[Secure-testing-commits] r5259 - data/CVE

Stefan Fritsch stef-guest at alioth.debian.org
Sat Jan 13 11:36:08 CET 2007 

Author: stef-guest
Date: 2007-01-13 11:36:05 +0100 (Sat, 13 Jan 2007)
New Revision: 5259

Modified:
   data/CVE/list
Log:
- phpmyadmin issues not in sarge
- some fixups


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-01-12 21:59:24 UTC (rev 5258)
+++ data/CVE/list	2007-01-13 10:36:05 UTC (rev 5259)
@@ -15,9 +15,12 @@
 CVE-2006-6916 (Getahead Direct Web Remoting (DWR) before 1.1.3 allows attackers to ...)
 	NOT-FOR-US: Getahead
 CVE-2007-0204 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
-	- phpmyadmin 4:2.9.1.1-2 (bug #406486; high)
+	- phpmyadmin 4:2.9.1.1-2 (bug #406486; low)
+	[sarge] - phpmyadmin <not-affected> (vulnerable code not present)
 CVE-2007-0203 (Multiple unspecified vulnerabilities in phpMyAdmin before 2.9.2-rc1 ...)
-	- phpmyadmin 4:2.9.1.1-2 (bug #406486; high)
+	- phpmyadmin 4:2.9.1.1-2 (bug #406486; low)
+	[sarge] - phpmyadmin <not-affected> (vulnerable code not present)
+	NOTE: duplicate of CVE-2006-6374?
 CVE-2007-0202 (SQL injection vulnerability in index.php in @lex Guestbook 4.0.2 and ...)
 	NOT-FOR-US: @lex
 CVE-2007-0201 (Buffer overflow in the cmd_usr function in ftp-gw in TIS Internet ...)
@@ -33,7 +36,7 @@
 CVE-2007-0196 (SQL injection vulnerability in admin_check_user.asp in Motionborg Web ...)
 	NOT-FOR-US: Motionborg Web Real Estate
 CVE-2007-0195 (my.activation.php3 in F5 FirePass 5.4 through 5.5.1 and 6.0 displays ...)
-	TODO: F5
+	NOT-FOR-US: F5
 CVE-2007-0194 (admin.php in MKPortal M1.1 RC1 allows remote attackers to obtain ...)
 	NOT-FOR-US: MKPortal
 CVE-2007-0193 (FON La Fonera routers do not properly limit DNS service access by ...)
@@ -45,7 +48,7 @@
 CVE-2007-0190 (PHP remote file inclusion vulnerability in edit_address.php in edit-x ...)
 	NOT-FOR-US: edit-x ecommerce
 CVE-2007-0189 (** DISPUTED ** ...)
-	TODO: RESERVED
+	TODO: check
 CVE-2007-0188 (F5 FirePass 5.4 through 5.5.1 does not properly enforce host access ...)
 	NOT-FOR-US: F5
 CVE-2007-0187 (F5 FirePass 5.4 through 5.5.2 and 6.0 allows remote attackers to ...)
@@ -88,11 +91,11 @@
 CVE-2007-0169 (Multiple buffer overflows in Computer Associates (CA) BrightStor ...)
 	NOT-FOR-US: Computer Associates (CA)
 CVE-2007-0168 (The Tape Engine service in Computer Associates (CA) BrightStor ...)
-	TODO: Computer Associates (CA)
+	NOT-FOR-US: Computer Associates (CA)
 CVE-2007-0167 (Multiple PHP file inclusion vulnerabilities in WGS-PPC (aka PPC Search ...)
 	NOT-FOR-US: PPC Search
 CVE-2007-0166 (The jail rc.d script in FreeBSD 5.3 up to 6.2 does not verify ...)
-	TODO: FreeBSD
+	TODO: check FreeBSD
 CVE-2007-0165 (Unspecified vulnerability in libnsl in Sun Solaris 8 and 9 allows ...)
 	NOT-FOR-US: Solaris
 CVE-2007-0164 (Camouflage 1.2.1 embeds password information in the carrier file, ...)
@@ -104,7 +107,7 @@
 CVE-2007-0161 (The PML Driver HPZ12 (HPZipm12.exe) in the HP all-in-one drivers, as ...)
 	NOT-FOR-US: HP all-in-one drivers 
 CVE-2007-0160 (Stack-based buffer overflow in the LiveJournal support ...)
-	TODO: centericq
+	TODO: check centericq
 CVE-2007-0159 (Directory traversal vulnerability in the GeoIP_update_database_general ...)
 	- libgeoip1 <unfixed> (bug #406628; medium)
 CVE-2007-0158
@@ -128,13 +131,13 @@
 CVE-2007-0149 (EMembersPro 1.0 stores sensitive information under the web root with ...)
 	NOT-FOR-US: EMembersPro
 CVE-2007-0148 (Format string vulnerability in OmniGroup OmniWeb 5.5.1 allows remote ...)
-	TODO: OminiGroup
+	NOT-FOR-US: OminiGroup
 CVE-2007-0147 (Cuyahoga before 1.0.1 installs the FCKEditor component with an ...)
 	NOT-FOR-US: Cuyahoga
 CVE-2007-0146 (Multiple cross-site scripting (XSS) vulnerabilities in Fix and Chips ...)
-	TODO: Fix and Chips 
+	NOT-FOR-US: Fix and Chips 
 CVE-2007-0145 (PHP remote file inclusion vulnerability in bn_smrep1.php in BinGoPHP ...)
-	TODO: BinGoPHP
+	NOT-FOR-US: BinGoPHP
 CVE-2007-0144 (Cross-site scripting (XSS) vulnerability in search.asp in Digitizing ...)
 	NOT-FOR-US: DIGITIZING QUOTE AND ORDERING SYSTEM
 CVE-2007-0143 (Multiple PHP remote file inclusion vulnerabilities in NUNE News Script ...)
@@ -1703,7 +1706,7 @@
 	NOT-FOR-US: Simple machines Forum
 CVE-2006-6374 (Multiple CRLF injection vulnerabilities in PhpMyAdmin 2.7.0-pl2 allow ...)
 	- phpmyadmin <not-affected> (low; bug #404744)
-	[sarge] - phpmyadmin <no-dsa> (CRLF not backportable to Sarge)
+	[sarge] - phpmyadmin <not-affected> (doesn't use sessions at all)
 	[etch] - phpmyadmin <not-affected> (not exploitable with Etch's php versions)
 	NOTE: not exploitable with PHP 5.1.2+ and 4.4.2+
 CVE-2006-6373 (PhpMyAdmin 2.7.0-pl2 allows remote attackers to obtain sensitive ...)

More information about the Secure-testing-commits mailing list