[Secure-testing-commits] r4820 - data/CVE

Thu Oct 5 21:23:21 UTC 2006

Author: stef-guest
Date: 2006-10-05 21:23:20 +0000 (Thu, 05 Oct 2006)
New Revision: 4820

Modified:
   data/CVE/list
Log:
- CVE-2006-5159/60: firefox non-issues
- update/close some old issues
- CVE-2006-2191: mailman non-issue
- bugnums


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2006-10-05 21:14:30 UTC (rev 4819)
+++ data/CVE/list	2006-10-05 21:23:20 UTC (rev 4820)
@@ -13,9 +13,10 @@
 CVE-2006-5161 (IBM Client Security Password Manager stores and distributes saved ...)
 	NOT-FOR-US: IBM
 CVE-2006-5160 (** DISPUTED ** ...)
-	TODO: check
+	- firefox <not-affected> (no real issues)
 CVE-2006-5159 (** DISPUTED ** ...)
-	TODO: check
+	TODO: check again later
+	NOTE: might or might not be a real firefox issue, probably low impact
 CVE-2006-5158 (Unspecified vulnerability in NFS lockd in the kernel in SUSE Linux 9.2 ...)
 	TODO: check
 CVE-2006-5157 (Format string vulnerability in the ActiveX control (ATXCONSOLE.OCX) in ...)
@@ -137,9 +138,9 @@
 CVE-2006-5100 (PHP remote file inclusion vulnerability in parse/parser.php in ...)
 	NOT-FOR-US: WEB//NEWS (aka webnews)
 CVE-2006-5099 (lib/exec/fetch.php in DokuWiki before 2006-03-09e, when ...)
-	- dokuwiki <unfixed> (bug filed; medium)
+	- dokuwiki <unfixed> (bug #391291; medium)
 CVE-2006-5098 (lib/exec/fetch.php in DokuWiki before 2006-03-09e allows remote ...)
-	- dokuwiki <unfixed> (bug filed; medium)
+	- dokuwiki <unfixed> (bug #391291; medium)
 CVE-2006-5097 (PHP remote file inclusion vulnerability in index.php in net2ftp allows ...)
 	NOT-FOR-US: net2ftp
 CVE-2006-5096 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
@@ -1350,7 +1351,7 @@
 CVE-2006-4543 (Cross-site scripting (XSS) vulnerability in index.php in HLStats 1.34 ...)
 	NOT-FOR-US: HLStats
 CVE-2006-4542 (Webmin before 1.296 and Usermin before 1.226 do not properly handle a ...)
-	- webmin <removed> (bug filed)
+	- webmin <removed> (bug #391284)
 	- usermin <removed>
 CVE-2006-4541 (RapDrv.sys in BlackICE PC Protection 3.6.cpn, cpj, cpiE, and possibly ...)
 	NOT-FOR-US: BlackICE PC Protection
@@ -1904,7 +1905,7 @@
 	{DSA-1190-1}
 	- maxdb-7.5.00 <unfixed> (high; bug #386182)
 CVE-2006-4304 (Buffer overflow in the sppp driver in FreeBSD 4.11 through 6.1, NetBSD ...)
-	- kfreebsd-5 <unfixed> (bug filed)
+	- kfreebsd-5 <unfixed> (bug #391289)
 CVE-2006-4303 (Race condition in (1) libnsl and (2) TLI/XTI API routines in Sun ...)
 	NOT-FOR-US: Solaris
 CVE-2006-4302 (The Java Plug-in J2SE 1.3.0_02 through 5.0 Update 5, and Java Web ...)
@@ -2193,7 +2194,7 @@
 CVE-2006-4179
 	RESERVED
 CVE-2006-4178 (Integer signedness error in the i386_set_ldt call in FreeBSD 5.5, and ...)
-	- kfreebsd-5 <unfixed> (bug filed)
+	- kfreebsd-5 <unfixed> (bug #391289)
 CVE-2006-4177
 	RESERVED
 CVE-2006-4176
@@ -2205,7 +2206,7 @@
 CVE-2006-4173
 	RESERVED
 CVE-2006-4172 (Integer overflow vulnerability in the i386_set_ldt call in FreeBSD ...)
-	- kfreebsd-5 <unfixed> (bug filed)
+	- kfreebsd-5 <unfixed> (bug #391289)
 CVE-2006-4171
 	RESERVED
 CVE-2006-4170
@@ -6728,7 +6729,8 @@
 	{DSA-1091-1}
 	- tiff 3.8.2-4 (bug #371064; medium)
 CVE-2006-2191 (** DISPUTED ** ...)
-	TODO: check
+	- mailman <unfixed> (unimportant)
+	NOTE: not exploitable
 CVE-2006-2190 (Cross-site scripting (XSS) vulnerability in ow-shared.pl in ...)
 	NOT-FOR-US: OpenWebMail
 CVE-2006-2189 (SQL injection vulnerability in search.php in Servous sBLOG 0.7.2 ...)
@@ -18164,9 +18166,9 @@
 CVE-2004-2314 (The Telnet listener for Novell iChain Server before 2.2 Field Patch 3b ...)
 	NOT-FOR-US: Novell iChain Server
 CVE-2004-2313 (Inter7 SqWebMail 3.4.1 through 3.6.1 generates different error ...)
-	TODO: check
+	- courier <unfixed>
 	NOTE: Did not find reference to fix in upstream changelog or any other hint that it is fixed
-	NOTE: pinged Maintainer
+	NOTE: pinged Maintainer, no response
 CVE-2004-2312 (Buffer overflow in GNU make for IBM AIX 4.3.3, when installed setgid, ...)
 	NOT-FOR-US: AIX only
 CVE-2004-2311 (Directory traversal vulnerability in webadmin.nsf in Lotus Domino R6 ...)
@@ -29916,7 +29918,7 @@
 CVE-2004-0593 (Sygate Enforcer 3.5MR1 and earlier passes broadcast traffic before ...)
 	NOT-FOR-US: Sygate Enforcer
 CVE-2004-0592 (The tcp_find_option function of the netfilter subsystem for IPv6 in ...)
-	TODO: check
+	NOT-FOR-US: linux 2.4 with usagi patches
 CVE-2004-0591 (Cross-site scripting (XSS) vulnerability in the print_header_uc ...)
 	{DSA-533}
 	- courier 0.45.4-4
@@ -31242,7 +31244,8 @@
 CVE-2003-0987 (mod_digest for Apache before 1.3.31 does not properly verify the nonce ...)
 	- apache 1.3.29.0.2-5
 CVE-2003-0986 (Various routines for the ppc64 architecture on Linux kernel 2.6 prior ...)
-	TODO: check
+	- kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.24)
+	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.2)
 CVE-2003-0984 (Real time clock (RTC) routines in Linux kernel 2.4.23 and earlier do ...)
 	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
 	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.2)
@@ -31302,13 +31305,13 @@
 CVE-2003-0960 (OpenCA before 0.9.1.4 does not use the correct certificate in a chain ...)
 	NOT-FOR-US: OpenCA
 CVE-2003-0959 (Multiple integer overflows in the 32bit emulation for AMD64 ...)
-	TODO: check
+	- kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.21)
 CVE-2003-0958
 	RESERVED
 CVE-2003-0957
 	RESERVED
 CVE-2003-0956 (Multiple race conditions in the handling of O_DIRECT in Linux kernel ...)
-	TODO: check
+	- kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.22)
 CVE-2003-0955 (OpenBSD kernel 3.3 and 3.4 allows local users to cause a denial of ...)
 	NOT-FOR-US: OpenBSD
 CVE-2003-0954 (Buffer overflow in rcp for AIX 4.3.3, 5.1 and 5.2 allows local users ...)
@@ -32915,7 +32918,7 @@
 CVE-2003-0250
 	RESERVED
 CVE-2003-0249 (** DISPUTED ** ...)
-	TODO: check
+	NOTE: unimportant (php)
 CVE-2003-0248 (The mxcsr code in Linux kernel 2.4 allows attackers to modify CPU ...)
 	{DSA-442 DSA-336 DSA-332 DSA-312 DSA-311}
 	- kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.22-pre10)


