[Secure-testing-commits] r5375 - data/CVE

Alex de Oliveira Silva enerv-guest at alioth.debian.org
Mon Jan 29 04:42:25 CET 2007 

Author: enerv-guest
Date: 2007-01-29 04:42:22 +0100 (Mon, 29 Jan 2007)
New Revision: 5375

Modified:
   data/CVE/list
Log:
updated:
CVE-2006-6885 flashplugin-nonfree not affected.
CVE-2006-6876, CVE-2006-6877 new openserve 1.1.1-1 solves the problem.

some NFUs.



Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-01-29 00:30:05 UTC (rev 5374)
+++ data/CVE/list	2007-01-29 03:42:22 UTC (rev 5375)
@@ -1068,77 +1068,79 @@
 CVE-2006-6892 (Cross-site scripting (XSS) vulnerability in the GetLocation function ...)
 	NOT-FOR-US: Jonathon J. Freeman OvBB
 CVE-2006-6891 (Vz (Adp) Forum 2.0.3 stores sensitive information under the web root ...)
-	TODO: check
+	NOT-FOR-US: Vz Scripts ADP Forum
 CVE-2006-6890 (Voodoo chat 1.0RC1b stores sensitive information under the web root ...)
-	TODO: check
+	NOT-FOR-US: Voodoo chat
 CVE-2006-6889 (FreeStyle Wiki (fswiki) 3.6.2 and earlier stores sensitive information ...)
-	TODO: check
+	NOT-FOR-US: FreeStyle Wiki
 CVE-2006-6888 (P-News 1.16 and 1.17 store sensitive information under the web root ...)
-	TODO: check
+	NOT-FOR-US: P-News
 CVE-2006-6887 (Unrestricted file upload vulnerability in logahead UNU 1.0 allows ...)
-	TODO: check
+	NOT-FOR-US: logahead UNU
 CVE-2006-6886 (phpwcms 1.2.5-DEV allows remote attackers to obtain sensitive ...)
-	TODO: check
+	NOT-FOR-US: phpwcms
 CVE-2006-6885 (An ActiveX control in SwDir.dll in Macromedia Shockwave 10 allows ...)
-	TODO: check
+	- flashplugin-nonfree <not-affected>
 CVE-2006-6884 (Buffer overflow in the WZFILEVIEW.FileViewCtrl.61 ActiveX control (aka ...)
-	TODO: check
+	NOT-FOR-US: Sky Software
 CVE-2006-6883 (** DISPUTED ** ...)
-	TODO: check
+	NOT-FOR-US: PHPIrc_bot
 CVE-2006-6882 (Cross-site scripting (XSS) vulnerability in golden book allows remote ...)
-	TODO: check
+	NOT-FOR-US: Golden Book
 CVE-2006-6881 (Buffer overflow in the Get_Wep function in cofvnet.c for ATMEL Linux ...)
-	TODO: check
+	NOT-FOR-US: ATMEL WLAN drivers
 CVE-2006-6880 (Multiple SQL injection vulnerabilities in code/guestadd.php in ...)
-	TODO: check
+	NOT-FOR-US: PHP-Update
 CVE-2006-6879 (Unrestricted file upload vulnerability in admin/uploads.php in ...)
-	TODO: check
+	NOT-FOR-US: PHP-Update
 CVE-2006-6878 (admin/uploads.php in PHP-Update 2.7 and earlier allows remote ...)
-	TODO: check
+	NOT-FOR-US: PHP-Update
 CVE-2006-6877 (Directory traversal vulnerability in index.php in Matteo Lucarelli ...)
-	TODO: check
+	NOT-FOR-US: Matteo Lucarelli 3editor
 CVE-2006-6876 (The fetchsms function in the SMS handling module (libsms_getsms.c) in ...)
-	TODO: check
+	- openser 1.1.1-1 (medium)
+	NOTE: http://www.openser.org/pub/openser/1.1.1/ChangeLog
 CVE-2006-6875 (Buffer overflow in the validateospheader function in the Open ...)
-	TODO: check
+	- openser 1.1.1-1 (medium)
+	NOTE: http://www.openser.org/pub/openser/1.1.1/ChangeLog
 CVE-2006-6874 (Multiple cross-site scripting (XSS) vulnerabilities in friend.php in ...)
-	TODO: check
+	NOT-FOR-US: eNdonesia CMS
 CVE-2006-6873 (Multiple SQL injection vulnerabilities in mod.php in eNdonesia 8.4 ...)
-	TODO: check
+	NOT-FOR-US: eNdonesia CMS
 CVE-2006-6872 (Directory traversal vulnerability in mod.php in eNdonesia 8.4 allows ...)
-	TODO: check
+	NOT-FOR-US: eNdonesia CMS
 CVE-2006-6871 (Multiple cross-site scripting (XSS) vulnerabilities in eNdonesia 8.4 ...)
-	TODO: check
+	NOT-FOR-US: eNdonesia CMS
 CVE-2006-6869 (Directory traversal vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: MAXdev
 CVE-2006-6868 (Multiple cross-site scripting (XSS) vulnerabilities in Zen Cart Web ...)
-	TODO: check
+	NOT-FOR-US: Zen Cart
 CVE-2006-6867 (Multiple PHP remote file inclusion vulnerabilities in Vladimir ...)
-	TODO: check
+	NOT-FOR-US: buratinable templator (aka bubla)
 CVE-2006-6866 (STphp EasyNews PRO 4.0 stores sensitive information under the web root ...)
-	TODO: check
+	NOT-FOR-US: Ahead4
 CVE-2006-6865 (Directory traversal vulnerability in SAFileUpSamples/util/viewsrc.asp ...)
-	TODO: check
+	NOT-FOR-US: Softartisans
 CVE-2006-6864 (PHP remote file inclusion vulnerability in E2_header.inc.php in ...)
-	TODO: check
+	NOT-FOR-US: Enigma2
 CVE-2006-6863 (** DISPUTED ** ...)
-	TODO: check
+	NOT-FOR-US: Enigma2
 CVE-2006-6862 (Multiple cross-site scripting (XSS) vulnerabilities in Outfront Spooky ...)
-	TODO: check
+	NOT-FOR-US: Outfront Spooky Login
 CVE-2006-6861 (Multiple SQL injection vulnerabilities in Outfront Spooky Login 2.7 ...)
-	TODO: check
+	NOT-FOR-US: Outfront Spooky Login
 CVE-2006-6860 (Buffer overflow in the sendToMythTV function in MythControlServer.c in ...)
-	TODO: check
+	NOT-FOR-US: MythControl
 CVE-2006-6859 (SQL injection vulnerability in coupon_detail.asp in Website Designs ...)
-	TODO: check
+	NOT-FOR-US: Website Designs for Less
 CVE-2004-2671 (mod.php in eNdonesia 8.3 allows remote attackers to obtain sensitive ...)
-	TODO: check
+	NOT-FOR-US: eNdonesia CMS
 CVE-2004-2670 (Multiple cross-site scripting (XSS) vulnerabilities in mod.php in ...)
-	TODO: check
+	NOT-FOR-US: eNdonesia
 CVE-2003-1317 (Cross-site scripting (XSS) vulnerability in mod.php in eNdonesia 8.2 ...)
-	TODO: check
+	NOT-FOR-US: eNdonesia CMS
 CVE-2003-1316 (mod.php in eNdonesia 8.2 allows remote attackers to obtain sensitive ...)
-	TODO: check
+	NOT-FOR-US: eNdonesia CMS
 CVE-2006-XXXX [ssmtp password leak]
 	- ssmtp 2.61-10.1 (bug #369542; low)
 CVE-2006-6870 (The consume_labels function in avahi-core/dns.c in Avahi before 0.6.16 ...)

More information about the Secure-testing-commits mailing list