[Secure-testing-commits] r4734 - data/CVE
Stefan Fritsch
stef-guest at costa.debian.org
Sun Sep 17 19:26:40 UTC 2006
Author: stef-guest
Date: 2006-09-17 19:26:39 +0000 (Sun, 17 Sep 2006)
New Revision: 4734
Modified:
data/CVE/list
Log:
- new linux-ftpd issues fixed (medium)
- new libxml-parser-perl issue fixed (medium)
- new ejabberd issue fixed (low?)
- CVE-2006-4731: new sql-ledger issue fixed
- new flashplugin-nonfree version fixes many issues
- new thunderbird version fixes many issues
- newer mozilla issues affect xulrunner as well
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-09-16 21:14:26 UTC (rev 4733)
+++ data/CVE/list 2006-09-17 19:26:39 UTC (rev 4734)
@@ -1,3 +1,11 @@
+CVE-2006-XXXX [linux-ftpd allows chdir to disallowed directories]
+ - linux-ftpd 0.17-22 (low; bug #384454)
+CVE-2006-XXXX [linux-ftpd does not check return code of setuid]
+ - linux-ftpd 0.17-22 (medium)
+CVE-2006-XXXX [buffer overflow when reading UTF-8 data]
+ - libxml-parser-perl 2.34-4.2 (bug #378411; medium)
+CVE-2006-XXXX [ejabberd HTML code injection]
+ - ejabberd 1.1.1-8
CVE-2006-4792
RESERVED
CVE-2006-4791
@@ -125,7 +133,7 @@
CVE-2000-1241 (Unspecified vulnerability in Haakon Nilsen simple, integrated ...)
TODO: check
CVE-2006-4731 (Directory traversal vulnerability in login.pl in (1) SQL-Ledger before ...)
- TODO: check
+ - sql-ledger 2.6.19-1
CVE-2006-4730
RESERVED
CVE-2006-4729
@@ -307,7 +315,7 @@
CVE-2006-4641 (SQL injection vulnerability in kategori.asp in Muratsoft Haber Portal ...)
TODO: check
CVE-2006-4640 (Unspecified vulnerability in Adobe Flash Player before 9.0.16.0 allows ...)
- TODO: check
+ - flashplugin-nonfree 7.0.68.0.1
CVE-2006-4639 (Multiple PHP remote file inclusion vulnerabilities in C-News.fr C-News ...)
TODO: check
CVE-2006-4638 (PHP remote file inclusion vulnerability in article.php in ACGV News ...)
@@ -464,41 +472,54 @@
RESERVED
CVE-2006-4571
RESERVED
+ NOTE: MFSA-2006-64
- mozilla <unfixed>
- firefox <unfixed>
- - thunderbird <unfixed>
+ - thunderbird 1.5.0.7-1
[sarge] - mozilla-firefox <unfixed>
[sarge] - mozilla-thunderbird <unfixed>
CVE-2006-4570
RESERVED
+ NOTE: MFSA-2006-63
+ - thunderbird 1.5.0.7-1
+ - mozilla <unfixed>
CVE-2006-4569 [firefox popup blocker xss]
RESERVED
+ NOTE: MFSA-2006-62
- firefox <unfixed> (low)
+ - xulrunner <unfixed> (low)
[sarge] - mozilla-firefox <unfixed> (low)
CVE-2006-4568
RESERVED
+ NOTE: MFSA-2006-61
- mozilla <unfixed> (low)
- firefox <unfixed> (low)
+ - xulrunner <unfixed> (low)
[sarge] - mozilla-firefox <unfixed> (low)
CVE-2006-4567 [Spoofing in internal auto update]
RESERVED
+ NOTE: MFSA-2006-58
- firefox <unfixed> (unimportant)
- - thunderbird <unfixed> (unimportant)
+ - thunderbird 1.5.0.7-1 (unimportant)
[sarge] - mozilla-firefox <unfixed> (unimportant)
[sarge] - mozilla-thunderbird <unfixed> (unimportant)
NOTE: The internal update mechanism is disabled in Debian
CVE-2006-4566
RESERVED
+ NOTE: MFSA-2006-57
- mozilla <unfixed>
- firefox <unfixed>
- - thunderbird <unfixed>
+ - thunderbird 1.5.0.7-1
+ - xulrunner <unfixed>
[sarge] - mozilla-firefox <unfixed>
[sarge] - mozilla-thunderbird <unfixed>
CVE-2006-4565
RESERVED
+ NOTE: MFSA-2006-57
- mozilla <unfixed>
- firefox <unfixed>
- - thunderbird <unfixed>
+ - xulrunner <unfixed>
+ - thunderbird 1.5.0.7-1
[sarge] - mozilla-firefox <unfixed>
[sarge] - mozilla-thunderbird <unfixed>
CVE-2006-4564 (SQL injection vulnerability in Sources/ManageBoards.php in Simple ...)
@@ -998,9 +1019,11 @@
REJECTED
CVE-2006-4340
RESERVED
+ NOTE: MFSA-2006-60, this is the similar to CVE-2006-4339
- mozilla <unfixed>
- firefox <unfixed>
- - thunderbird <unfixed>
+ - thunderbird 1.5.0.7-1
+ - xulrunner <unfixed>
[sarge] - mozilla-firefox <unfixed>
[sarge] - mozilla-thunderbird <unfixed>
CVE-2006-4339 (OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, ...)
@@ -1194,13 +1217,14 @@
CVE-2006-4254 (Unspecified vulnerability in setlocale in IBM AIX 5.1.0 through 5.3.0 ...)
NOT-FOR-US: IBM AIX
CVE-2006-4253 (Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to cause a ...)
+ NOTE: MFSA-2006-59
- xulrunner <unfixed>
- firefox <unfixed>
- mozilla <unfixed>
- - mozilla-firefox <unfixed>
+ - mozilla-firefox <removed>
[sarge] - mozilla <unfixed>
[sarge] - mozilla-thunderbird <unfixed>
- [sarge] - mozilla-thunderbird <unfixed>
+ - thunderbird 1.5.0.7-1
CVE-2006-4252
RESERVED
CVE-2006-4251
@@ -2743,9 +2767,9 @@
CVE-2006-3589 (vmware-config.pl in VMware for Linux, ESX Server 2.x, and Infrastructure ...)
NOT-FOR-US: VMware
CVE-2006-3588 (Unspecified vulnerability in Adobe (Macromedia) Flash Player 8.0.24.0 ...)
- NOT-FOR-US: Macromedia Flash Player 8
+ - flashplugin-nonfree 7.0.68.0.1
CVE-2006-3587 (Unspecified vulnerability in Adobe (Macromedia) Flash Player 8.0.24.0 ...)
- NOT-FOR-US: Macromedia Flash Player 8
+ - flashplugin-nonfree 7.0.68.0.1
CVE-2006-3586 (SQL injection vulnerability in Jetbox CMS 2.1 SR1 allows remote ...)
NOT-FOR-US: Jetbox CMS
CVE-2006-3585 (Multiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS 2.1 ...)
@@ -3332,7 +3356,7 @@
CVE-2006-3312 (Multiple cross-site scripting (XSS) vulnerabilities in ashmans and ...)
NOT-FOR-US: QaTraq
CVE-2006-3311 (Buffer overflow in Adobe Flash Player 8.0.24.0 and earlier, Flash ...)
- TODO: check
+ - flashplugin-nonfree 7.0.68.0.1
CVE-2006-3310
RESERVED
CVE-2006-3309 (SQL injection vulnerability in SPT--ForumTopics.php in Scout Portal ...)
@@ -3957,7 +3981,7 @@
CVE-2006-3015 (Argument injection vulnerability in WinSCP 3.8.1 build 328 allows ...)
NOT-FOR-US: WinSCP
CVE-2006-3014 (Microsoft Excel allows user-assisted attackers to execute arbitrary ...)
- NOT-FOR-US: Microsoft Excel
+ NOT-FOR-US: Microsoft Excel / Flashplayer for Windows
CVE-2006-3013 (Interpretation conflict in resetpw.php in phpBannerExchange before 2.0 ...)
NOT-FOR-US: phpBannerExchange
CVE-2006-3012 (SQL injection vulnerability in phpBannerExchange before 2.0 Update 6 ...)
More information about the Secure-testing-commits
mailing list