[Secure-testing-commits] r5218 - data/CVE

[Stefan Fritsch]

Author: stef-guest
Date: 2007-01-07 18:50:16 +0100 (Sun, 07 Jan 2007)
New Revision: 5218

Modified:
   data/CVE/list
Log:
- CVE-2006-6808: another wordpress issue
- openoffice fixed


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-01-07 16:03:04 UTC (rev 5217)
+++ data/CVE/list	2007-01-07 17:50:16 UTC (rev 5218)
@@ -1,7 +1,9 @@
 CVE-2007-XXXX WordPress Trackback Charset Decoding SQL Injection Vulnerability
-	- wordpress <unfixed> (bug #405299; medium)
+	- wordpress <unfixed> (medium)
+	NOTE: http://www.hardened-php.net/advisory_022007.141.html
 CVE-2007-XXXX WordPress CSRF Protection XSS Vulnerability
-	- wordpress <unfixed> (bug #405299; medium)
+	- wordpress <unfixed> (medium)
+	NOTE: http://www.hardened-php.net/advisory_012007.140.html
 CVE-2007-0050 (** DISPUTED ** ...)
 	NOT-FOR-US: OpenPinboard
 CVE-2007-0049 (Geckovich TaskTracker Pro 1.5 and earlier allows remote attackers to ...)
@@ -187,7 +189,7 @@
 CVE-2006-6809 (Multiple PHP remote file inclusion vulnerabilities in process.php in ...)
 	NOT-FOR-US: buratinable templator (aka bubla) 
 CVE-2006-6808 (Cross-site scripting (XSS) vulnerability in wp-admin/templates.php in ...)
-	TODO: check
+	- wordpress <unfixed> (bug #405299)
 CVE-2006-6807 (SQL injection vulnerability in list.asp in Softwebs Nepal (aka Ananda ...)
 	TODO: check
 CVE-2006-6806 (SQL injection vulnerability in newsdetail.asp in Enthrallweb eMates ...)
@@ -612,7 +614,7 @@
 CVE-2006-6629 (lib/WeBWorK/PG/Translator.pm in WeBWorK Program Generation (PG) ...)
 	NOT-FOR-US: WeBWorK
 CVE-2006-6628 (Integer overflow in OpenOffice.org (OOo) 2.1 allows user-assisted ...)
-	- openoffice.org <unfixed> (unimportant; bug #404105)
+	- openoffice.org 2.0.4.dfsg.2-3 (unimportant; bug #404105)
 	NOTE: No code injection possible, just a crash
 CVE-2006-6627 (Integer overflow in the packed PE file parsing implementation in ...)
 	NOT-FOR-US: BitDefender