Author: jmm-guest
Date: 2006-03-10 10:25:34 +0000 (Fri, 10 Mar 2006)
New Revision: 3579
Modified:
data/CVE/list
Log:
gnupg fixed
new issues in monopd, thunderbird and crossfire
lots of NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-03-10 09:14:24 UTC (rev 3578)
+++ data/CVE/list 2006-03-10 10:25:34 UTC (rev 3579)
@@ -84,7 +84,6 @@
TODO: check
CVE-2006-1086
REJECTED
- TODO: check
CVE-2006-1085 (admin.php in PHP-Stats 0.1.9.1 and earlier allows remote
attackers to ...)
TODO: check
CVE-2006-1084 (Multiple SQL injection vulnerabilities in PHP-Stats 0.1.9.1 and
...)
@@ -162,71 +161,71 @@
CVE-2006-XXXX [runit local privilege escalation]
- runit <unfixed> (bug #356016; medium)
[sarge] - runit <not-affected>
-begin claimed by jmm
CVE-2006-1049 (Multiple SQL injection vulnerabilities in Joomla! 1.0.7 and
earlier ...)
- TODO: check
+ NOT-FOR-US: Joomla!
CVE-2006-1048 (Joomla! 1.0.7 and earlier allows attackers to bypass intended
access ...)
- TODO: check
+ NOT-FOR-US: Joomla!
CVE-2006-1047 (Unspecified vulnerability in the "Remember Me login
functionality" in ...)
- TODO: check
+ NOT-FOR-US: Joomla!
CVE-2006-1046 (server.cpp in Monopd 0.9.3 allows remote attackers to cause a
denial ...)
- TODO: check
+ - monopd <unfixed> (bug #355797)
CVE-2006-1045 (The HTML rendering engine in Mozilla Thunderbird 1.5, when
"Block ...)
- TODO: check
+ - mozilla-thunderbird <unfixed>
CVE-2006-1044 (Multiple buffer overflows in LISTSERV 14.3 and 14.4, including
...)
- TODO: check
+ NOT-FOR-US: LISTSERV
CVE-2006-1043 (Stack-based buffer overflow in Microsoft Visual Studio 6.0 and
...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-1042 (Multiple SQL injection vulnerabilities in Gregarius 0.5.2 allow
remote ...)
- TODO: check
+ NOT-FOR-US: Gregarius
CVE-2006-1041 (Multiple cross-site scripting (XSS) vulnerabilities in
Gregarius 0.5.2 ...)
- TODO: check
+ NOT-FOR-US: Gregarius
CVE-2006-1040 (Cross-site scripting (XSS) vulnerability in vBulletin 3.0.12
and 3.5.3 ...)
- TODO: check
+ NOT-FOR-US: vBulletin
CVE-2006-1039 (SAP Web Application Server (WebAS) Kernel before 7.0 allows
remote ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2006-1038 (Buffer overflow in SecureCRT 5.0.4 and earlier and SecureFX
3.0.4 and ...)
- TODO: check
+ NOT-FOR-US: SecureCRT
CVE-2006-1037 (SQL injection vulnerability in the Oracle Diagnostics module
2.2 and ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-1036 (Multiple unspecified vulnerabilities in the Oracle Diagnostics
module ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-1035 (Unspecified vulnerability in the Oracle Diagnostics module 2.2
and ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-1034 (Multiple cross-site scripting (XSS) vulnerabilities in Woltlab
Burning ...)
- TODO: check
+ NOT-FOR-US: Woltlab Burning Board
CVE-2006-1033 (Multiple cross-site scripting (XSS) vulnerabilities in
Dragonfly CMS ...)
- TODO: check
+ NOT-FOR-US: Dragonfly CMS
CVE-2006-1032 (Eval injection vulnerability in the decode function in
rpc_decoder.php ...)
- TODO: check
+ NOT-FOR-US: phpRPC
CVE-2006-1031 (PHP local file include vulnerability in config/config_inc.php
in ...)
- TODO: check
+ NOT-FOR-US: iGENUS Webmail
CVE-2006-1030 (Unspecified vulnerability in mod_templatechooser in Joomla!
1.0.7 ...)
- TODO: check
+ NOT-FOR-US: Joomla!
CVE-2006-1029 (The cross-site scripting (XSS) countermeasures in ...)
- TODO: check
+ NOT-FOR-US: Joomla!
CVE-2006-1028 (feedcreator.class.php (aka the syndication component) in
Joomla! 1.0.7 ...)
- TODO: check
+ NOT-FOR-US: Joomla!
CVE-2006-1027 (feedcreator.class.php (aka the syndication component) in
Joomla! 1.0.7 ...)
- TODO: check
+ NOT-FOR-US: Joomla!
CVE-2006-1026 (JFacets before 0.2 allows remote attackers to gain privileges
as any ...)
- TODO: check
+ NOT-FOR-US: JFacets
CVE-2006-1025 (Cross-site scripting (XSS) vulnerability in manage.asp in
Addsoft ...)
- TODO: check
+ NOT-FOR-US: Addsoft StoreBot
CVE-2006-1024 (SQL injection vulnerability in MgrLogin.asp in Addsoft StoreBot
2005 ...)
- TODO: check
+ NOT-FOR-US: Addsoft StoreBot
CVE-2006-1023 (Directory traversal vulnerability in HP System Management
Homepage ...)
- TODO: check
+ NOT-FOR-US: HP System Management
CVE-2006-1022 (PHP remote file include vulnerability in sol_menu.php in PeHePe
Uyelik ...)
- TODO: check
+ NOT-FOR-US: PeHePe Uyelik Sistemi
CVE-2006-1021 (Cross-site scripting (XSS) vulnerability in sol_menu.php in
PeHePe ...)
- TODO: check
+ NOT-FOR-US: PeHePe Uyelik Sistemi
CVE-2006-1020 (SQL injection vulnerability in forumlib.php in Johnny_Vegas
Vegas ...)
- TODO: check
+ NOT-FOR-US: Johnny_Vegas Vegas Forum
CVE-2006-1019 (Cross-site scripting (XSS) vulnerability in fce.php in UKiBoard
3.0.1 ...)
- TODO: check
+ NOT-FOR-US: UkiBoard
CVE-2006-1018 (SQL injection vulnerability in poems.php in DCI-Designs
Dawaween 1.03 ...)
- TODO: check
+ NOT-FOR-US: DCI-Design Dawaween
+begin claimed by jmm
CVE-2006-1017 (The c-client library 2000, 2001, or 2004 for PHP 3.x, 4.x, and
5.x, ...)
TODO: check
CVE-2006-1016 (Buffer overflow in the IsComponentInstalled method in Internet
...)
@@ -242,7 +241,7 @@
CVE-2006-1011 (LetterMerger 1.2 stores user information in Access database
files with ...)
TODO: check
CVE-2006-1010 (Buffer overflow in socket/request.c in CrossFire before 1.9.0,
when ...)
- TODO: check
+ - crossfire 1.9.0-1
CVE-2006-1009 (M4 Project enigma-suite before 0.73.3 (Windows) has a default
password ...)
TODO: check
CVE-2006-1008 (Multiple cross-site scripting (XSS) vulnerabilities in N8cms
1.1 and ...)
@@ -1562,9 +1561,7 @@
RESERVED
CVE-2006-0455 (gpgv in GnuPG before 1.4.2.1, when using unattended signature
...)
{DSA-978-1}
- - gnupg <unfixed> (bug #353017; bug #353019; bug #354620; medium)
- [woody] - gnupg 1.0.6-4woody4
- [sarge] - gnupg 1.4.1-1sarge1
+ - gnupg 1.4.2.2-1 (bug #353017; bug #353019; bug #354620; medium)
NOTE:
http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000211.html indicates
that
NOTE: *all* versions are affected because gpg --verify is also affected
CVE-2006-0454 (Linux kernel before 2.6.15.3 down to 2.6.12, while constructing
an ...)
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
