Author: stef-guest
Date: 2005-11-23 20:38:00 +0000 (Wed, 23 Nov 2005)
New Revision: 2845
Modified:
data/CVE/list
Log:
php5
egroupware-fudforum
helix-player
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2005-11-23 16:11:31 UTC (rev 2844)
+++ data/CVE/list 2005-11-23 20:38:00 UTC (rev 2845)
@@ -96,7 +96,7 @@
NOT-FOR-US: Google Talk
CVE-2005-3677 (Buffer overflow in RealNetworks RealPlayer 10 and 10.5 allows
remote ...)
NOT-FOR-US: RealPlayer
- TODO: check Helix, some past issues affected it as well
+ - helixplayer <not-affected>
CVE-2005-3676 (SQL injection vulnerability in download.php in PhpWebThings
1.4.4 ...)
NOT-FOR-US: PhpWebThings
CVE-2005-3675 (The Transmission Control Protocol (TCP) allows remote attackers
to ...)
@@ -694,7 +694,7 @@
CVE-2002-2206 (The POP3 proxy service (POPROXY.EXE) in Norton AntiVirus 2001
allows ...)
NOT-FOR-US: Norton AntiVirus
CVE-2002-2205 (Buffer overflow in Webresolve 0.1.0 and earlier allows remote
...)
- TODO: check
+ NOT-FOR-US: webresolve
CVE-2002-2204 (The default --checksig setting in RPM Package Manager 4.0.4
checks ...)
TODO: check
CVE-2002-2203 (Unknown vulnerability in the System Serial Console terminal in
Solaris ...)
@@ -854,9 +854,9 @@
CVE-2002-2126 (restrictEnabled in Integrity Protection Driver (IPD) 1.2 delays
driver ...)
TODO: check
CVE-2002-2125 (Internet Explorer 6.0 does not warn users when an expired
certificate ...)
- TODO: check
+ NOT-FOR-US: MSIE
CVE-2000-1238 (BEA Systems WebLogic Express and WebLogic Server 5.1 SP1-SP6
allows ...)
- TODO: check
+ NOT-FOR-US: BEA Weblogic
CVE-2005-3621 (CRLF injection vulnerability in phpMyAdmin before 2.6.4-pl4
allows ...)
- phpmyadmin 4:2.6.4-pl4-1 (bug #339437; medium)
CVE-2005-XXXX [Two unspecified issues in non-free rar]
@@ -1080,9 +1080,11 @@
CVE-2005-3392 (Unspecified vulnerability in PHP before 4.4.1, when using the
virtual ...)
- php4 <unfixed> (bug #336645; unknown)
TODO: check PHP5
+ NOTE: pinged maintainers
CVE-2005-3391 (Multiple vulnerabilities in PHP before 4.4.1 allow remote
attackers to ...)
- php4 <unfixed> (bug #336645; unknown)
TODO: check PHP5
+ NOTE: pinged maintainers
CVE-2005-3390 (The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x
up to ...)
- php4 <unfixed> (bug #336645; high)
- php5 <unfixed> (bug #336654; high)
@@ -1173,7 +1175,7 @@
- sylpheed-claws-gtk2 1.9.100-1 (bug #339529; medium)
CVE-2005-3353 (The exif_read_data function in the Exif module in PHP before
4.4.1 ...)
- php4 <unfixed> (bug #339577; medium)
- TODO: Check php5
+ - php5 <unfixed> (bug #336654; medium)
CVE-2005-3352
RESERVED
CVE-2005-3351 (SpamAssassin 3.0.4 allows attackers to bypass spam detection
via an ...)
@@ -1338,7 +1340,7 @@
- gnutls11 <unfixed> (bug #336006; low)
TODO: Check, when this was fixed in gnutls12
CVE-2004-2530 (Visual truncation vulnerability in Gadu-Gadu allows remote
attackers ...)
- TODO: check
+ NOT-FOR-US: Gadu-Gadu
CVE-2004-2529 (Gadu-Gadu allows remote attackers to bypass the "image
send" option by ...)
TODO: check
CVE-2004-2528 (Cross-site scripting (XSS) vulnerability in sresult.exe in
Webcam ...)
@@ -2756,7 +2758,7 @@
NOT-FOR-US: AutoLinks Pro
CVE-2005-2781 (The Avatar upload feature in FUD Forum before 2.7.0 does not
properly ...)
- phpgroupware <unfixed> (bug #340094; medium)
- TODO: check, whether egroupware-fudforum is affected
+ - egroupware <unfixed> (bug #340495; medium)
CVE-2005-2780 (Cross-site scripting (XSS) vulnerability in Land Down Under
(LDU) ...)
NOT-FOR-US: Land Down Under
CVE-2005-2779 (The iTAN Online-Banking Security System allows remote attackers
to ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
