[Secure-testing-commits] r4877 - data/CVE

Stefan Fritsch stef-guest at costa.debian.org
Tue Oct 24 19:14:43 UTC 2006


Author: stef-guest
Date: 2006-10-24 19:14:42 +0000 (Tue, 24 Oct 2006)
New Revision: 4877

Modified:
   data/CVE/list
Log:
- libpam-ldap fixed
- {graphics,image}magick issue CVEified and fixed
- CVE-2006-5379: nvidia binary driver issue fixed
- CVE-2006-1910: not NFU but already fixed serendipity issue
- new low impact serendipity XSS issue fixed


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-10-24 15:57:41 UTC (rev 4876)
+++ data/CVE/list	2006-10-24 19:14:42 UTC (rev 4877)
@@ -1,3 +1,5 @@
+CVE-2006-XXXX [serendipity XSS for registered authors]
+	- serendipity 1.0.2-1 (low)
 CVE-2006-5460 (** DISPUTED ** ...)
 	TODO: check
 CVE-2006-5459 (Multiple PHP remote file inclusion vulnerabilities in Download-Engine ...)
@@ -7,7 +9,8 @@
 CVE-2006-5457 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
 	TODO: check
 CVE-2006-5456 (Multiple buffer overflows in GraphicsMagick before 1.1.7 and ...)
-	TODO: check
+	- graphicsmagick 1.1.7-9 (medium)
+	- imagemagick 7:6.2.4.5.dfsg1-0.11 (bug #393025)
 CVE-2006-5455 (Cross-site request forgery (CSRF) vulnerability in editversions.cgi in ...)
 	TODO: check
 CVE-2006-5454 (Bugzilla 2.18.x before 2.18.6, 2.20.x before 2.20.3, 2.22.x before ...)
@@ -166,7 +169,7 @@
 CVE-2006-5380 (** DISPUTED ** ...)
 	NOT-FOR-US: Contenido CMS
 CVE-2006-5379 (The accelerated rendering functionality of NVIDIA Binary Graphics ...)
-	TODO: check
+	- nvidia-graphics-drivers 1.0.8776-1 (bug #393573)
 CVE-2006-5378 (Unspecified vulnerability in JD Edwards HTML Server in JD Edwards ...)
 	NOT-FOR-US: EnterpriseOne
 CVE-2006-5377 (Unspecified vulnerability in PeopleSoft component in Oracle PeopleSoft ...)
@@ -596,7 +599,7 @@
 CVE-2006-5171
 	RESERVED
 CVE-2006-5170 (pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core 3 and ...)
-	- libpam-ldap <unfixed> (bug #392984; medium)
+	- libpam-ldap 180-1.2 (bug #392984; medium)
 CVE-2006-5169 (Cross-site scripting (XSS) vulnerability in John Himmelman (aka ...)
 	NOT-FOR-US: PowerPortal
 CVE-2006-5168 (Cross-site scripting (XSS) vulnerability in the search functionality ...)
@@ -802,10 +805,6 @@
 	NOT-FOR-US: PHP Invoice
 CVE-2006-5073 (Unspecified vulnerability in Sun Solaris 8, 9 and 10 allows remote ...)
 	NOT-FOR-US: Solaris
-CVE-2006-XXXX [graphicsmagic buffer overflows]
-	- graphicsmagick 1.1.7-9 (medium)
-	- imagemagick <unfixed> (bug #393025)
-	TODO: check for CVE-ids
 CVE-2006-5072 (The System.CodeDom.Compiler classes in Novell Mono create temporary ...)
 	- mono 1.1.17.1-5
 CVE-2006-5071 (Multiple cross-site scripting (XSS) vulnerabilities in eyeOS before ...)
@@ -8027,7 +8026,7 @@
 CVE-2006-1911 (Cross-site scripting (XSS) vulnerability in MyBB (MyBulletinBoard) 1.1 ...)
 	NOT-FOR-US: MyBB
 CVE-2006-1910 (config.php in S9Y Serendipity 1.0 beta 2 allows remote attackers to ...)
-	NOT-FOR-US: Serendipity
+	- serendipity 1.0-1
 CVE-2006-1909 (Directory traversal vulnerability in index.php in Coppermine 1.4.4 ...)
 	NOT-FOR-US: Coppermine
 CVE-2006-1908 (Cross-site scripting vulnerability in addevent.php in myEvent 1.x ...)




More information about the Secure-testing-commits mailing list