[Secure-testing-commits] r3649 - data/CVE

Mon, 20 Mar 2006 07:23:38 -0800 

Author: jmm-guest
Date: 2006-03-20 15:22:55 +0000 (Mon, 20 Mar 2006)
New Revision: 3649

Modified:
   data/CVE/list
Log:
new x.org local root


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2006-03-20 13:35:29 UTC (rev 3648)
+++ data/CVE/list       2006-03-20 15:22:55 UTC (rev 3649)
@@ -35,9 +35,9 @@
 CVE-2006-1281 (Cross-site scripting (XSS) in member.php in MyBulletinBoard 
(MyBB) ...)
        TODO: check
 CVE-2006-1280 (CGI::Session 4.03-1 does not set proper permissions on 
temporary files ...)
-       TODO: check
+       - libcgi-session-perl 4.07-1
 CVE-2006-1279 (CGI::Session 4.03-1 allows local users to overwrite arbitrary 
files ...)
-       TODO: check
+       - libcgi-session-perl 4.07-1
 CVE-2006-1278 (SQL injection vulnerability in @1 File Store 2006.03.07 allows 
remote ...)
        TODO: check
 CVE-2006-1277 (Cross-site scripting (XSS) vulnerability in signup.php in @1 
File ...)
@@ -93,7 +93,7 @@
 CVE-2006-1252 (Eval injection vulnerability in cal.php in Light Weight 
Calendar (LWC) ...)
        TODO: check
 CVE-2006-1251 (greylistclean.cron in sa-exim 4.2 allows remote attackers to 
delete ...)
-       TODO: check
+       - sa-exim <unfixed> (bug #345071)
 CVE-2006-1250 (Unspecified vulnerability in the Webmail module in Winmail 
before 4.3 ...)
        TODO: check
 CVE-2006-1249 (** UNVERIFIABLE, PRERELEASE ** ...)
@@ -136,8 +136,6 @@
        TODO: check
 CVE-2005-XXXX [xsupplicant information leak]
        - xsupplicant 1.0.1-5 (bug #317703; low)
-CVE-2006-XXXX [Multiple issues in libcgi-session-perl]
-       - libcgi-session-perl 4.07-1
 CVE-2006-1244 (Unspecified vulnerability in certain versions of xpdf after 
3.00, as ...)
        - xpdf <not-affected> (All issues previously fixed)
        NOTE: Discussion has shown that the revamp patch doesn't fix new 
vulnerabilities
@@ -1213,8 +1211,10 @@
        {DSA-1008-1}
        - kdegraphics 3.5.0-3
        NOTE: Only affected the 3.3.2 KDE backport
-CVE-2006-0745
+CVE-2006-0745 [local root exploit in x.org]
        RESERVED
+       - xorg-x11 <unfixed>
+       - xfree86 <not-affected>
 CVE-2006-0744
        RESERVED
 CVE-2006-0743 (Format string vulnerability in LocalSyslogAppender in Apache 
log4net ...)


_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

Reply via email to