[Secure-testing-commits] r4741 - data/CVE
Moritz Muehlenhoff
jmm-guest at costa.debian.org
Mon Sep 18 17:26:23 UTC 2006
Author: jmm-guest
Date: 2006-09-18 17:26:20 +0000 (Mon, 18 Sep 2006)
New Revision: 4741
Modified:
data/CVE/list
Log:
remove libxml-parser-perl dupe
flashplugin installer not supported by security team
latest firefix issues fixed
checked webalizer - not security relevant
older gnumail-java issue is a non-issue
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-09-18 09:14:25 UTC (rev 4740)
+++ data/CVE/list 2006-09-18 17:26:20 UTC (rev 4741)
@@ -2,8 +2,6 @@
- linux-ftpd 0.17-22 (low; bug #384454)
CVE-2006-XXXX [linux-ftpd does not check return code of setuid]
- linux-ftpd 0.17-22 (medium)
-CVE-2006-XXXX [buffer overflow when reading UTF-8 data]
- - libxml-parser-perl 2.34-4.2 (bug #378411; medium)
CVE-2006-XXXX [ejabberd HTML code injection]
- ejabberd 1.1.1-8
CVE-2006-4792
@@ -315,6 +313,7 @@
TODO: check
CVE-2006-4640 (Unspecified vulnerability in Adobe Flash Player before 9.0.16.0 allows ...)
- flashplugin-nonfree 7.0.68.0.1
+ [sarge] - flashplugin-non-free <no-dsa> (Contrib not supported)
CVE-2006-4639 (Multiple PHP remote file inclusion vulnerabilities in C-News.fr C-News ...)
TODO: check
CVE-2006-4638 (PHP remote file inclusion vulnerability in article.php in ACGV News ...)
@@ -472,7 +471,7 @@
RESERVED
NOTE: MFSA-2006-64
- mozilla <unfixed>
- - firefox <unfixed>
+ - firefox 1.5.dfsg+1.5.0.7-1
- thunderbird 1.5.0.7-1
[sarge] - mozilla-firefox <unfixed>
[sarge] - mozilla-thunderbird <unfixed>
@@ -484,7 +483,7 @@
CVE-2006-4569 [firefox popup blocker xss]
RESERVED
NOTE: MFSA-2006-62
- - firefox <unfixed> (low)
+ - firefox 1.5.dfsg+1.5.0.7-1 (low)
- xulrunner <unfixed> (low)
- thunderbird 1.5.0.7-1
[sarge] - mozilla-firefox <unfixed> (low)
@@ -492,14 +491,14 @@
RESERVED
NOTE: MFSA-2006-61
- mozilla <unfixed> (low)
- - firefox <unfixed> (low)
+ - firefox 1.5.dfsg+1.5.0.7-1 (low)
- xulrunner <unfixed> (low)
- thunderbird 1.5.0.7-1
[sarge] - mozilla-firefox <unfixed> (low)
CVE-2006-4567 [Spoofing in internal auto update]
RESERVED
NOTE: MFSA-2006-58
- - firefox <unfixed> (unimportant)
+ - firefox 1.5.dfsg+1.5.0.7-1 (unimportant)
- thunderbird 1.5.0.7-1 (unimportant)
[sarge] - mozilla-firefox <unfixed> (unimportant)
[sarge] - mozilla-thunderbird <unfixed> (unimportant)
@@ -508,7 +507,7 @@
RESERVED
NOTE: MFSA-2006-57
- mozilla <unfixed>
- - firefox <unfixed>
+ - firefox 1.5.dfsg+1.5.0.7-1
- thunderbird 1.5.0.7-1
- xulrunner <unfixed>
[sarge] - mozilla-firefox <unfixed>
@@ -517,7 +516,7 @@
RESERVED
NOTE: MFSA-2006-57
- mozilla <unfixed>
- - firefox <unfixed>
+ - firefox 1.5.dfsg+1.5.0.7-1
- xulrunner <unfixed>
- thunderbird 1.5.0.7-1
[sarge] - mozilla-firefox <unfixed>
@@ -530,7 +529,7 @@
NOT-FOR-US: Symantec
CVE-2006-4561 (Mozilla Firefox 1.5.0.6 allows remote attackers to execute arbitrary ...)
- xulrunner <unfixed> (low)
- - firefox <unfixed> (low)
+ - firefox 1.5.dfsg+1.5.0.7-1 (low)
- mozilla <unfixed> (low)
- mozilla-firefox <removed> (low)
CVE-2006-4560 (Internet Explorer 6 on Windows XP SP2 allows remote attackers to ...)
@@ -1021,7 +1020,7 @@
RESERVED
NOTE: MFSA-2006-60, this is the similar to CVE-2006-4339
- mozilla <unfixed>
- - firefox <unfixed>
+ - firefox 1.5.dfsg+1.5.0.7-1
- thunderbird 1.5.0.7-1
- xulrunner <unfixed>
[sarge] - mozilla-firefox <unfixed>
@@ -1850,9 +1849,9 @@
CVE-2006-XXXX [unspecified security issues in steam]
- steam 2.2.16-1
CVE-2006-XXXX [Buffer overflow in XML::Parser::Expat triggered by utf8]
- - libxml-parser-perl <unfixed> (bug #378411; high)
+ - libxml-parser-perl 2.34-4.2 (bug #378411; medium)
CVE-2006-XXXX [Buffer overflow in XML::Parser::Expat triggered by deep nesting]
- - libxml-parser-perl 2.34-4.1 (bug #378412; high)
+ - libxml-parser-perl 2.34-4.1 (bug #378412; medium)
CVE-2006-3970 (PHP remote file inclusion vulnerability in lmo.php in the LMO ...)
NOT-FOR-US: LMO for joomla
CVE-2006-3969 (PHP remote file inclusion vulnerability in ...)
@@ -2135,9 +2134,6 @@
- ocp 0.1.10rc6-1 (medium; bug #381098)
CVE-2006-XXXX [uqwk buffer overflow]
- uqwk 2.21-13 (bug #376577; medium)
-CVE-2006-XXXX [Webalizer buffer overflows]
- - webalizer 2.01.10-30 (unknown)
- NOTE: 11_various_buffer_overflows should be reviewed for exploitability
CVE-2006-3837 (delcookie.php in Professional Home Page Tools Guestbook changes the ...)
NOT-FOR-US: Professional Home Page Tools Guestbook
CVE-2006-3836 (Directory traversal vulnerability in index.php in UNIDOmedia Chameleon ...)
@@ -2768,8 +2764,10 @@
NOT-FOR-US: VMware
CVE-2006-3588 (Unspecified vulnerability in Adobe (Macromedia) Flash Player 8.0.24.0 ...)
- flashplugin-nonfree 7.0.68.0.1
+ [sarge] - flashplugin-non-free <no-dsa> (Contrib not supported)
CVE-2006-3587 (Unspecified vulnerability in Adobe (Macromedia) Flash Player 8.0.24.0 ...)
- flashplugin-nonfree 7.0.68.0.1
+ [sarge] - flashplugin-non-free <no-dsa> (Contrib not supported)
CVE-2006-3586 (SQL injection vulnerability in Jetbox CMS 2.1 SR1 allows remote ...)
NOT-FOR-US: Jetbox CMS
CVE-2006-3585 (Multiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS 2.1 ...)
@@ -3357,6 +3355,7 @@
NOT-FOR-US: QaTraq
CVE-2006-3311 (Buffer overflow in Adobe Flash Player 8.0.24.0 and earlier, Flash ...)
- flashplugin-nonfree 7.0.68.0.1
+ [sarge] - flashplugin-non-free <no-dsa> (Contrib not supported)
CVE-2006-3310
RESERVED
CVE-2006-3309 (SQL injection vulnerability in SPT--ForumTopics.php in Scout Portal ...)
@@ -23387,8 +23386,10 @@
CVE-2005-1106 (PictureViewer in QuickTime for Windows 6.5.2 allows remote attackers ...)
NOT-FOR-US: Windows
CVE-2005-1105 (Directory traversal vulnerability in the MimeBodyPart.getFileName ...)
- - libgnumail-java <unfixed> (bug #304712; low)
- [sarge] - libgnumail-java <no-dsa> (Only user in Sarge is ant, which isn't affected)
+ - libgnumail-java <unfixed> (bug #304712; unimportant)
+ NOTE: This just provides an Java API function to receive a file name, sanitising
+ NOTE: this file name for further use must be done inside the application calling
+ NOTE: the function
CVE-2005-1104 (Multiple cross-site scripting (XSS) vulnerabilities in Centra 7 ...)
NOT-FOR-US: Centra
CVE-2005-1103 (Sygate Security Agent (SSA) in Sygate Secure Enterprise 3.5 through ...)
More information about the Secure-testing-commits
mailing list