[Secure-testing-commits] r4852 - data/CVE

Stefan Fritsch stef-guest at costa.debian.org
Sat Oct 14 20:01:37 UTC 2006 

Author: stef-guest
Date: 2006-10-14 20:01:36 +0000 (Sat, 14 Oct 2006)
New Revision: 4852

Modified:
   data/CVE/list
Log:
- CVE-2006-2658: new mono-xsp issue already fixed
- bugnums, NFUs
- CVE-2006-4980 is fixed in python2.5
- CVE-2006-4030: gallery2 not-affected
- CVE-2006-3602 is actually CVE-2005-4600
- CVE-2005-4600: moodle already fixed


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-10-14 18:15:34 UTC (rev 4851)
+++ data/CVE/list	2006-10-14 20:01:36 UTC (rev 4852)
@@ -528,8 +528,8 @@
 	NOT-FOR-US: Symantec
 CVE-2006-4980 (Buffer overflow in the repr function in Python 2.3 through 2.6 before ...)
 	- python2.4 2.4.3-9
-	- python2.3 <unfixed>
-	TODO: check other pythons
+	- python2.3 <unfixed> (bug #393053)
+	- python2.5 2.5-1
 CVE-2006-4979 (Direct static code injection vulnerability in cfgphpquiz/install.php ...)
 	NOT-FOR-US: PhpQuiz
 CVE-2006-4978 (Multiple SQL injection vulnerabilities in Walter Beschmout PhpQuiz 1.2 ...)
@@ -2306,7 +2306,7 @@
 	- gallery2 2.1.2-1
 CVE-2006-XXXX [insecure filehandling in mysql_upgrade]
 	- mysql-dfsg-5.0 5.0.24-1
-	TODO: check 4.x
+	Note: mysql_upgrade not in 4.x
 CVE-2006-4194 (** DISPUTED ** ...)
 	NOT-FOR-US: Cisco
 CVE-2006-4193 (Microsoft Internet Explorer 6.0 SP1 and possibly other versions allows ...)
@@ -2659,7 +2659,7 @@
 CVE-2006-4030 (Unspecified vulnerability in the stats module in Gallery 1.5.1-RC2 and ...)
 	{DSA-1148-1}
 	- gallery 1.5.3-1
-	TODO: check gallery2
+	- gallery2 <not-affected> (vulnerable code not present)
 CVE-2006-4029 (Stack-based buffer overflow in sipd.dll in AGEphone 1.24 and 1.38.1 ...)
 	NOT-FOR-US: AGEphone
 CVE-2006-4028 (Multiple unspecified vulnerabilities in WordPress before 2.0.4 have ...)
@@ -3679,7 +3679,8 @@
 	NOT-FOR-US: Softbiz Banner Exchange Script (aka Banner Exchange Network Script)
 CVE-2006-3606 (Unspecified vulnerability in Sun Solaris X Inter Client Exchange ...)
 	NOTE: Debian has a libice - is it the same one?
-	TODO: check
+	NOTE: Not enough information...
+	TODO: maybe check again later
 CVE-2006-3605 (Microsoft Internet Explorer 6 allows remote attackers to cause a ...)
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2006-3604 (Directory traversal vulnerability in FlexWATCH Network Camera 3.0 and ...)
@@ -3687,8 +3688,8 @@
 CVE-2006-3603 (Cross-site scripting (XSS) vulnerability in index.php in FlexWATCH ...)
 	NOT-FOR-US: FlexWATCH Network Camera
 CVE-2006-3602 (Directory traversal vulnerability in ...)
-	TODO: check wordpress, moodle
-	- knowledgeroot <not-affected> (fixed before first upload; see bug #381912)
+	NOTE: this is CVE-2005-4600
+	NOT-FOR-US: Farsinews
 CVE-2006-3601 (** UNVERIFIABLE ** ...)
 	NOT-FOR-US: DotNetNuke
 CVE-2006-3600 (Multiple stack-based buffer overflows in the LookupTRM::lookup ...)
@@ -5807,8 +5808,7 @@
 	NOTE: application error
 	- php5 5.1.6-1 (low)
 CVE-2006-2658 (Directory traversal vulnerability in the xsp component in mod_mono in ...)
-	NOTE: maybe this is the same as apache mod_mono?
-	TODO: check
+	- xsp 1.1.15-1
 CVE-2006-2657
 	REJECTED
 CVE-2006-2655 (The build process for ypserv in FreeBSD 5.3 up to 6.1 accidentally ...)
@@ -6418,7 +6418,7 @@
 CVE-2006-2388 (Microsoft Office Excel 2000 through 2004 allows user-assisted ...)
 	NOT-FOR-US: Microsoft
 CVE-2006-2387 (Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2006-2386
 	RESERVED
 CVE-2006-2385 (Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and ...)
@@ -12299,8 +12299,10 @@
 CVE-2005-4602 (SQL injection vulnerability in inc/function_upload.php in MyBB before ...)
 	NOT-FOR-US: MyBB
 CVE-2005-4600 (tiny_mce_gzip.php in TinyMCE Compressor PHP before 1.06 allows remote ...)
-	TODO: check wordpress, moodle
+	TODO: check wordpress
+	NOTE: pinged maintainer
 	- knowledgeroot <not-affected> (fixed before first upload; see bug #381912)
+	- moodle <not-affected> (has newer version)
 CVE-2005-4599 (Cross-site scripting (XSS) vulnerability in tiny_mce_gzip.php in ...)
 	TODO: check wordpress, moodle
 	- knowledgeroot <not-affected> (fixed before first upload; see bug #381912)

More information about the Secure-testing-commits mailing list