[Secure-testing-commits] r5253 - data/CVE

Fri Jan 12 18:38:46 CET 2007

Author: stef-guest
Date: 2007-01-12 18:38:44 +0100 (Fri, 12 Jan 2007)
New Revision: 5253

Modified:
   data/CVE/list
Log:
- new bcfg2 issue fixed (low)
- some mysql DoSs fixed
- phpmyadmin fixed
- fetchmail fix was incomplete


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2007-01-12 17:25:11 UTC (rev 5252)
+++ data/CVE/list	2007-01-12 17:38:44 UTC (rev 5253)
@@ -1,3 +1,7 @@
+CVE-2007-XXXX [bcfg2 password disclosure]
+	- bcfg2 0.8.7.3-1 (low; bug #406285)
+CVE-2007-XXXX [mysql 5.0 several DoS vulns]
+	- mysql-dfsg-5.0 5.0.32-1
 CVE-2007-0205 (Multiple directory traversal vulnerabilities in @lex Guestbook 4.0.2 ...)
 	TODO: @alex
 CVE-2006-6920 (Cross-site scripting (XSS) vulnerability in Nucleus before 3.24 allows ...)
@@ -11,9 +15,9 @@
 CVE-2006-6916 (Getahead Direct Web Remoting (DWR) before 1.1.3 allows attackers to ...)
 	NOT-FOR-US: Getahead
 CVE-2007-0204 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
-	- phpmyadmin <unfixed> (bug #406486; high)
+	- phpmyadmin 4:2.9.1.1-2 (bug #406486; high)
 CVE-2007-0203 (Multiple unspecified vulnerabilities in phpMyAdmin before 2.9.2-rc1 ...)
-	- phpmyadmin <unfixed> (bug #406332; high)
+	- phpmyadmin 4:2.9.1.1-2 (bug #406332; high)
 CVE-2007-0202 (SQL injection vulnerability in index.php in @lex Guestbook 4.0.2 and ...)
 	NOT-FOR-US: @lex
 CVE-2007-0201 (Buffer overflow in the cmd_usr function in ftp-gw in TIS Internet ...)
@@ -2560,7 +2564,7 @@
 CVE-2006-5975 (Multiple cross-site scripting (XSS) vulnerabilities in comments.asp in ...)
 	NOT-FOR-US: BlogMe
 CVE-2006-5974 (fetchmail 6.3.5 and 6.3.6 before 6.3.6-rc4, when refusing a message ...)
-	- fetchmail 6.3.6~rc3-1
+	- fetchmail 6.3.6-1
 CVE-2006-5973 (Off-by-one buffer overflow in Dovecot 1.0test53 through 1.0.rc14, and ...)
 	- dovecot 1.0.rc15-1
 	[sarge] - dovecot <not-affected> (Vulnerable code not present)


