[Secure-testing-commits] r4683 - data/CVE
Stefan Fritsch
stef-guest at costa.debian.org
Tue Sep 5 19:54:47 UTC 2006
Author: stef-guest
Date: 2006-09-05 19:54:46 +0000 (Tue, 05 Sep 2006)
New Revision: 4683
Modified:
data/CVE/list
Log:
- CVE-2006-4305: maxdb arbitrary code execution (high)
- CVE-2005-4809: unfixed in mozilla, fixed in recent firefox
- CVE-2006-4455: disputed xchat issue might affect sarge
- CVE-2006-4447: x.org setuid issue CVEified, probably affects sarge
- some NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-09-04 23:31:42 UTC (rev 4682)
+++ data/CVE/list 2006-09-05 19:54:46 UTC (rev 4683)
@@ -30,7 +30,8 @@
CVE-2006-4508 (Unspecified vulnerability in Tor 0.1.0.x before 0.1.0.18 and 0.1.1.x ...)
- tor 0.1.1.23-1
CVE-2006-4507 (Unspecified vulnerability in the TIFF viewer (possibly libTIFF) in the ...)
- TODO: check
+ NOT-FOR-US: Sony
+ NOTE: According to the original advisory, this is just CVE-2006-3459
CVE-2006-4506 (idmlib.sh in nxdrv in Novell Identity Manager (IDM) 3.0.1 allows local ...)
NOT-FOR-US: Novell Identity Manager
CVE-2006-4505 (CRLF injection vulnerability in links.php in NX5Linx 1.0 allows remote ...)
@@ -142,6 +143,8 @@
NOT-FOR-US: phpECard
CVE-2006-4455 (** DISPUTED ** ...)
TODO: check
+ NOTE: xchat, disputed because it does "not affect any recent version"
+ NOTE: sarge's 2.4.1 is not recent by their definition :-|
CVE-2006-4454 (Cross-site scripting (XSS) vulnerability in hlstats.php in HLstats ...)
NOT-FOR-US: HLstats
CVE-2006-4453 (Cross-site scripting (XSS) vulnerability in PmWiki before 2.1.18 ...)
@@ -157,7 +160,13 @@
CVE-2006-4448 (Multiple PHP remote file inclusion vulnerabilities in interact 2.2, ...)
NOT-FOR-US: interact
CVE-2006-4447 (X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, ...)
- TODO: check
+ - xbase-clients 1:7.1.ds-2
+ - xtrans 1.0.0-6
+ - xorg-server 1:1.0.2-9
+ - libx11 2:1.0.0-7
+ - xdm 1:1.0.5-1
+ - xterm <unfixed>
+ [sarge] - xfree86 <unfixed>
CVE-2006-4446 (Heap-based buffer overflow in DirectAnimation.PathControl COM object ...)
NOT-FOR-US: Microsoft
CVE-2006-4445 (** DISPUTED ** ...)
@@ -181,9 +190,12 @@
CVE-2005-4810 (Microsoft Internet Explorer 7.0 Beta3 and earlier allows remote ...)
NOT-FOR-US: Microsoft
CVE-2005-4809 (Mozilla Firefox 1.0.1 and possibly other versions, including Mozilla ...)
- TODO: check
+ - mozilla <unfixed> (medium)
+ - firefox <not-affected> (at least 1.5.0.6 is not vulnerable)
+ - xulrunner <not-affected>
+ TODO: check mozilla-firefox from sarge
CVE-2003-1305 (Microsoft Internet Explorer allows remote attackers to cause a denial ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-XXXX [tikiwiki security issue in jhot.php]
- tikiwiki 1.9.4+dfsg2-3
CVE-2006-4436 (isakmpd in OpenBSD 3.8, 3.9, and possibly earlier versions, creates ...)
@@ -463,7 +475,7 @@
CVE-2006-4306 (Unspecified vulnerability in Sun Solaris 8 and 9 before 20060821 ...)
NOT-FOR-US: Solaris
CVE-2006-4305 (Buffer overflow in SAP DB and MaxDB before 7.6.00.30 allows remote ...)
- TODO: check
+ - maxdb-7.5.00 <unfixed> (high; bug filed)
CVE-2006-4304 (Buffer overflow in the sppp driver in FreeBSD 4.11 through 6.1 and ...)
NOT-FOR-US: FreeBSD NetBSD
CVE-2006-4303 (Race condition in (1) libnsl and (2) TLI/XTI API routines in Sun ...)
@@ -2693,12 +2705,6 @@
NOT-FOR-US: QaTraq
CVE-2006-3311
RESERVED
-CVE-2006-XXXX [several setuid privledge escalations]
- - xbase-clients 1:7.1.ds-2
- - xtrans 1.0.0-6
- - xorg-server 1:1.0.2-9
- - libx11 2:1.0.0-7
- - xdm 1:1.0.5-1
CVE-2006-3310
RESERVED
CVE-2006-3309 (SQL injection vulnerability in SPT--ForumTopics.php in Scout Portal ...)
More information about the Secure-testing-commits
mailing list