[Secure-testing-commits] r4846 - data/CVE
Stefan Fritsch
stef-guest at costa.debian.org
Sat Oct 14 13:28:26 UTC 2006
Author: stef-guest
Date: 2006-10-14 13:28:25 +0000 (Sat, 14 Oct 2006)
New Revision: 4846
Modified:
data/CVE/list
Log:
- CVE-2006-5201 new sun-java5 issue
- CVE-2006-5178 new php open_basedir issue
- CVE-2006-5174/CVE-2006-4997 new linux issue already fixed
- some NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-10-14 13:00:09 UTC (rev 4845)
+++ data/CVE/list 2006-10-14 13:28:25 UTC (rev 4846)
@@ -59,7 +59,8 @@
CVE-2006-5202 (Linksys WRT54g firmware 1.00.9 does not require credentials when ...)
NOT-FOR-US: Linksys
CVE-2006-5201 (Multiple packages on Sun Solaris, including (1) NSS; (2) Java JDK and ...)
- TODO: check
+ sun-java5 <unfixed>
+ TODO: file bug
CVE-2006-5200 (Unspecified vulnerability in Adobe Breeze 5 Licensed Server and Breeze ...)
NOT-FOR-US: Adobe
CVE-2006-5199 (Adobe Contribute Publishing Server leaks the administrator password in ...)
@@ -105,15 +106,18 @@
CVE-2006-5179 (Intoto iGateway VPN and iGateway SSL-VPN allow context-dependent ...)
NOT-FOR-US: Intoto iGateway
CVE-2006-5178 (Race condition in the symlink function in PHP 5.1.6 and earlier allows ...)
- TODO: check
+ - php5 <unfixed> (low)
+ - php4 <unfixed> (low)
+ [sarge] - php4 <no-dsa> (openbasedir not supported)
CVE-2006-5177 (The NTLM authentication in MailEnable Professional 2.0 and Enterprise ...)
- TODO: check
+ NOT-FOR-US: MailEnable Professional
CVE-2006-5176 (Buffer overflow in NTLM authentication in MailEnable Professional 2.0 ...)
- TODO: check
+ NOT-FOR-US: MailEnable Professional
CVE-2006-5175 (Cross-site request forgery (CSRF) vulnerability in the administrative ...)
- TODO: check
+ NOT-FOR-US: TeraStation HD-HTGL
CVE-2006-5174 (The copy_from_user function in the uaccess code in Linux kernel 2.6 ...)
- TODO: check
+ - linux-2.6 <unfixed> (low)
+ NOTE: s390 only
CVE-2006-5173
RESERVED
CVE-2006-5172
@@ -123,9 +127,9 @@
CVE-2006-5170 (pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core 3 and ...)
TODO: check
CVE-2006-5169 (Cross-site scripting (XSS) vulnerability in John Himmelman (aka ...)
- TODO: check
+ NOT-FOR-US: PowerPortal
CVE-2006-5168 (Cross-site scripting (XSS) vulnerability in the search functionality ...)
- TODO: check
+ NOT-FOR-US: Pebble
CVE-2005-4813 (Unspecified vulnerability in Report Application Server ...)
TODO: check
CVE-2003-1306 (Microsoft URLScan 2.5, with the RemoveServerHeader option enabled, ...)
@@ -186,9 +190,9 @@
CVE-2006-XXXX [unspecified libgsf security issue (IDEF1622)]
- libgsf 1.14.2-1
CVE-2006-5143 (Stack-based buffer overflow in the Backup Agent RPC Server ...)
- TODO: check
+ NOT-FOR-US: Backup Agent RPC Server
CVE-2006-5142 (Stack-based buffer overflow in CA BrightStor ARCserver Backup R11.5 ...)
- TODO: check
+ NOT-FOR-US: CA BrightStor ARCserver Backup
CVE-2006-5141 (PHP remote file inclusion vulnerability in script.php in Kevin A. ...)
NOT-FOR-US: Open Geo Targeting (aka geotarget)
CVE-2006-5140 (SQL injection vulnerability in display.php in Lappy512 PHP Krazy Image ...)
@@ -284,7 +288,7 @@
CVE-2006-5095 (** DISPUTED ** ...)
NOT-FOR-US: MyPhotos
CVE-2006-5094 (PHP remote file inclusion vulnerability in includes/functions_kb.php ...)
- TODO: check
+ NOT-FOR-US: phpBB XS
CVE-2006-5093 (PHP remote file inclusion vulnerability in index.php in Tagmin Control ...)
NOT-FOR-US: TagIt! Tagboard
CVE-2006-5092 (PHP remote file inclusion vulnerability in navigation/menu.php in ...)
@@ -487,7 +491,7 @@
CVE-2006-4998
RESERVED
CVE-2006-4997 (The clip_mkip function in net/atm/clip.c of the ATM subsystem in Linux ...)
- TODO: check
+ - linux-2.6 2.6.18-1
CVE-2006-4996 (Unspecified vulnerability in JoomlaLib (com_joomlalib) before 1.2.2 ...)
NOT-FOR-US: JoomlaLib (com_joomlalib) for Joomla!
CVE-2006-4995 (PHP remote file inclusion vulnerability in BSQ Sitestats ...)
@@ -629,7 +633,7 @@
CVE-2006-4928
RESERVED
CVE-2006-4927 (The (a) NAVENG (NAVENG.SYS) and (b) NAVEX15 (NAVEX15.SYS) device ...)
- TODO: check
+ NOT-FOR-US: Symantec AntiVirus
CVE-2006-4926
RESERVED
CVE-2005-4812 (The SISCO OSI stack for Windows, as used by MMS-EASE 7.10 and earlier, ...)
@@ -1115,15 +1119,15 @@
CVE-2006-4697
RESERVED
CVE-2006-4696 (Unspecified vulnerability in the Server service in Microsoft Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-4695
RESERVED
CVE-2006-4694 (Unspecified vulnerability in PowerPoint in Microsoft Office 2000, ...)
NOT-FOR-US: Microsoft
CVE-2006-4693 (Unspecified vulnerability in Microsoft Word 2004 for Mac and v.X for ...)
- TODO: check
+ NOT-FOR-US: Microsoft Word
CVE-2006-4692 (The Windows Object Packager in Microsoft Windows XP SP1 and SP2 and ...)
- TODO: check
+ NOT-FOR-US: Microsoft Word
CVE-2006-4691
RESERVED
CVE-2006-4690
@@ -1135,9 +1139,9 @@
CVE-2006-4687
RESERVED
CVE-2006-4686 (Buffer overflow in the Extensible Stylesheet Language Transformations ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-4685 (The XMLHTTP ActiveX control in Microsoft XML Parser 2.6 and XML Core ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-4684 (The docutils module in Zope (Zope2) 2.7.0 through 2.7.9 and 2.8.0 ...)
{DSA-1176-1}
- zope2.7 <removed>
@@ -2771,7 +2775,7 @@
CVE-2006-3979 (The AdminAPI of ColdFusion MX 7 allows attackers to bypass ...)
NOT-FOR-US: ColdFusion MX
CVE-2006-3978 (Unspecified vulnerability in a Verity third party library, as used on ...)
- TODO: check
+ NOT-FOR-US: Adobe ColdFusion MX
CVE-2006-3977 (Unspecified vulnerability in CA eTrust Antivirus WebScan before ...)
NOT-FOR-US: CA eTrust Antivirus WebScan
CVE-2006-3976 (Unspecified vulnerability in CA eTrust Antivirus WebScan before ...)
@@ -2961,9 +2965,9 @@
CVE-2006-3889
RESERVED
CVE-2006-3888 (Buffer overflow in AOL You've Got Pictures (YGP) Pic Downloader ...)
- TODO: check
+ NOT-FOR-US: AOL
CVE-2006-3887 (Buffer overflow in AOL You've Got Pictures (YGP) Screensaver ActiveX ...)
- TODO: check
+ NOT-FOR-US: AOL
CVE-2006-3886 (SQL injection vulnerability in Shalwan MusicBox 2.3.4 and earlier ...)
NOT-FOR-US: Shalwan MusicBox
CVE-2006-3885 (Directory traversal vulnerability in Check Point Firewall-1 R55W ...)
@@ -2983,11 +2987,11 @@
CVE-2006-3878 (Opsware Network Automation System (NAS) 6.0 installs /etc/init.d/mysql ...)
NOT-FOR-US: Opsware Network Automation System
CVE-2006-3877 (Unspecified vulnerability in PowerPoint in Microsoft Office 2000, ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-3876 (Unspecified vulnerability in PowerPoint in Microsoft Office 2000, ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-3875 (Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-3874
RESERVED
CVE-2006-3873 (Heap-based buffer overflow in URLMON.DLL in Microsoft Internet ...)
@@ -3001,15 +3005,15 @@
CVE-2006-3869 (Heap-based buffer overflow in URLMON.DLL in Microsoft Internet ...)
NOT-FOR-US: Microsoft
CVE-2006-3868 (Unspecified vulnerability in Microsoft Office XP and 2003 allows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-3867 (Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-3866
REJECTED
CVE-2006-3865
RESERVED
CVE-2006-3864 (Unspecified vulnerability in Microsoft Office 2000, XP, 2003, 2004 for ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-3863
RESERVED
CVE-2006-3862 (Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.TC5 through ...)
@@ -3352,9 +3356,10 @@
- imagemagick 7:6.2.4.5.dfsg1-0.10 (bug #385062)
- graphicsmagick 1.1.7-8
CVE-2006-3742 (The KDE PAM configuration shipped with Fedora Core 5 causes KDM ...)
- TODO: check
+ - kdebase <not-affected>
+ NOTE: only in Fedora
CVE-2006-3741 (The perfmonctl system call (sys_perfmonctl) in Linux kernel 2.4.x and ...)
- TODO: check
+ - linux-2.6 2.6.18-1
CVE-2006-3740 (Integer overflow in the scan_cidfont function in X.Org 6.8.2 and ...)
{DSA-1193-1}
- libxfont 1:1.2.2-1
@@ -3562,15 +3567,15 @@
CVE-2006-3652 (Microsoft Internet Security and Acceleration (ISA) Server 2004 allows ...)
NOT-FOR-US: Microsoft Internet Security and Acceleration Server
CVE-2006-3651 (Unspecified vulnerability in Microsoft Word 2000, 2002, and Office ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-3650 (Unspecified vulnerability in Microsoft Office 2000, XP, 2003, 2004 for ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-3649 (Buffer overflow in Microsoft Visual Basic for Applications (VBA) SDK ...)
NOT-FOR-US: Microsoft
CVE-2006-3648 (Unspecified vulnerability in Microsoft Windows 2000 SP4, XP SP1 and ...)
NOT-FOR-US: Microsoft
CVE-2006-3647 (Unspecified vulnerability in Microsoft Word 2000, 2002, Office 2003, ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-3646
RESERVED
CVE-2006-3645
@@ -4027,11 +4032,11 @@
CVE-2006-3437
RESERVED
CVE-2006-3436 (Cross-site scripting (XSS) vulnerability in Microsoft .NET Framework ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-3435 (Unspecified vulnerability in PowerPoint in Microsoft Office 2003 ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-3434 (Unspecified vulnerability in Microsoft Office 2000, XP, 2003, 2004 for ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-3433
RESERVED
CVE-2006-3432
More information about the Secure-testing-commits
mailing list