[Secure-testing-commits] r3531 - in data: . CVE

Moritz Muehlenhoff Thu, 23 Feb 2006 06:47:55 -0800

Author: jmm-guest
Date: 2006-02-23 14:47:10 +0000 (Thu, 23 Feb 2006)
New Revision: 3531


Modified:
   data/CVE/list
   data/open-issues.txt
Log:
tar off-by-one
honeyd CVEfied
lots of NFUs
two more maintenability issues for Etch


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2006-02-23 14:23:59 UTC (rev 3530)
+++ data/CVE/list       2006-02-23 14:47:10 UTC (rev 3531)
@@ -4,71 +4,68 @@
        [sarge] - bugzilla <not-affected> (Only 2.17 and above are affected)
 CVE-2006-XXXX [cherrypy2 information disclosure]
        - cherrypy2 2.1.1-1 (bug #353542)
-begin claimed by jmm
 CVE-2006-0811 (Cross-site scripting (XSS) vulnerability in reguser.php in 
Skate Board ...)
-       NOT-FOR-US: 
-       TODO: check
+       NOT-FOR-US: Skate Board
 CVE-2006-0810 (Unspecified vulnerability in config.php in Skate Board 0.9 
allows ...)
-       TODO: check
+       NOT-FOR-US: Skate Board
 CVE-2006-0809 (Multiple SQL injection vulnerabilities in Skate Board 0.9 allow 
remote ...)
-       TODO: check
+       NOT-FOR-US: Skate Board
 CVE-2006-0808 (MUTE 0.4 allows remote attackers to cause a denial of service 
...)
-       TODO: check
+       NOT-FOR-US: MUTE
 CVE-2006-0807 (Stack-based buffer overflow in NJStar Chinese and Japanese Word 
...)
-       TODO: check
+       NOT-FOR-US: NJStar
 CVE-2006-0806 (Multiple cross-site scripting (XSS) vulnerabilities in ADOdb 
4.71 ...)
-       TODO: check
+       - libphp-adodb <unfixed>
 CVE-2006-0805 (The CAPTCHA functionality in php-Nuke 6.0 through 7.9 uses 
fixed ...)
-       TODO: check
+       NOT-FOR-US: php-Nuke
 CVE-2006-0804 (Off-by-one error in TIN 1.8.0 and earlier might allow attackers 
to ...)
-       TODO: check
+       - tin 1.8.1 
 CVE-2006-0803
        RESERVED
 CVE-2006-0802 (Cross-site scripting (XSS) vulnerability in the NS-Languages 
module ...)
-       TODO: check
+       NOT-FOR-US: PostNuke
 CVE-2006-0801 (SQL injection vulnerability in the NS-Languages module for 
PostNuke ...)
-       TODO: check
+       NOT-FOR-US: PostNuke
 CVE-2006-0800 (Interpretation conflict in PostNuke 0.761 and earlier allows 
remote ...)
-       TODO: check
+       NOT-FOR-US: PostNuke
 CVE-2006-0799 (Microsoft Internet Explorer allows remote attackers to conduct 
...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2006-0798 (Multiple directory traversal vulnerabilities in the IMAP 
service in ...)
-       TODO: check
+       NOT-FOR-US: Macallan Mail Solution
 CVE-2006-0797 (Nokia N70 cell phone allows remote attackers to caues a denial 
of ...)
-       TODO: check
+       NOT-FOR-US: Nokia cell phone
 CVE-2006-0796 (Cross-site scripting (XSS) vulnerability in default.php in 
Clever Copy ...)
-       TODO: check
+       NOT-FOR-US: Clever Copy
 CVE-2006-0795 (Unspecified vulnerability in convert.cgi in Quirex 2.0.2 and 
earlier ...)
-       TODO: check
+       NOT-FOR-US: Quirex 
 CVE-2006-0794 (help.php in V-webmail 1.6.2 allows remote attackers to obtain 
the ...)
-       TODO: check
+       NOT-FOR-US: V-webmail
 CVE-2006-0793 (frameset.php in V-webmail 1.6.2 allows remote attackers to 
conduct ...)
-       TODO: check
+       NOT-FOR-US: V-webmail
 CVE-2006-0792 (Cross-site scripting (XSS) vulnerability in 
preferences.personal.php ...)
-       TODO: check
+       NOT-FOR-US: V-webmail
 CVE-2006-0791 (PHP remote file inclusion vulnerability in index.php in 
DreamCost ...)
-       TODO: check
+       NOT-FOR-US: DreamCost HostAdmin
 CVE-2006-0790 (Rockliffe MailSite 7.0 and earlier allows remote attackers to 
cause a ...)
-       TODO: check
+       NOT-FOR-US: Rockliffe MailSite
 CVE-2006-0789 (Certain unspecified Kyocera printers have a default 
&quot;admin&quot; account ...)
-       TODO: check
+       NOT-FOR-US: Kyocera printers
 CVE-2006-0788 (Kyocera 3830 (aka FS-3830N) printers have a back door that 
allows ...)
-       TODO: check
+       NOT-FOR-US: Kyocera printers
 CVE-2006-0787 (wimpy_trackplays.php in Plaino Wimpy MP3 Player, possibly 5.2 
and ...)
-       TODO: check
+       NOT-FOR-US: Plaino Wimpy
 CVE-2006-0786 (Incomplete blacklist vulnerability in include.php in PHPKIT 
1.6.1 ...)
-       TODO: check
+       NOT-FOR-US: PHPKIT
 CVE-2006-0785 (Absolute path traversal vulnerability in include.php in PHPKIT 
1.6.1 ...)
-       TODO: check
+       NOT-FOR-US: PHPKIT
 CVE-2006-0784 (D-Link DWL-G700AP with firmware 2.00 and 2.01 allows remote 
attackers ...)
-       TODO: check
+       NOT-FOR-US: D-Link hardware
 CVE-2006-0783 (Cross-site scripting (XSS) vulnerability in page.php in in 
Siteframe ...)
-       TODO: check
+       NOT-FOR-US: Siteframe Beaumont
 CVE-2006-0782 (Unspecified vulnerability in weblog.pl in PerlBlog 1.09b and 
earlier ...)
-       TODO: check
-end claimed by jmm
+       NOT-FOR-US: PerlBlog 
 CVE-2006-0781 (Directory traversal vulnerability in weblog.pl in PerlBlog 
1.09b and ...)
-       TODO: check
+       NOT-FOR-US: PerlBlog 
 CVE-2006-0780 (Multiple cross-site scripting (XSS) vulnerabilities in 
weblog.pl in ...)
        TODO: check
 CVE-2006-0779 (Cross-site scripting (XSS) vulnerability in u2u.php in XMB 
Forums ...)
@@ -126,7 +123,7 @@
 CVE-2006-0753 (Memory leak in Microsoft Internet Explorer 6 for Windows XP 
Service ...)
        TODO: check
 CVE-2006-0752 (Niels Provos Honeyd before 1.5 replies to certain illegal IP 
packet ...)
-       TODO: check
+       - honeyd <unfixed> (bug filed)
 CVE-2006-0751 (Multiple unspecified vulnerabilities in the (1) Filesystem in 
...)
        TODO: check
 CVE-2006-0750 (SQL injection vulnerability in index.php in supersmashbrothers 
(SSB) ...)
@@ -309,8 +306,6 @@
        NOT-FOR-US: Microsoft
 CVE-2005-4716 (Hitachi TP1/Server Base and TP1/NET/Library 2 on IBM AIX allow 
remote ...)
        NOT-FOR-US: Hitachi TP1
-CVE-2006-XXXX [honeyd info leak]
-       - honeyd <unfixed> (bug filed)
 CVE-2006-0677 (telnetd in Heimdal 0.6.x before 0.6.6 and 0.7.x before 0.7.2 
allows ...)
        {DSA-977-1}
        - heimdal <unfixed>
@@ -1259,6 +1254,7 @@
        - libextractor 0.5.10-1 (medium)
        - pdfkit.framework 0.8-4 (medium)
 CVE-2006-0300 [buffer overflow in tar]
+       RESERVED
        - tar <unfixed> (bug #354091; high)
        - dpkg <not-affected> (has completely different tar implementation)
        [woody] - tar <not-affected>

Modified: data/open-issues.txt
===================================================================
--- data/open-issues.txt        2006-02-23 14:23:59 UTC (rev 3530)
+++ data/open-issues.txt        2006-02-23 14:47:10 UTC (rev 3531)
@@ -29,3 +29,11 @@
 ffmpeg creates libavcodec only statically. It should be evaluated if there's
 really a compelling reason, as it requires massive recompiles for every 
security
 update. If upstream is reluctant this could be done locally for Etch at least.
+
+=== none
+
+MOTIF 1.2 support has been deprecated upstream. We need to get rid of lesstif1
+for Etch, it already caused us great pain during the last security problems.
+The transition isn't very difficult, it's a recompile against lesstif2-dev
+in most cases. Most packages still using lesstif1 are effectively unmaintained,
+many of them can probably just as well be orphaned or removed.
\ No newline at end of file


_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r3531 - in data: . CVE

Reply via email to