[Secure-testing-commits] r3621 - in data: . CVE

Thu, 16 Mar 2006 01:27:31 -0800 

Author: jmm-guest
Date: 2006-03-16 09:17:03 +0000 (Thu, 16 Mar 2006)
New Revision: 3621

Modified:
   data/CVE/list
   data/ID_pending
Log:
new libcgi-session-perl issues (fixed)
new drupal issues (fixed)
new snmptrapfmt issue (fixed)
peercast updated
removed old gallery2 provisional entry already CVEfied


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2006-03-16 09:14:21 UTC (rev 3620)
+++ data/CVE/list       2006-03-16 09:17:03 UTC (rev 3621)
@@ -1,3 +1,5 @@
+CVE-2006-XXXX [Multiple issues in libcgi-session-perl]
+       - libcgi-session-perl 4.07-1
 CVE-2006-1244 (Unspecified vulnerability in certain versions of xpdf after 
3.00, as ...)
        TODO: check
 CVE-2006-1243 (Directory traversal vulnerability in install05.php in Simple 
PHP Blog ...)
@@ -35,13 +37,13 @@
 CVE-2006-1229 (SQL injection vulnerability in search.asp in Hosting Controller 
6.1 ...)
        TODO: check
 CVE-2006-1228 (Session fixation vulnerability in Drupal 4.5.x before 4.5.8 and 
4.6.x ...)
-       TODO: check
+       - drupal 4.5.8-1
 CVE-2006-1227 (Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8, when 
menu.module is ...)
-       TODO: check
+       - drupal 4.5.8-1
 CVE-2006-1226 (Cross-site scripting (XSS) vulnerability in Drupal 4.5.x before 
4.5.8 ...)
-       TODO: check
+       - drupal 4.5.8-1
 CVE-2006-1225 (CRLF injection vulnerability in Drupal 4.5.x before 4.5.8 and 
4.6.x ...)
-       TODO: check
+       - drupal 4.5.8-1
 CVE-2006-1224 (Directory traversal vulnerability in dwnld.php in GuppY 4.5.11 
allows ...)
        TODO: check
 CVE-2006-1223 (Cross-site scripting (XSS) vulnerability in Jupiter Content 
Manager ...)
@@ -239,7 +241,7 @@
 CVE-2005-4729 (SQL injection vulnerabilitiy in show.php in VBZooM Forum allows 
remote ...)
        TODO: check
 CVE-2006-XXXX [Unspecified security problem in Peercast]
-       - peercast 0.1217-1
+       - peercast 0.1217.toots.20060314-1
 CVE-2006-XXXX [Directory traversal issue in Namazu2]
        - namazu2 2.0.16-1
 CVE-2006-1166 (Monotone 0.25 and earlier, when a user creates a file in a 
directory ...)
@@ -658,8 +660,6 @@
        NOTE: Only an example, not in the binary package
 CVE-2006-XXXX [webcheck XSS]
        - webcheck 1.9.6
-CVE-2006-XXXX [the usual gallery2 XSS]
-       - gallery2 2.0.3-1
 CVE-2006-XXXX [Insecure rpath in amaya]
        - amaya 9.4-1 (bug #341424)
 CVE-2006-0937 (U.N.U. Mailgust 1.9 allows remote attackers to obtain sensitive 
...)
@@ -2941,8 +2941,9 @@
        RESERVED
 CVE-2006-0051
        RESERVED
-CVE-2006-0050
+CVE-2006-0050 [insecure temp file in snmptrapfmt]
        RESERVED
+       - snmptrapfmt 1.10
 CVE-2006-0049 (gpg in GnuPG before 1.4.2.2 does not properly verify 
non-detached ...)
        {DSA-993-2}
        - gnupg 1.4.2.2-1 (medium)
@@ -7280,8 +7281,6 @@
        NOT-FOR-US: AlstraSoft E-Friends
 CVE-2005-3061 (Multiple stack-based buffer overflows in PowerArchiver 8.10 
through ...)
        NOT-FOR-US: PowerArchiver
-CVE-2003-XXXX [libsafe: does not prevent some exploit types]
-       - libsafe <removed>
 CVE-2003-XXXX [Insecure temp files in lilo]
        - lilo 1:22.4-1 (bug #173238; bug #292073; low)
 CVE-2005-XXXX [Multiple security issues when using distcc without ssh auth]

Modified: data/ID_pending
===================================================================
--- data/ID_pending     2006-03-16 09:14:21 UTC (rev 3620)
+++ data/ID_pending     2006-03-16 09:17:03 UTC (rev 3621)
@@ -9,8 +9,6 @@
        NOTE: Only an example, not in the binary package
 CVE-2006-XXXX [webcheck XSS]
        - webcheck 1.9.6
-CVE-2006-XXXX [the usual gallery2 XSS]
-       - gallery2 2.0.3-1
 CVE-2006-XXXX [Insecure rpath in amaya]
        - amaya 9.4-1 (bug #341424)
 CVE-2006-XXXX [cherrypy2 information disclosure]
@@ -75,8 +73,6 @@
        - drupal 4.5.5-3 (bug #336719; medium)
 CVE-2005-XXXX [double free() in libungif]
        - libungif4 4.1.4-1 (bug #338542; medium)
-CVE-2005-XXXX [webcalendar's password visible to local users through debconf]
-       - webcalendar <unfixed> (bug #337624)
 CVE-2005-XXXX [Insecure temp files in note]
        - note 1.3.1-3 (bug #337492; low)
 CVE-2005-XXXX [ntop format string vulnerability]
@@ -196,8 +192,6 @@
        - icebreaker 1.21-9.1 (bug #297644; low)
 CVE-2001-XXXX [gnupg: inproper flagging of signatures as being local]
        - gnupg 1.0.7-1 (bug #107374)
-CVE-2003-XXXX [libsafe: does not prevent some exploit types]
-       - libsafe <removed>
 CVE-2003-XXXX [Insecure temp files in lilo]
        - lilo 1:22.4-1 (bug #173238; bug #292073; low)
 CVE-2005-XXXX [Multiple security issues when using distcc without ssh auth]


_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

Reply via email to