[Secure-testing-commits] r3557 - data/CVE

Moritz Muehlenhoff Sun, 05 Mar 2006 04:16:31 -0800

Author: jmm-guest
Date: 2006-03-05 12:15:52 +0000 (Sun, 05 Mar 2006)
New Revision: 3557


Modified:
   data/CVE/list
Log:
new minor rssh issue
bugzilla CVEfied


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2006-03-05 12:05:57 UTC (rev 3556)
+++ data/CVE/list       2006-03-05 12:15:52 UTC (rev 3557)
@@ -1,3 +1,6 @@
+CVE-2006-XXXX [minor bypass of rssh sanitising]
+       - rssh <unfixed> (bug #346322; low)
+       [sarge] - rssh <not-affected> (Problem has been introduced in 2.3.0)
 CVE-2006-XXXX [buffer overflow in netcat example]
        - netcat 1.10-30 (bug #352369; unimportant)
        NOTE: Only an example, not in the binary package
@@ -50,11 +53,17 @@
 CVE-2006-0917 (Melange Chat Server (aka M-Chat), when accessed via a web 
browser, ...)
        TODO: check
 CVE-2006-0916 (Bugzilla 2.19.3 through 2.20 does not properly handle 
&quot;//&quot; sequences ...)
-       TODO: check
+       - bugzilla <unfixed> (bug #354457)
+       [woody] - bugzilla <not-affected> (Only 2.17 and above are affected)
+       [sarge] - bugzilla <not-affected> (Only 2.17 and above are affected)
 CVE-2006-0915 (Bugzilla 2.16.10 does not properly handle certain characters in 
the ...)
-       TODO: check
+       - bugzilla <unfixed> (bug #354457)
+       [woody] - bugzilla <not-affected> (Only 2.17 and above are affected)
+       [sarge] - bugzilla <not-affected> (Only 2.17 and above are affected)
 CVE-2006-0914 (Bugzilla 2.16.10, 2.17 through 2.18.4, and 2.20 do not properly 
handle ...)
-       TODO: check
+       - bugzilla <unfixed> (bug #354457)
+       [woody] - bugzilla <not-affected> (Only 2.17 and above are affected)
+       [sarge] - bugzilla <not-affected> (Only 2.17 and above are affected)
 CVE-2006-0913 (SQL injection vulnerability in whineatnews.pl in Bugzilla 2.17 
through ...)
        TODO: check
 CVE-2006-0912 (Oreka before 0.5 allows remote attackers to cause a denial of 
service ...)
@@ -269,10 +278,6 @@
        TODO: check
 CVE-2004-2654 (The clientAbortBody function in client_side.c in Squid Web 
Proxy Cache ...)
        TODO: check
-CVE-2006-XXXX [three issues in bugzilla]
-       - bugzilla <unfixed> (bug #354457)
-       [woody] - bugzilla <not-affected> (Only 2.17 and above are affected)
-       [sarge] - bugzilla <not-affected> (Only 2.17 and above are affected)
 CVE-2006-XXXX [cherrypy2 information disclosure]
        - cherrypy2 2.1.1-1 (bug #353542)
 CVE-2006-0811 (Cross-site scripting (XSS) vulnerability in reguser.php in 
Skate Board ...)


_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r3557 - data/CVE

Reply via email to