[Secure-testing-commits] r5251 - data/CVE

Alex de Oliveira Silva enerv-guest at alioth.debian.org
Fri Jan 12 15:57:38 CET 2007 

Author: enerv-guest
Date: 2007-01-12 15:57:35 +0100 (Fri, 12 Jan 2007)
New Revision: 5251

Modified:
   data/CVE/list
Log:
Added severity:
CVE-2006-0040 low
CVE-2006-5867 low
CVE-2006-6508 low
CVE-2006-6839 high
CVE-2006-6841 high
CVE-2006-6858 medium
CVE-2006-6870 low

Changed severity:
CVE-2006-6421 to medium
CVE-2006-6799 to high



Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-01-12 14:22:11 UTC (rev 5250)
+++ data/CVE/list	2007-01-12 14:57:35 UTC (rev 5251)
@@ -447,7 +447,7 @@
 CVE-2006-XXXX [ssmtp password leak]
 	- ssmtp 2.61-10.1 (bug #369542; low)
 CVE-2006-6870 (The consume_labels function in avahi-core/dns.c in Avahi before 0.6.16 ...)
-	- avahi 0.6.16-1
+	- avahi 0.6.16-1 (low)
 CVE-2007-XXXX [CenterICQ buffer overflow]
 	- centericq 4.21.0-17
 	NOTE: http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051663.html
@@ -534,7 +534,7 @@
 CVE-2007-0016 (Stack-based buffer overflow in MoviePlay 4.76 allows remote attackers ...)
 	NOT-FOR-US: MoviePlay
 CVE-2006-6858 (Miredo 0.9.8 through 1.0.5 does not properly authenticate a Teredo ...)
-	- miredo 1.0.4-2 (bug #405412; bug #405111)
+	- miredo 1.0.4-2 (bug #405412; bug #405111; medium)
 CVE-2006-6857 (Cross-site scripting (XSS) vulnerability in ...)
 	NOT-FOR-US: Docebo LMS
 CVE-2006-6856 (Direct static code injection vulnerability in WebText CMS 0.4.5.2 and ...)
@@ -568,11 +568,11 @@
 CVE-2006-6842 (SQL injection vulnerability in admin/admin_acronyms.php in the Acronym ...)
 	NOT-FOR-US: Acronym Mod for phpBB2
 CVE-2006-6841 (Certain forms in phpBB before 2.0.22 lack session checks, which has ...)
-	- phpbb2 <unfixed> (bug #405980)
+	- phpbb2 <unfixed> (bug #405980; high)
 CVE-2006-6840 (Unspecified vulnerability in phpBB before 2.0.22 has unknown impact ...)
-	- phpbb2 <unfixed> (bug #405980)
+	- phpbb2 <unfixed> (bug #405980; high)
 CVE-2006-6839 (Unspecified vulnerability in phpBB before 2.0.22 has unknown impact ...)
-	- phpbb2 <unfixed> (bug #405980)
+	- phpbb2 <unfixed> (bug #405980; high)
 CVE-2006-6838 (Rediff Bol Downloader ActiveX (OCX) control allows remote attackers to ...)
 	NOT-FOR-US: Rediff Bol Downloader ActiveX (OCX) control
 CVE-2006-6837 (Multiple stack-based buffer overflows in the (1) LoadTree, (2) ...)
@@ -667,7 +667,7 @@
 CVE-2006-6800 (PHP remote file inclusion in eventcal/mod_eventcal.php in the event ...)
 	NOT-FOR-US: Limbo CMS
 CVE-2006-6799 (SQL injection vulnerability in Cacti 0.8.6i and earlier, when ...)
-	- cacti <unfixed> (bug #404818; medium)
+	- cacti <unfixed> (bug #404818; high)
 CVE-2006-6798
 	RESERVED
 CVE-2006-6797 (The Client Server Run-Time Subsystem (CSRSS) in Microsoft Windows ...)
@@ -1349,7 +1349,7 @@
 CVE-2006-6509 (Cross-site scripting (XSS) vulnerability in the skinning feature in ...)
 	NOT-FOR-US: SiteKiosk
 CVE-2006-6508 (Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.21 allows ...)
-	- phpbb2 <unfixed> (bug #402140)
+	- phpbb2 <unfixed> (bug #402140; low)
 CVE-2006-6507 (Mozilla Firefox 2.0 before 2.0.0.1 allows remote attackers to bypass ...)
 	NOTE: MFSA-2006-76
 	- iceweasel 2.0.0.1+dfsg-1 (high)
@@ -1600,7 +1600,7 @@
 CVE-2006-6422 (Agileco AgileBill 1.4.x and AgileVoice 1.4.x do not properly handle ...)
 	NOT-FOR-US: AgileBill AgileVoice
 CVE-2006-6421 (Cross-site scripting (XSS) vulnerability in the private message box ...)
-	- phpbb2 <unfixed> (low)
+	- phpbb2 <unfixed> (medium)
 	[sarge] - phpbb2 <not-affected>
 CVE-2006-6420 (Multiple cross-site scripting (XSS) vulnerabilities in jce.php in the ...)
 	NOT-FOR-US: Joomla Content Editor (JCE)
@@ -2794,7 +2794,7 @@
 	{DSA-1213}
 	- imagemagick 7:6.2.4.5.dfsg1-0.11
 CVE-2006-5867 (fetchmail before 6.3.6-rc4 does not properly enforce TLS and may transmit ...)
-	- fetchmail 6.3.6~rc5-1
+	- fetchmail 6.3.6~rc5-1 (low)
 CVE-2006-5866 (Directory traversal vulnerability in Mdoc/view-sourcecode.php for ...)
 	NOT-FOR-US: phpManta
 CVE-2006-5865 (PHP remote file inclusion vulnerability in language.inc.php for Script ...)
@@ -16904,7 +16904,7 @@
 CVE-2006-0041
 	RESERVED
 CVE-2006-0040 (GNOME Evolution 2.4.2.1 and earlier allows remote attackers to cause a ...)
-	- evolution <unfixed> (bug #398064)
+	- evolution <unfixed> (bug #398064; low)
 	[sarge] - evolution <not-affected> (Not reproducable on Sarge)
 CVE-2006-0039 (Race condition in the do_add_counters function in netfilter for Linux ...)
 	{DSA-1103 DSA-1097-1}

More information about the Secure-testing-commits mailing list