[Secure-testing-commits] r4841 - data/CVE

Moritz Muehlenhoff jmm-guest at costa.debian.org
Wed Oct 11 17:44:27 UTC 2006 

Author: jmm-guest
Date: 2006-10-11 17:44:26 +0000 (Wed, 11 Oct 2006)
New Revision: 4841

Modified:
   data/CVE/list
Log:
new kernel issue (already fixed)
phpmyadmin fixed
moodle CVEfied
steam issue is not a security problem (talked to maintainer
   and upstream)
thunderbird/xulrunner issue windows-specific
remove old, unreproducible php bug, basedir unsupported anyway


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-10-11 09:14:25 UTC (rev 4840)
+++ data/CVE/list	2006-10-11 17:44:26 UTC (rev 4841)
@@ -150,7 +150,7 @@
 	TODO: check again later
 	NOTE: might or might not be a real firefox issue, probably low impact
 CVE-2006-5158 (The nlmclnt_mark_reclaim in clntlock.c in NFS lockd in Linux kernel ...)
-	TODO: check
+	- linux-2.6 2.6.15
 CVE-2006-5157 (Format string vulnerability in the ActiveX control (ATXCONSOLE.OCX) in ...)
 	NOT-FOR-US: TrendMicro OfficeScan
 CVE-2006-5156 (Buffer overflow in McAfee ePolicy Orchestrator before 3.5.0.720 and ...)
@@ -234,9 +234,9 @@
 CVE-2006-5118 (PHP remote file inclusion vulnerability in index.php3 in the PDD ...)
 	NOT-FOR-US: PHPSelect Web Development Division 
 CVE-2006-5117 (phpMyAdmin before 2.9.1-rc1 has a libraries directory under the web ...)
-	- phpmyadmin <unfixed> (bug #391090; low)
+	- phpmyadmin 4:2.9.0.2-0.1 (bug #391090; low)
 CVE-2006-5116 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
-	- phpmyadmin <unfixed> (bug #391090; low)
+	- phpmyadmin 4:2.9.0.2-0.1 (bug #391090; low)
 CVE-2006-5115 (Directory traversal vulnerability in kgcall.php in KGB 1.87 allows ...)
 	NOT-FOR-US: KGB
 CVE-2006-5114 (Multiple cross-site scripting (XSS) vulnerabilities in wgate in SAP ...)
@@ -324,10 +324,8 @@
 CVE-2006-5073 (Unspecified vulnerability in Sun Solaris 8, 9 and 10 allows remote ...)
 	NOT-FOR-US: Solaris
 CVE-2006-XXXX [graphicsmagic buffer overflows]
-	- graphicsmagick 1.1.7-9
-	TODO: check for security relevance and CVE-ids. Maybe imagemagick is affected, too
-CVE-2006-XXXX [moodle SQL injection]
-	- moodle 1.6.2+20060930-1 (bug #390294)
+	- graphicsmagick 1.1.7-9 (medium)
+	TODO: check for CVE-ids. imagemagick is affected, too
 CVE-2006-5072 (The System.CodeDom.Compiler classes in Novell Mono create temporary ...)
 	- mono 1.1.17.1-5
 CVE-2006-5071 (Multiple cross-site scripting (XSS) vulnerabilities in eyeOS before ...)
@@ -2784,8 +2782,6 @@
 	NOT-FOR-US: Ajax Chat
 CVE-2006-3971 (Cross-site scripting (XSS) vulnerability in ...)
 	NOT-FOR-US: Ajax Chat
-CVE-2006-XXXX [unspecified security issues in steam]
-	- steam 2.2.16-1
 CVE-2006-XXXX [Buffer overflow in XML::Parser::Expat triggered by utf8]
 	- libxml-parser-perl 2.34-4.2 (bug #378411; medium)
 CVE-2006-XXXX [Buffer overflow in XML::Parser::Expat triggered by deep nesting]
@@ -7441,9 +7437,9 @@
 	{DSA-1134-1 DSA-1120 DSA-1118}
 	NOTE: MFSA-2006-39
 	- firefox 1.5.dfsg+1.5.0.4-1 (low)
-	- thunderbird <unfixed> (low)
+	- thunderbird <not-affected> (Windows-specific)
 	- mozilla 2:1.7.13-0.3 (low)
-	- xulrunner <unfixed> (low)
+	- xulrunner <not-affected> (Windows-specific)
 CVE-2006-1941 (Neon Responder 5.4 for LANsurveyor allows remote attackers to cause a ...)
 	NOT-FOR-US: Neon Responder
 CVE-2006-1940 (Unspecified vulnerability in Ethereal 0.10.4 up to 0.10.14 allows ...)
@@ -9934,7 +9930,7 @@
 CVE-2006-0951 (The GUI (nod32.exe) in NOD32 2.5 runs with SYSTEM privileges when the ...)
 	NOT-FOR-US: NOD32
 CVE-2006-0950 (unalz 0.53 allows user-assisted attackers to overwrite arbitrary ...)
-	- unalz 0.55-1 (bug #356832; medium)
+	- unalz 0.55-1 (bug #356832; low)
 CVE-2006-0949 (RaidenHTTPD 1.1.47 allows remote attackers to obtain source code of ...)
 	NOT-FOR-US: RaidenHTTPD
 CVE-2006-0948 (AOL 9.0 Security Edition revision 4184.2340, and probably other ...)
@@ -16720,10 +16716,6 @@
 	[sarge] - distcc <no-dsa> (Only affects distcc in a very non-standard way not recommended for unstrusted environments)
 CVE-2004-XXXX [phpwiki shares a cookie for all wikis on a host]
 	- phpwiki 1.3.12p2-1 (bug #282565; medium)
-CVE-2005-XXXX [Possibly incorrect virtualisation in php4]
-	- php4 <unfixed> (bug #317577; bug #330419; low)
-	[sarge] - php4 <no-dsa> (Basedir violations not supported)
-	NOTE: Unreproducible
 CVE-1999-XXXX [Insecure access control on GNU Mach's IO ports]
 	- gnumach 1:20050801-3 (bug #46709)
 	NOTE: Nearly six years old :-)

More information about the Secure-testing-commits mailing list