[Secure-testing-commits] r4666 - data/CVE

Stefan Fritsch stef-guest at costa.debian.org
Sun Sep 3 18:32:44 UTC 2006 

Author: stef-guest
Date: 2006-09-03 18:32:43 +0000 (Sun, 03 Sep 2006)
New Revision: 4666

Modified:
   data/CVE/list
Log:
- new maybe tikiwiki issue with little information
- CVE-2006-3125: new getrinet issue fixed
- CVE-2006-4255 affects imp4, not horde3, but is now fixed anyway
- horde3 fixed
- asterisk fixed


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-09-02 12:09:12 UTC (rev 4665)
+++ data/CVE/list	2006-09-03 18:32:43 UTC (rev 4666)
@@ -1,3 +1,5 @@
+CVE-2006-XXXX [tikiwiki security issue in jhot.php]
+	- tikiwiki 1.9.4+dfsg2-3
 CVE-2006-4436 (isakmpd in OpenBSD 3.8, 3.9, and possibly earlier versions, creates ...)
 	TODO: check
 CVE-2006-4435 (OpenBSD 3.8, 3.9, and possibly earlier versions allows ...)
@@ -179,9 +181,9 @@
 CVE-2006-4347 (SQL injection vulnerability in user logon authentication request ...)
 	NOT-FOR-US: Cool Manager
 CVE-2006-4346 (Asterisk 1.2.10 supports the use of client-controlled variables to ...)
-	- asterisk <unfixed> (medium; bug #385060)
+	- asterisk 1:1.2.11.dfsg-1 (medium; bug #385060)
 CVE-2006-4345 (Stack-based buffer overflow in channels/chan_mgcp.c in MGCP in ...)
-	- asterisk <unfixed> (medium; bug #385060)
+	- asterisk 1:1.2.11.dfsg-1 (medium; bug #385060)
 CVE-2006-4344 (CRLF injection vulnerability in CGI-Rescue Mail F/W System (formd) ...)
 	TODO: check
 CVE-2006-4343
@@ -376,9 +378,9 @@
 CVE-2006-4257 (Unspecified vulnerability in IBM DB2 Universal Database (UDB) before ...)
 	NOT-FOR-US: IBM DB2
 CVE-2006-4256 (index.php in Horde Application Framework before 3.1.2 allows remote ...)
-	- horde3 <unfixed> (low; bug #383416)
+	- horde3 3.1.3-1 (low; bug #383416)
 CVE-2006-4255 (Cross-site scripting (XSS) vulnerability in horde/imp/search.php in ...)
-	- horde3 <unfixed> (low; bug #383416)
+	- imp4 4.1.3-1 (low; bug #383416)
 CVE-2006-4254 (Unspecified vulnerability in setlocale in IBM AIX 5.1.0 through 5.3.0 ...)
 	NOT-FOR-US: IBM AIX
 CVE-2006-4253 (Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to cause a ...)
@@ -2880,8 +2882,9 @@
 CVE-2006-3126 [unspecivied vulnerability in capi4hylafax in mgetty mode]
 	RESERVED
 	- capi4hylafax 1:01.03.00.99.svn.300-3
-CVE-2006-3125
+CVE-2006-3125 [getrinet index underflows]
 	RESERVED
+	- getrinet 0.7.10-1
 CVE-2006-3124 (Buffer overflow in the HTTP header parsing in Streamripper before ...)
 	{DSA-1158}
 	- streamripper 1.61.25-2

More information about the Secure-testing-commits mailing list