[Secure-testing-commits] r4851 - data/CVE
Stefan Fritsch
stef-guest at costa.debian.org
Sat Oct 14 18:15:35 UTC 2006
Author: stef-guest
Date: 2006-10-14 18:15:34 +0000 (Sat, 14 Oct 2006)
New Revision: 4851
Modified:
data/CVE/list
Log:
- graphicsmagick issue affects imagemagick as well
- zope2.8 issue CVEified
- sun-java5 bugnum
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-10-14 16:40:04 UTC (rev 4850)
+++ data/CVE/list 2006-10-14 18:15:34 UTC (rev 4851)
@@ -1,5 +1,6 @@
CVE-2006-5229 (OpenSSH portable 4.1 on SUSE Linux, and possibly other platforms and ...)
TODO: check
+ NOTE: Not reproducible with standard etch setup
CVE-2006-5228 (Multiple SQL injection vulnerabilities in the Google Gadget login.php ...)
NOT-FOR-US: ackerTodo
CVE-2006-5227 (Cross-site scripting (XSS) vulnerability in admin.php in TorrentFlux ...)
@@ -59,8 +60,8 @@
CVE-2006-5202 (Linksys WRT54g firmware 1.00.9 does not require credentials when ...)
NOT-FOR-US: Linksys
CVE-2006-5201 (Multiple packages on Sun Solaris, including (1) NSS; (2) Java JDK and ...)
- - sun-java5 <unfixed>
- TODO: file bug
+ - sun-java5 <unfixed> (bug #393042)
+ NOTE: this is similar to CVE-2006-4339
CVE-2006-5200 (Unspecified vulnerability in Adobe Breeze 5 Licensed Server and Breeze ...)
NOT-FOR-US: Adobe
CVE-2006-5199 (Adobe Contribute Publishing Server leaks the administrator password in ...)
@@ -333,7 +334,8 @@
NOT-FOR-US: Solaris
CVE-2006-XXXX [graphicsmagic buffer overflows]
- graphicsmagick 1.1.7-9 (medium)
- TODO: check for CVE-ids. imagemagick is affected, too
+ - imagemagick <unfixed> (bug #393025)
+ TODO: check for CVE-ids
CVE-2006-5072 (The System.CodeDom.Compiler classes in Novell Mono create temporary ...)
- mono 1.1.17.1-5
CVE-2006-5071 (Multiple cross-site scripting (XSS) vulnerabilities in eyeOS before ...)
@@ -1152,6 +1154,7 @@
CVE-2006-4684 (The docutils module in Zope (Zope2) 2.7.0 through 2.7.9 and 2.8.0 ...)
{DSA-1176-1}
- zope2.7 <removed>
+ - zope2.8 2.8.8-2
CVE-2006-4683 (IBM Director before 5.10 allows remote attackers to obtain sensitive ...)
NOT-FOR-US: IBM Director
CVE-2006-4682 (Multiple unspecified vulnerabilities in IBM Director before 5.10 allow ...)
@@ -1990,9 +1993,6 @@
CVE-2006-4330 (Unspecified vulnerability in the SCSI dissector in Wireshark (formerly ...)
- wireshark 0.99.2-5 (medium; bug #384529)
- ethereal <not-affected> (only wireshark 0.99.2 affected)
-CVE-2006-XXXX [zope Arbitrary file inclusion]
- TODO: check zope zope-2.7 zope2.8 zope2.9 zope3
- - zope2.8 2.8.8-2
CVE-2006-4329 (Multiple PHP remote file inclusion vulnerabilities in Shadows Rising ...)
NOT-FOR-US: Shadows Rising
CVE-2006-4328 (SQL injection vulnerability in admin.php in CloudNine Interactive ...)
More information about the Secure-testing-commits
mailing list