[Secure-testing-commits] r3992 - data/CVE
Author: alec-guest Date: 2006-05-20 06:57:23 + (Sat, 20 May 2006) New Revision: 3992 Modified: data/CVE/list Log: * Dovecot issue was assigned a CVE * New GNUnet issue; bug filed Modified: data/CVE/list === --- data/CVE/list 2006-05-20 06:55:25 UTC (rev 3991) +++ data/CVE/list 2006-05-20 06:57:23 UTC (rev 3992) @@ -82,9 +82,10 @@ CVE-2006-2415 (Multiple cross-site scripting (XSS) vulnerabilities in FlexChat 2.0 ...) NOT-FOR-US: FlexChat CVE-2006-2414 (Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows ...) - TODO: check + - dovecot 1.0.beta8-1 (low) + [sarge] - dovecot not-affected (vulnerability introduced in 1.0) CVE-2006-2413 (GNUnet before SVN revision 2781 allows remote attackers to cause a ...) - TODO: check + - gnunet unfixed (bug 368159; medium) CVE-2006-2412 (The raydium_network_read function in network.c in Raydium SVN revision ...) TODO: check CVE-2006-2411 (Buffer overflow in raydium_network_read function in network.c in ...) @@ -246,9 +247,6 @@ NOT-FOR-US: ManageEngine OpManager CVE-2006-2342 (IBM WebSphere Application Server 6.0.2 before FixPack 3 allows remote ...) NOT-FOR-US: IBM WebSphere Application Server -CVE-2006- [dovecot information disclosure: list .. directory] - - dovecot 1.0.beta8-1 (low) - [sarge] - dovecot not-affected (vulnerability introduced in 1.0) CVE-2006-2341 (The HTTP proxy in Symantec Gateway Security 5000 Series 2.0.1 and 3.0, ...) NOT-FOR-US: Symantec Gateway Security CVE-2006-2340 (Cross-site scripting (XSS) vulnerability in PassMasterFlex and ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] Processing r3992 failed
The error message was: error: unknown package note 'bug 368159' make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r3993 - data/CVE
Author: alec-guest Date: 2006-05-20 07:06:19 + (Sat, 20 May 2006) New Revision: 3993 Modified: data/CVE/list Log: NFU: no games using the Raydium engine Modified: data/CVE/list === --- data/CVE/list 2006-05-20 06:57:23 UTC (rev 3992) +++ data/CVE/list 2006-05-20 07:06:19 UTC (rev 3993) @@ -87,15 +87,15 @@ CVE-2006-2413 (GNUnet before SVN revision 2781 allows remote attackers to cause a ...) - gnunet unfixed (bug 368159; medium) CVE-2006-2412 (The raydium_network_read function in network.c in Raydium SVN revision ...) - TODO: check + NOT-FOR-US: Raydium CVE-2006-2411 (Buffer overflow in raydium_network_read function in network.c in ...) - TODO: check + NOT-FOR-US: Raydium CVE-2006-2410 (raydium_network_netcall_exec function in network.c in Raydium SVN ...) - TODO: check + NOT-FOR-US: Raydium CVE-2006-2409 (Format string vulnerability in the raydium_console_line_add function ...) - TODO: check + NOT-FOR-US: Raydium CVE-2006-2408 (Multiple buffer overflows in Raydium before SVN revision 310 allow ...) - TODO: check + NOT-FOR-US: Raydium CVE-2006-2407 (Stack-based buffer overflow in (1) WeOnlyDo wodSSHServer ActiveX ...) TODO: check CVE-2006-2406 (Directory traversal vulnerability in bb_lib/abbc.css.php in ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r3999 - data/CVE
Author: stef-guest Date: 2006-05-20 13:03:00 + (Sat, 20 May 2006) New Revision: 3999 Modified: data/CVE/list Log: nagios issue already fixed in unstable Modified: data/CVE/list === --- data/CVE/list 2006-05-20 12:08:51 UTC (rev 3998) +++ data/CVE/list 2006-05-20 13:03:00 UTC (rev 3999) @@ -5,8 +5,8 @@ CVE-2006-2490 (Multiple cross-site scripting (XSS) vulnerabilities in Mobotix IP ...) NOT-FOR-US: Mobotix CVE-2006-2489 (Integer overflow in CGI scripts in Nagios 1.x before 1.4.1 and 2.x ...) - - nagios unfixed (high) - - nagios2 unfixed (high) + - nagios 2:1.4-1 (bug #366682; bug #366803; high) + - nagios2 2.3-1 (bug #366683; high) CVE-2006-2488 (Multiple cross-site scripting (XSS) vulnerabilities in Spymac WebOS ...) NOT-FOR-US: Spymac CVE-2006-2487 (Multiple PHP remote file inclusion vulnerabilities in ScozNews 1.2.1 ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r4001 - doc
Author: stef-guest Date: 2006-05-20 13:18:27 + (Sat, 20 May 2006) New Revision: 4001 Modified: doc/narrative_introduction Log: add bug filed to narrative introduction Modified: doc/narrative_introduction === --- doc/narrative_introduction 2006-05-20 13:17:58 UTC (rev 4000) +++ doc/narrative_introduction 2006-05-20 13:18:27 UTC (rev 4001) @@ -171,12 +171,14 @@ - php4 unfixed (bug #353585; medium) - php5 unfixed (bug #353585; medium) -Bug numbers can be added as in the example above. They are used to add -additional references for the overview page and the Security Bug Tracker -and they are parsed by a script that generates user tags tracked for the -user [EMAIL PROTECTED] This way you can generate a BTS -query for all issues in the BTS that are tagged security and are not -yet added to our tracker: +Bug numbers can be added as in the example above. To avoid duplicate bugs, +bug filed can be added instead of bug #123456 when the bug report has +been sent but the bug number is not yet known. The bug numbers are used +to add additional references for the overview page and the Security Bug +Tracker and they are parsed by a script that generates user tags tracked +for the user [EMAIL PROTECTED] This way you can generate +a BTS query for all issues in the BTS that are tagged security and are +not yet added to our tracker: http://bugs.debian.org/cgi-bin/pkgreport.cgi?tag=security;[EMAIL PROTECTED];exclude=tracked If a vulnerability does not affect Debian, e.g. because the vulnerable ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r4003 - data/CVE
Author: alec-guest Date: 2006-05-20 14:07:45 + (Sat, 20 May 2006) New Revision: 4003 Modified: data/CVE/list Log: * dia bug number * libopenobex already fixed (sweet!) * NFUs Modified: data/CVE/list === --- data/CVE/list 2006-05-20 13:20:47 UTC (rev 4002) +++ data/CVE/list 2006-05-20 14:07:45 UTC (rev 4003) @@ -24,8 +24,7 @@ CVE-2006-2481 RESERVED CVE-2006-2480 (Format string vulnerability in Dia 0.94 allows user-complicit ...) - NOTE: will file a bug when I finish testing the patch - alec - - dia unfixed (low) + - dia unfixed (bug #368202; low) CVE-2006-2479 (The Update functionality in Bitrix Site Manager 4.1.x does not verify ...) NOT-FOR-US: Bitrix CVE-2006-2478 (Bitrix Site Manager 4.1.x allows remote attackers to redirect users to ...) @@ -55,8 +54,7 @@ CVE-2006-2466 (BEA WebLogic Server 8.1 up to SP4 and 7.0 up to SP6 allows remote ...) NOT-FOR-US: BEA CVE-2006-2465 (Buffer overflow in MP3Info 0.8.4 allows attackers to execute arbitrary ...) - NOTE: will file bug soon, poking around for a fix - alec - - mp3info unfixed (low) + - mp3info unfixed (bug filed; low) CVE-2006-2464 (stopWebLogic.sh in BEA WebLogic Server 8.1 before Service Pack 4 and ...) NOT-FOR-US: BEA CVE-2006-2463 (view_album.php in SelectaPix 1.31 and earlier allows remote attackers ...) @@ -248,15 +246,15 @@ - vnc4 4.1.1+X4.3.0-10 (high) [sarge] - vnc4 not-affected (vuln not in 4.0) CVE-2006-2368 (Cross-site scripting (XSS) vulnerability in index.php in Clansys (aka ...) - TODO: check + NOT-FOR-US: Clansys CVE-2006-2367 (Cross-site scripting (XSS) vulnerability in index.php in Clansys (aka ...) - TODO: check + NOT-FOR-US: Clansys CVE-2006-2366 (ircp_io.c in libopenobex for ircp 1.2, when ircp is run with the -r ...) - TODO: check + - libopenobex 1.2-3 (bug #366484) CVE-2006-2365 (Cross-site scripting (XSS) vulnerability in a_login.php in Vizra ...) - TODO: check + NOT-FOR-US: Vizra CVE-2006-2364 (Cross-site scripting (XSS) vulnerability in the validation feature in ...) - TODO: check + NOT-FOR-US: Macromedia CVE-2006-2363 (SQL injection vulnerability in the weblinks option (weblinks.html.php) ...) TODO: check CVE-2006-2362 (Buffer overflow in getsym in tekhex.c in libbfd in Free Software ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r4004 - data/CVE
Author: alec-guest Date: 2006-05-20 14:29:28 + (Sat, 20 May 2006) New Revision: 4004 Modified: data/CVE/list Log: binutils vuln Modified: data/CVE/list === --- data/CVE/list 2006-05-20 14:07:45 UTC (rev 4003) +++ data/CVE/list 2006-05-20 14:29:28 UTC (rev 4004) @@ -258,7 +258,7 @@ CVE-2006-2363 (SQL injection vulnerability in the weblinks option (weblinks.html.php) ...) TODO: check CVE-2006-2362 (Buffer overflow in getsym in tekhex.c in libbfd in Free Software ...) - TODO: check + - 2.16.1cvs20060413-1 unfixed (bug filed) CVE-2006-2361 (PHP remote file inclusion vulnerability in pafiledb_constants.php in ...) TODO: check CVE-2006-2360 (SQL injection vulnerability in charts.php in the Chart mod for phpBB ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r4005 - bin lib/python
Author: fw
Date: 2006-05-20 17:08:37 + (Sat, 20 May 2006)
New Revision: 4005
Modified:
bin/tracker_service.py
lib/python/security_db.py
Log:
* lib/python/security_db.py (DB.getTODOs):
Add hide_check parameter.
* bin/tracker_service.py (TrackerService.page_status_todo):
Use it.
Modified: bin/tracker_service.py
===
--- bin/tracker_service.py 2006-05-20 14:29:28 UTC (rev 4004)
+++ bin/tracker_service.py 2006-05-20 17:08:37 UTC (rev 4005)
@@ -825,12 +825,21 @@
Remote))])
def page_status_todo(self, path, params, url):
+hide_check = params.get('hide_check', False)
+if hide_check:
+flags = A(url.updateParamsDict({'hide_check' : None}),
+ 'Show check TODOs')
+else:
+flags = A(url.updateParamsDict({'hide_check' : '1'}),
+ 'Hide check TODOs')
+
def gen():
-for (bug, description) in self.db.getTODOs():
+for (bug, description) in self.db.getTODOs(hide_check=hide_check):
yield self.make_xref(url, bug), description
return self.create_page(
url, Bugs with TODO items,
-[make_table(gen(),
+[P(flags),
+ make_table(gen(),
caption=(Bug, Description))])
def page_status_itp(self, path, params, url):
Modified: lib/python/security_db.py
===
--- lib/python/security_db.py 2006-05-20 14:29:28 UTC (rev 4004)
+++ lib/python/security_db.py 2006-05-20 17:08:37 UTC (rev 4005)
@@ -1807,15 +1807,25 @@
AND bugs.name = st.bug_name
ORDER BY bugs.name, (pkg,))
-def getTODOs(self, cursor=None):
+def getTODOs(self, cursor=None, hide_check=False):
Returns a list of pairs (BUG-NAME, DESCRIPTION).
if cursor is None:
cursor = self.cursor()
-return cursor.execute(
-SELECT DISTINCT bugs.name, bugs.description
-FROM bugs_notes, bugs
-WHERE bugs_notes.typ = 'TODO' AND bugs.name = bugs_notes.bug_name
-ORDER BY name )
+if hide_check:
+return cursor.execute(
+SELECT DISTINCT bugs.name, bugs.description
+FROM bugs_notes, bugs
+WHERE bugs_notes.typ = 'TODO'
+AND bugs_notes.comment 'check'
+AND bugs.name = bugs_notes.bug_name
+ORDER BY name )
+else:
+return cursor.execute(
+SELECT DISTINCT bugs.name, bugs.description
+FROM bugs_notes, bugs
+WHERE bugs_notes.typ = 'TODO'
+AND bugs.name = bugs_notes.bug_name
+ORDER BY name )
def getBugXrefs(self, cursor, bug):
Returns a generator for a list of bug names. The listed
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] Processing r4006 failed
The error message was:
data/DSA/list:6: expected cross reference, got: '{CVE-2004-0427 CVE-2005-0489
CVE-2004-0394 CVE-2004-0447 CVE-2004-0554 CVE-2004-0565 CVE-2004-0685'
make: *** [all] Error 1
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r4009 - data/CVE
Author: alec-guest Date: 2006-05-20 19:44:27 + (Sat, 20 May 2006) New Revision: 4009 Modified: data/CVE/list Log: * bug number for mp3info * bug number for binutils (that was an odd typo) Modified: data/CVE/list === --- data/CVE/list 2006-05-20 19:27:47 UTC (rev 4008) +++ data/CVE/list 2006-05-20 19:44:27 UTC (rev 4009) @@ -54,7 +54,7 @@ CVE-2006-2466 (BEA WebLogic Server 8.1 up to SP4 and 7.0 up to SP6 allows remote ...) NOT-FOR-US: BEA CVE-2006-2465 (Buffer overflow in MP3Info 0.8.4 allows attackers to execute arbitrary ...) - - mp3info unfixed (bug filed; low) + - mp3info unfixed (bug #368207; low) CVE-2006-2464 (stopWebLogic.sh in BEA WebLogic Server 8.1 before Service Pack 4 and ...) NOT-FOR-US: BEA CVE-2006-2463 (view_album.php in SelectaPix 1.31 and earlier allows remote attackers ...) @@ -258,7 +258,7 @@ CVE-2006-2363 (SQL injection vulnerability in the weblinks option (weblinks.html.php) ...) TODO: check CVE-2006-2362 (Buffer overflow in getsym in tekhex.c in libbfd in Free Software ...) - - 2.16.1cvs20060413-1 unfixed (bug filed) + - binutils unfixed (bug #368237) CVE-2006-2361 (PHP remote file inclusion vulnerability in pafiledb_constants.php in ...) TODO: check CVE-2006-2360 (SQL injection vulnerability in charts.php in the Chart mod for phpBB ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r4011 - data/CVE
Author: alec-guest
Date: 2006-05-20 21:00:32 + (Sat, 20 May 2006)
New Revision: 4011
Modified:
data/CVE/list
Log:
NFUs
Modified: data/CVE/list
===
--- data/CVE/list 2006-05-20 19:59:30 UTC (rev 4010)
+++ data/CVE/list 2006-05-20 21:00:32 UTC (rev 4011)
@@ -704,17 +704,17 @@
CVE-2006-2159 (CRLF injection vulnerability in help.php in Russcom Network
Loginphp ...)
NOT-FOR-US: Russcom
CVE-2006-2158 (Dynamic variable evaluation vulnerability in index.php in
Stadtaus ...)
- TODO: check
+ NOT-FOR-US: Stadtaus
CVE-2006-2157 (SQL injection vulnerability in gallery.php in Plogger Beta 2.1
and ...)
- TODO: check
+ NOT-FOR-US: Plogger
CVE-2006-2156 (Directory traversal vulnerability in help/index.php in X7 Chat
2.0 and ...)
- TODO: check
+ NOT-FOR-US: X7 Chat
CVE-2006-2155 (EMC Retrospect for Windows 6.5 before 6.5.382, 7.0 before
7.0.344, and ...)
NOT-FOR-US: EMC Retrospect
CVE-2006-2154 (EMC Retrospect for Windows 6.5 before 6.5.382, 7.0 before
7.0.344, and ...)
NOT-FOR-US: EMC Retrospect
CVE-2006-2153 (Cross-site scripting (XSS) vulnerability in HTM_PASSWD in
DirectAdmin ...)
- TODO: check
+ NOT-FOR-US: DirectAdmin
CVE-2006-2152 (PHP remote file inclusion vulnerability in admin/addentry.php
in phpBB ...)
NOT-FOR-US: phpBB Advanced Guestbook
CVE-2006-2151 (PHP remote file inclusion vulnerability in toplist.php in phpBB
...)
@@ -727,27 +727,27 @@
{DSA-1047-1}
- resmgr 1.0-4 (low)
CVE-2006-2146 (Multiple cross-site scripting (XSS) vulnerabilities in
index.php in ...)
- TODO: check
+ NOT-FOR-US: HB-NS
CVE-2006-2145 (Multiple SQL injection vulnerabilities in index.php in HB-NS
1.1.6 ...)
- TODO: check
+ NOT-FOR-US: HB-NS
CVE-2006-2144 (PHP remote file inclusion vulnerability in kopf.php in
DMCounter ...)
- TODO: check
+ NOT-FOR-US: DMCounter
CVE-2006-2143 (Multiple cross-site scripting (XSS) vulnerabilities in
TextFileBB ...)
- TODO: check
+ NOT-FOR-US: TextFileBB
CVE-2006-2142 (PHP remote file inclusion vulnerability in
classes/adodbt/sql.php in ...)
- TODO: check
+ NOT-FOR-US: Limbo
CVE-2006-2141 (Cross-site scripting (XSS) vulnerability in popup_image in ...)
- TODO: check
+ NOT-FOR-US: Collaborative Portal Server
CVE-2006-2140 (Multiple cross-site scripting (XSS) vulnerabilities in
OrbitHYIP 2.0 ...)
- TODO: check
+ NOT-FOR-US: OrbitHYIP
CVE-2006-2139 (Multiple SQL injection vulnerabilities in PHP Newsfeed 20040723
allow ...)
- TODO: check
+ NOT-FOR-US: PHP Newsfeed
CVE-2006-2138 (Cross-site scripting (XSS) vulnerability in neomail.pl in
NeoMail 1.29 ...)
- TODO: check
+ NOT-FOR-US: NeoMail
CVE-2006-2137 (PHP remote file inclusion vulnerability in master.php in
OpenPHPNuke ...)
- TODO: check
+ NOT-FOR-US: OpenPHPNuke
CVE-2006-2136 (SQL injection vulnerability in news.php in AZNEWS allows remote
...)
- TODO: check
+ NOT-FOR-US: AZNEWS
CVE-2006-2135 (SQL injection vulnerability in login.php in Ruperts News allows
remote ...)
TODO: check
CVE-2006-2134 (PHP remote file inclusion vulnerability in
/includes/kb_constants.php ...)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r4015 - data/CVE
Author: alec-guest Date: 2006-05-20 22:40:18 + (Sat, 20 May 2006) New Revision: 4015 Modified: data/CVE/list Log: NFUs Modified: data/CVE/list === --- data/CVE/list 2006-05-20 22:23:56 UTC (rev 4014) +++ data/CVE/list 2006-05-20 22:40:18 UTC (rev 4015) @@ -256,15 +256,15 @@ CVE-2006-2364 (Cross-site scripting (XSS) vulnerability in the validation feature in ...) NOT-FOR-US: Macromedia CVE-2006-2363 (SQL injection vulnerability in the weblinks option (weblinks.html.php) ...) - TODO: check + NOT-FOR-US: Limbo CVE-2006-2362 (Buffer overflow in getsym in tekhex.c in libbfd in Free Software ...) - binutils unfixed (bug #368237) CVE-2006-2361 (PHP remote file inclusion vulnerability in pafiledb_constants.php in ...) - TODO: check + NOT-FOR-US: phpbb mod CVE-2006-2360 (SQL injection vulnerability in charts.php in the Chart mod for phpBB ...) - TODO: check + NOT-FOR-US: phpbb mod CVE-2006-2359 (Cross-site scripting (XSS) vulnerability in charts.php in the Chart ...) - TODO: check + NOT-FOR-US: phpbb mod CVE-2006-2192 RESERVED CVE-2005-4803 (graphviz before 2.2.1 allows local users to overwrite arbitrary files ...) @@ -374,7 +374,7 @@ CVE-2006-2313 RESERVED CVE-2006-2312 (Unspecified vulnerability in the URI handler in Skype 2.0.*.104 and ...) - TODO: check + NOT-FOR-US: Skype CVE-2006-2311 RESERVED CVE-2006-2310 @@ -750,9 +750,9 @@ CVE-2006-2136 (SQL injection vulnerability in news.php in AZNEWS allows remote ...) NOT-FOR-US: AZNEWS CVE-2006-2135 (SQL injection vulnerability in login.php in Ruperts News allows remote ...) - TODO: check + NOT-FOR-US: Ruperts News CVE-2006-2134 (PHP remote file inclusion vulnerability in /includes/kb_constants.php ...) - TODO: check + NOT-FOR-US: phpbb2 mod CVE-2005-4794 (Cisco IP Phones 7902/7905/7912, ATA 186/188, Unity Express, ACNS, and ...) NOT-FOR-US: Cisco CVE-2006-2148 (Multiple buffer overflows in client.c in CGI:IRC (CGIIRC) before 0.5.8 ...) @@ -760,7 +760,7 @@ - cgiirc unfixed (bug #365680; medium) [sarge] - cgiirc 0.5.4-6sarge1 (bug #365680; medium) CVE-2006-2133 (SQL injection vulnerability in index.php in BoonEx Barracuda 1.1 and ...) - TODO: check + NOT-FOR-US: BoonEx Barracuda CVE-2006-2132 (SQL injection vulnerability in detail.asp in DUclassified allows ...) NOT-FOR-US: DUclassified CVE-2006-2131 (include/class_poll.php in Advanced Poll 2.0.4 uses the ...) @@ -783,23 +783,23 @@ CVE-2006-2123 (Multiple SQL injection vulnerabilities in the report interface in ...) NOT-FOR-US: Network Administration Visualiazed CVE-2006-2122 (PHP remote file inclusion vulnerability in index.php in CoolMenus allows ...) - TODO: check + NOT-FOR-US: CoolMenus CVE-2006-2121 (PHP remote file include vulnerability in admin/config_settings.tpl.php ...) - TODO: check + NOT-FOR-US: I-RATER Platinum CVE-2006-2120 (The TIFFToRGB function in libtiff before 3.8.1 allows remote attackers ...) - tiff 3.8.1 (bug #366588; medium) CVE-2006-2119 (PHP remote file inclusion vulnerability in event/index.php in Artmedic ...) - TODO: check + NOT-FOR-US: Artmedic CVE-2006-2118 (JMK's Picture Gallery allows remote attackers to bypass authentication ...) - TODO: check + NOT-FOR-US: JMK CVE-2006-2117 (Cross-site scripting (XSS) vulnerability in Thyme 1.3 allows remote ...) - TODO: check + NOT-FOR-US: Thyme CVE-2006-2116 (planetGallery allows remote attackers to gain administrator privileges ...) - TODO: check + NOT-FOR-US: planetGallery CVE-2006-2115 (Format string vulnerability in SWS web Server 0.1.7 allows remote ...) - TODO: check + NOT-FOR-US: SWS CVE-2006-2114 (Buffer overflow in SWS web Server 0.1.7 allows remote attackers to ...) - TODO: check + NOT-FOR-US: SWS CVE-2006-2113 RESERVED CVE-2006-2112 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r4016 - data/CVE
Author: alec-guest
Date: 2006-05-20 22:54:05 + (Sat, 20 May 2006)
New Revision: 4016
Modified:
data/CVE/list
Log:
* JSBoard vuln (package has RM bug filed)
* Found fixed version of kernel-patch-vserver
Modified: data/CVE/list
===
--- data/CVE/list 2006-05-20 22:40:18 UTC (rev 4015)
+++ data/CVE/list 2006-05-20 22:54:05 UTC (rev 4016)
@@ -808,9 +808,10 @@
NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-2110 (Virtual Private Server (Vserver) 2.0.x before 2.0.2-rc18 and
2.1.x ...)
{DSA-1060-1}
- TODO: check
+ - kernel-patch-vserver 2:2.0.1-4 (low)
CVE-2006-2109 (Cross-site scripting (XSS) vulnerability in the parse_query_str
...)
- TODO: check
+ NOTE: #357204: request for removal
+ - jsboard 2.0.10-2
CVE-2006-2108 (parser.exe in Oc#233; (OCE) 3121/3122 Printer allows remote
attackers to ...)
TODO: check
CVE-2006-2107 (Buffer overflow in BL4 SMTP Server 0.1.4 and earlier allows
remote ...)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
