[Secure-testing-commits] r4848 - data/CVE

Stefan Fritsch stef-guest at costa.debian.org
Sat Oct 14 15:01:17 UTC 2006 

Author: stef-guest
Date: 2006-10-14 15:01:16 +0000 (Sat, 14 Oct 2006)
New Revision: 4848

Modified:
   data/CVE/list
Log:
bugnum, NFUs, unimportant ADOdb issue

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-10-14 14:32:24 UTC (rev 4847)
+++ data/CVE/list	2006-10-14 15:01:16 UTC (rev 4848)
@@ -125,15 +125,15 @@
 CVE-2006-5171
 	RESERVED
 CVE-2006-5170 (pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core 3 and ...)
-	- libpam-ldap <unfixed> (bug filed; medium)
+	- libpam-ldap <unfixed> (bug #392984; medium)
 CVE-2006-5169 (Cross-site scripting (XSS) vulnerability in John Himmelman (aka ...)
 	NOT-FOR-US: PowerPortal
 CVE-2006-5168 (Cross-site scripting (XSS) vulnerability in the search functionality ...)
 	NOT-FOR-US: Pebble
 CVE-2005-4813 (Unspecified vulnerability in Report Application Server ...)
-	TODO: check
+	NOT-FOR-US: Business Objects Crystal Reports
 CVE-2003-1306 (Microsoft URLScan 2.5, with the RemoveServerHeader option enabled, ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2006-XXXX [zabbix format string vulnerabilities]
 	- zabbix 1:1.1.2-4 (bug #391388)
 CVE-2006-XXXX [zabbix buffer overflows]
@@ -535,7 +535,14 @@
 CVE-2006-4977 (Multiple unrestricted file upload vulnerabilities in (1) ...)
 	NOT-FOR-US: PhpQuiz
 CVE-2006-4976 (The Date Library in John Lim ADOdb Library for PHP allows remote ...)
-	TODO: check
+	libphp-adodb <unfixed> (unimportant)
+	gallery2 <unfixed> (unimportant)
+	phppgadmin <unfixed> (unimportant)
+	egroupware <unfixed> (unimportant)
+	phpwiki <unfixed> (unimportant)
+	moodle <unfixed> (unimportant)
+	NOTE: full path is known in Debian anyway
+
 CVE-2006-4975 (Yahoo! Messenger for WAP permits saving messages that contain ...)
 	NOT-FOR-US: Yahoo! Messenger
 CVE-2006-4974 (Buffer overflow in Ipswitch WS_FTP Limited Edition (LE) 5.08 allows ...)
@@ -3515,7 +3522,9 @@
 CVE-2006-3676 (admin/gallery_admin.php in planetGallery before 14.07.2006 allows remote ...)
 	NOT-FOR-US: planetGallery
 CVE-2006-3675 (Password Safe 2.11, 2.16 and 3.0BETA1 does not respect the ...)
-	TODO: check
+	NOT-FOR-US: Password Safe
+	NOTE: mypasswordsafe and pwsafe might use code from Password Safe,
+	NOTE: but the problematic functionality is not present
 CVE-2006-3674 (nNetObject.cpp in Armagetron Advanced 2.8.2 and earlier allows remote ...)
 	- armagetron <unfixed> (bug #379062; low)
 	[sarge] - armagetron <no-dsa> (Minor game DoS)

More information about the Secure-testing-commits mailing list