[Secure-testing-commits] r3225 - data/CVE

Wed, 04 Jan 2006 05:14:09 -0800 

Author: jmm-guest
Date: 2006-01-04 13:13:38 +0000 (Wed, 04 Jan 2006)
New Revision: 3225

Modified:
   data/CVE/list
Log:
processed block:
three not-affected
the rest are NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2006-01-04 12:34:33 UTC (rev 3224)
+++ data/CVE/list       2006-01-04 13:13:38 UTC (rev 3225)
@@ -6,65 +6,64 @@
        NOT-FOR-US: vBulletin
 CVE-2006-0079 (SQL injection vulnerability in auth.php in ScozNet ScozBook 
BETA 1.1 ...)
        NOT-FOR-US: ScozNet
-begin claimed by jmm
 CVE-2006-0078 (Multiple cross-site scripting (XSS) vulnerabilities in B-net 
Software ...)
-       TODO: check
+       NOT-FOR-US: B-Net Software
 CVE-2006-0077 (Off-by-one error in the getfattr function in File::ExtAttr 
before 0.03 ...)
        NOT-FOR-US: File::ExtAttr
        TODO: check for further uploads.
 CVE-2006-0076 (PHP remote file include vulnerability in forum.php in oaBoard 
1.0 ...)
-       TODO: check
+       NOT-FOR-US: oaBoard
 CVE-2006-0075 (Direct static code injection vulnerability in phpBook 1.3.2 and 
...)
-       TODO: check
+       NOT-FOR-US: phpBook
 CVE-2006-0074 (SQL injection vulnerability in profile.php in PHPenpals allows 
remote ...)
-       TODO: check
+       NOT-FOR-US: PHPenpals
 CVE-2006-0073 (Cross-site scripting (XSS) vulnerability in DiscusWare Discus 
Freeware ...)
-       TODO: check
+       NOT-FOR-US: DiscusWare Discus
 CVE-2006-0072 (Buffer overflow in termsh on SCO OpenServer 5.0.7 allows remote 
...)
-       TODO: check
+       NOT-FOR-US: SCO Openserver
 CVE-2006-0071 (The ebuild for pinentry before 0.7.2-r2 on Gentoo Linux sets 
setgid ...)
-       TODO: check
+       - pinentry <not-affected> (Gentoo-specific packaging flaw)
 CVE-2006-0070 (** DISPUTED ** ...)
-       TODO: check
+       - drupal <not-affected> (According to upstream advisory is junk, 
behaviour intentional)
+       NOTE: This will probably be REJECTED anyway
 CVE-2006-0069 (Cross-site scripting (XSS) vulnerability in addentry.php in 
Chipmunk ...)
-       TODO: check
+       NOT-FOR-US: Chipmunk Guestbook
 CVE-2006-0068 (SQL injection vulnerability in Primo Cart 1.0 and earlier 
allows ...)
-       TODO: check
+       NOT-FOR-US: Primo Cart
 CVE-2006-0067 (SQL injection vulnerability in login.php in VEGO Links Builder 
2.00 ...)
-       TODO: check
+       NOT-FOR-US: VEGO Links Builder
 CVE-2006-0066 (SQL injection vulnerability in index.php in PHPjournaler 1.0 
allows ...)
-       TODO: check
+       NOT-FOR-US: PHPjournaler
 CVE-2006-0065 (SQL injection vulnerability in (1) functions.php, (2) ...)
-       TODO: check
+       NOT-FOR-US: VEGO Web Forum
 CVE-2006-0064 (PHP remote file include vulnerability in 
includes/orderSuccess.inc.php ...)
-       TODO: check
+       NOT-FOR-US: CubeCart
 CVE-2006-0063
        RESERVED
 CVE-2005-4617 (SQL injection vulnerability in tickets.php in cSupport 1.0 and 
earlier ...)
-       TODO: check
+       NOT-FOR-US: cSupport
 CVE-2005-4616 (SQL injection vulnerability in index.php in iSupport 1.06 
allows ...)
-       TODO: check
+       NOT-FOR-US: iSupport
 CVE-2005-4615 (SQL injection vulnerability in news.php in DapperDesk 3.0.1 and 
...)
-       TODO: check
+       NOT-FOR-US: DapperDesk
 CVE-2005-4614 (Multiple SQL injection vulnerabilities in digiSHOP 3.1.17 and 
earlier ...)
-       TODO: check
+       NOT-FOR-US: digiSHOP
 CVE-2005-4613 (Cross-site scripting (XSS) vulnerability in VUBB alpha rc1 
allows ...)
-       TODO: check
+       NOT-FOR-US: VUBB alpha
 CVE-2005-4612 (Multiple SQL injection vulnerabilities in VUBB alpha rc1 allow 
remote ...)
-       TODO: check
+       NOT-FOR-US: VUBB alpha
 CVE-2005-4611 (SQL injection vulnerability in search.php in Free ClickBank 1.0 
and ...)
-       TODO: check
+       NOT-FOR-US: Free ClickBank
 CVE-2005-4610 (Format string vulnerability in the server for Dopewars before 
1.5.12, ...)
-       TODO: check
+       - dopewars <not-affected> (According to upstream Windows-specific)
 CVE-2005-4609 (index.php in BugPort 1.147 and earlier allows remote attackers 
to ...)
-       TODO: check
+       NOT-FOR-US: BugPort
 CVE-2005-4608 (SQL injection vulnerability in index.php in BugPort 1.147 
allows ...)
-       TODO: check
+       NOT-FOR-US: BugPort
 CVE-2005-4607 (Cross-site scripting (XSS) vulnerability in index.php in 
BugPort 1.147 ...)
-       TODO: check
+       NOT-FOR-US: BugPort
 CVE-2005-4606 (SQL injection vulnerability in check_user.asp in multiple Web 
Wiz ...)
-       TODO: check
-end claimed by jmm
+       NOT-FOR-US: Web Wiz
 CVE-2006-XXXX [libmail-audit-perl: insecure /tmp handling]
        - libmail-audit-perl <unfixed> (bug #344029)
 CVE-2005-4605 (The procfs code (proc_misc.c) in Linux 2.6.14.3 and other 
versions ...)


_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

Reply via email to