[Secure-testing-commits] r5258 - data/CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Fri Jan 12 22:59:27 CET 2007 

Author: jmm-guest
Date: 2007-01-12 22:59:24 +0100 (Fri, 12 Jan 2007)
New Revision: 5258

Modified:
   data/CVE/list
Log:
fixups


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-01-12 20:58:04 UTC (rev 5257)
+++ data/CVE/list	2007-01-12 21:59:24 UTC (rev 5258)
@@ -7,7 +7,7 @@
 CVE-2006-6920 (Cross-site scripting (XSS) vulnerability in Nucleus before 3.24 allows ...)
 	NOT-FOR-US: Nucleus
 CVE-2006-6919 (Firefox Sage extension 1.3.8 and earlier allows remote attackers to ...)
-	NOT-FOR-US: Sage extension
+	- firefox-sage <unfixed>
 CVE-2006-6918 (Unspecified vulnerability in the Admin login for Georgian discussion ...)
 	NOT-FOR-US: GeoBB
 CVE-2006-6917 (Multiple buffer overflows in Computer Associates (CA) BrightStor ...)
@@ -15,9 +15,9 @@
 CVE-2006-6916 (Getahead Direct Web Remoting (DWR) before 1.1.3 allows attackers to ...)
 	NOT-FOR-US: Getahead
 CVE-2007-0204 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
-	- phpmyadmin <not-affected>
+	- phpmyadmin 4:2.9.1.1-2 (bug #406486; high)
 CVE-2007-0203 (Multiple unspecified vulnerabilities in phpMyAdmin before 2.9.2-rc1 ...)
-	- phpmyadmin <not-affected>
+	- phpmyadmin 4:2.9.1.1-2 (bug #406486; high)
 CVE-2007-0202 (SQL injection vulnerability in index.php in @lex Guestbook 4.0.2 and ...)
 	NOT-FOR-US: @lex
 CVE-2007-0201 (Buffer overflow in the cmd_usr function in ftp-gw in TIS Internet ...)
@@ -104,7 +104,7 @@
 CVE-2007-0161 (The PML Driver HPZ12 (HPZipm12.exe) in the HP all-in-one drivers, as ...)
 	NOT-FOR-US: HP all-in-one drivers 
 CVE-2007-0160 (Stack-based buffer overflow in the LiveJournal support ...)
-	TODO: LiveJournal
+	TODO: centericq
 CVE-2007-0159 (Directory traversal vulnerability in the GeoIP_update_database_general ...)
 	- libgeoip1 <unfixed> (bug #406628; medium)
 CVE-2007-0158
@@ -572,11 +572,11 @@
 CVE-2006-6842 (SQL injection vulnerability in admin/admin_acronyms.php in the Acronym ...)
 	NOT-FOR-US: Acronym Mod for phpBB2
 CVE-2006-6841 (Certain forms in phpBB before 2.0.22 lack session checks, which has ...)
-	- phpbb2 <unfixed> (bug #405980; high)
+	- phpbb2 <unfixed> (bug #405980)
 CVE-2006-6840 (Unspecified vulnerability in phpBB before 2.0.22 has unknown impact ...)
-	- phpbb2 <unfixed> (bug #405980; high)
+	- phpbb2 <unfixed> (bug #405980)
 CVE-2006-6839 (Unspecified vulnerability in phpBB before 2.0.22 has unknown impact ...)
-	- phpbb2 <unfixed> (bug #405980; high)
+	- phpbb2 <unfixed> (bug #405980)
 CVE-2006-6838 (Rediff Bol Downloader ActiveX (OCX) control allows remote attackers to ...)
 	NOT-FOR-US: Rediff Bol Downloader ActiveX (OCX) control
 CVE-2006-6837 (Multiple stack-based buffer overflows in the (1) LoadTree, (2) ...)
@@ -725,7 +725,8 @@
 CVE-2006-6773 (pages/register/register.php in Fishyshoop 0.930 beta allows remote ...)
 	NOT-FOR-US: Fishyshoop
 CVE-2006-6772 (Format string vulnerability in w3m 0.5.1, when run with the dump or ...)
-	- w3m 0.5.1-5.1 (bug #404564; high)
+	- w3m 0.5.1-5.1 (bug #404564; low)
+	NOTE: Only exploitable in dump mode
 	TODO: Check w3mee, is this forked version still needed?
 CVE-2006-6771 (Multiple PHP remote file inclusion vulnerabilities in Irokez CMS 0.7.1 ...)
 	NOT-FOR-US: Irokez CMS
@@ -894,8 +895,8 @@
 CVE-2006-6699 (Multiple CRLF injection vulnerabilities in Oracle Portal 9.0.2 and ...)
 	NOT-FOR-US: Oracle Portal
 CVE-2006-6698 (The GConf daemon (gconfd) in GConf 2.14.0 creates temporary files ...)
-	- gconf2 <unfixed> (low; bug #404743)
-	[sarge] - gconf2 <no-dsa> (Minor nuisance, not much of a security problem)
+	- gconf2 <unfixed> (unimportant; bug #404743)
+	NOTE: Minor nuisance, not much of a security problem
 CVE-2005-4816 (Buffer overflow in mod_radius in ProFTPD before 1.3.0rc2 allows remote ...)
 	{DSA-1245-1}
 	- proftpd-dfsg 1.2.10+1.3.0rc5-1
@@ -1117,7 +1118,8 @@
 CVE-2006-6611 (PHP remote file inclusion vulnerability in interface.php in Barman ...)
 	NOT-FOR-US: Barman
 CVE-2006-6610 (clientcommands in Nexuiz before 2.2.1 has unknown impact and remote ...)
-	- nexuiz 2.2.1-1 (high)
+	- nexuiz 2.2.1-1 (low)
+	NOTE: Only game console command execution possible, not shell commands 
 CVE-2006-6609 (Nexuiz before 2.2.1 allows remote attackers to cause a denial of ...)
 	- nexuiz 2.2.1-1
 CVE-2006-6608 (Unspecified vulnerability in SSH key based authentication in HP ...)
@@ -2884,7 +2886,7 @@
 CVE-2006-5825 (Cross-site scripting (XSS) vulnerability in index.php in Kayako ...)
 	NOT-FOR-US: Kayako SupportSuite
 CVE-2006-5824 (Integer overflow in the ffs_rdextattr function in FreeBSD 6.1 allows ...)
-	- kfreebsd-5 <unfixed> (low)
+	- kfreebsd-5 <unfixed>
 	[etch] - kfreebsd-5 <no-dsa> (no security support for freebsd)
 CVE-2006-5823 (The zlib_inflate function in Linux kernel 2.6.x allows local users to ...)
 	- linux-2.6 <unfixed> (low)
@@ -5627,7 +5629,7 @@
 	{DSA-1202-1}
 	- screen 4.0.3-0.1 (bug #395225; bug #395999; medium)
 CVE-2006-4572 (ip6_tables in netfilter in the Linux kernel before 2.6.16.31 allows ...)
-	- linux-2.6 2.6.18-9 (high)
+	- linux-2.6 2.6.18-9 (medium)
 CVE-2006-4571 (Multiple unspecified vulnerabilities in Firefox before 1.5.0.7, ...)
 	{DSA-1210 DSA-1192-1 DSA-1191-1}
 	NOTE: MFSA-2006-64

More information about the Secure-testing-commits mailing list