[Secure-testing-commits] r4669 - data/CVE
Stefan Fritsch
stef-guest at costa.debian.org
Sun Sep 3 20:02:41 UTC 2006
Author: stef-guest
Date: 2006-09-03 20:02:38 +0000 (Sun, 03 Sep 2006)
New Revision: 4669
Modified:
data/CVE/list
Log:
- CVE-2006-4436: new isakmpd issue (medium)
- CVE-2006-4262: new cscope issue (low)
- some NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-09-03 19:31:42 UTC (rev 4668)
+++ data/CVE/list 2006-09-03 20:02:38 UTC (rev 4669)
@@ -1,7 +1,7 @@
CVE-2006-XXXX [tikiwiki security issue in jhot.php]
- tikiwiki 1.9.4+dfsg2-3
CVE-2006-4436 (isakmpd in OpenBSD 3.8, 3.9, and possibly earlier versions, creates ...)
- TODO: check
+ - isakmpd <unfixed> (bug filed; medium)
CVE-2006-4435 (OpenBSD 3.8, 3.9, and possibly earlier versions allows ...)
NOT-FOR-US: OpenBSD
CVE-2006-4434 (Use-after-free vulnerability in Sendmail before 8.13.8 allows remote ...)
@@ -363,7 +363,7 @@
CVE-2006-4263 (Multiple PHP remote file inclusion vulnerabilities in the Product ...)
NOT-FOR-US: mambo-phpshop (com_phpshop) for Mambo and Joomla!
CVE-2006-4262 (Multiple buffer overflows in cscope 15.5 and earlier allow ...)
- TODO: check
+ - cscope <unfixed> (low; bug filed)
CVE-2006-4261 (Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to cause a ...)
- xulrunner <unfixed>
- firefox <unfixed>
@@ -698,11 +698,11 @@
CVE-2006-4110 (Apache 2.2.2, when running on Windows, allows remote attackers to read ...)
- apache2 <not-affected> (Affects Apache on Windows only)
CVE-2006-4109 (Cross-site scripting (XSS) vulnerability in Bibliography ...)
- TODO: check
+ NOT-FOR-US: Bibliography (biblio.module) for Drupal
CVE-2006-4108 (SQL injection vulnerability in Bibliography (biblio.module) 4.6 before ...)
- TODO: check
+ NOT-FOR-US: Bibliography (biblio.module) for Drupal
CVE-2006-4107 (SQL injection vulnerability in the Job Search module (job.module) 4.6 ...)
- TODO: check
+ NOT-FOR-US: Job Search module (job.module) for Drupal
CVE-2006-4106 (Cross-site scripting (XSS) vulnerability in blursoft blur6ex 0.3 ...)
NOT-FOR-US: blur6ex
CVE-2006-4105 (Cross-site scripting (XSS) vulnerability in Fill Threads Database ...)
More information about the Secure-testing-commits
mailing list