RendezVous
CVE-2006-4675 (Unrestricted file upload vulnerability in lib/exe/media.php in ...)
- - dokuwiki <unfixed> (medium; bug #388082)
+ - dokuwiki 0.0.20060309-5.1 (medium; bug #388082)
CVE-2006-4674 (Direct static code injection vulnerability in doku.php in DokuWiki ...)
- - dokuwiki <unfixed> (medium; bug #388082)
+ - dokuwiki 0.0.20060309-5.1 (medium; bug #388082)
CVE-2006-4673 (Global variable overwrite vulnerability in maincore.php in PHP-Fusion ...)
NOT-FOR-US: PHP-Fusion
CVE-2006-4672 (PHP remote file inclusion vulnerability in profitCode ppalCart 2.5 EE, ...)
@@ -3844,7 +3851,7 @@
CVE-2006-3356 (The TIFFFetchAnyArray function in ImageIO in Apple OS X 10.4.7 and ...)
NOT-FOR-US: Apple
CVE-2006-3355 (Heap-based buffer overflow in httpdget.c in mpg123 before 0.59s-rll ...)
- - mpg123 <unfixed> (bug #377264; medium)
+ - mpg123 0.60-1 (bug #377264; medium)
[sarge] - mpg123 <no-dsa> (Non-free not supported)
CVE-2006-3354 (Microsoft Internet Explorer 6 allows remote attackers to cause a ...)
NOT-FOR-US: Microsoft Internet Explorer
More information about the Secure-testing-commits
mailing list