[Secure-testing-commits] r5212 - data/CVE
Stefan Fritsch
stef-guest at alioth.debian.org
Sat Jan 6 17:02:58 CET 2007
Author: stef-guest
Date: 2007-01-06 17:02:56 +0100 (Sat, 06 Jan 2007)
New Revision: 5212
Modified:
data/CVE/list
Log:
- CVE-2006-6374 not exploitable with etch's php versions
- bugnum
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-01-06 15:59:30 UTC (rev 5211)
+++ data/CVE/list 2007-01-06 16:02:56 UTC (rev 5212)
@@ -177,7 +177,7 @@
CVE-2006-6812 (Multiple PHP remote file inclusion vulnerabilities in myPHPCalendar ...)
NOT-FOR-US: myPHPCalendar
CVE-2006-6811 (Buffer overflow in KsIRC 1.3.12 allows remote attackers to execute ...)
- - kdenetwork <unfixed> (bug filed)
+ - kdenetwork <unfixed> (bug #405828)
CVE-2006-6810 (Unspecified vulnerability in the clear_user_list function in ...)
NOT-FOR-US: DB Hub
CVE-2006-6809 (Multiple PHP remote file inclusion vulnerabilities in process.php in ...)
@@ -1232,8 +1232,10 @@
CVE-2006-6375 (Cross-site scripting (XSS) vulnerability in display.php in Simple ...)
NOT-FOR-US: Simple machines Forum
CVE-2006-6374 (Multiple CRLF injection vulnerabilities in PhpMyAdmin 2.7.0-pl2 allow ...)
- - phpmyadmin <unfixed> (low; bug #404744)
+ - phpmyadmin <unfixed> (unimportant; bug #404744)
[sarge] - phpmyadmin <no-dsa> (CRLF not backportable to Sarge)
+ [etch] - phpmyadmin <no-dsa> (not exploitable with Etch's php versions)
+ NOTE: not exploitable with PHP 5.1.2+ and 4.4.2+
CVE-2006-6373 (PhpMyAdmin 2.7.0-pl2 allows remote attackers to obtain sensitive ...)
- phpmyadmin <unfixed> (unimportant)
NOTE: path is known in Debian anyway
More information about the Secure-testing-commits
mailing list