[Secure-testing-commits] r3682 - data/CVE

Fri, 24 Mar 2006 06:04:39 -0800 

Author: jmm-guest
Date: 2006-03-24 13:24:24 +0000 (Fri, 24 Mar 2006)
New Revision: 3682

Modified:
   data/CVE/list
Log:
new helix issue (unfixed)
new passwd/d-i issue (fixed)
three new kernel issues


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2006-03-24 10:40:06 UTC (rev 3681)
+++ data/CVE/list       2006-03-24 13:24:24 UTC (rev 3682)
@@ -1,81 +1,83 @@
 CVE-2006-1378 (PasswordSafe 3.0, when running on Windows before XP, uses a 
weak ...)
-       TODO: check
+       NOT-FOR-US: PasswordSafe
 CVE-2006-1377 (Cross-site scripting (XSS) vulnerability in img.php in (1) 
EasyMoblog ...)
-       TODO: check
+       NOT-FOR-US: EasyMoblog
 CVE-2006-1376 (The installation of Debian GNU/Linux 3.1r1 from the network 
install CD ...)
-       TODO: check
+       - passwd 1:4.0.14-9 (bug #358210)
 CVE-2006-1375 (AdMan 1.0.20051221 and earlier allows remote attackers to 
obtain the ...)
-       TODO: check
+       NOT-FOR-US: AdMan
 CVE-2006-1374 (SQL injection vulnerability in viewStatement.php in AdMan 
1.0.20051221 ...)
-       TODO: check
+       NOT-FOR-US: AdMan
 CVE-2006-1373 (Cross-site scripting (XSS) vulnerability in status_image.php in 
PHP ...)
-       TODO: check
+       NOT-FOR-US: PHP Live!
 CVE-2006-1372 (Multiple SQL injection vulnerabilities in 1WebCalendar 4.0 and 
earlier ...)
-       TODO: check
+       NOT-FOR-US: 1WebCalendar
 CVE-2006-1371 (Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5 and earlier 
allows ...)
-       TODO: check
+       NOT-FOR-US: Laurentiu Matei eXpandable Home Page
 CVE-2006-1370 (Buffer overflow in RealNetworks RealPlayer 10.5 6.0.12.1040 
through ...)
-       TODO: check
+       NOT-FOR-US: Real Player, according to Real Helix not affected
 CVE-2006-1369 (Cross-site scripting (XSS) vulnerability in Invision Power 
Board (IPB) ...)
-       TODO: check
+       NOT-FOR-US: Invision Power Board
 CVE-2006-1368 (Buffer overflow in the USB Gadget RNDIS implementation in the 
Linux ...)
-       TODO: check
+       - linux-2.6 2.6.16-1
 CVE-2006-1367 (The Motorola PEBL U6 08.83.76R, the Motorola V600, and possibly 
the ...)
-       TODO: check
+       NOT-FOR-US: Motorola hardware
 CVE-2006-1366 (Buffer overflow in the Motorola PEBL U6 08.83.76R, and possibly 
other ...)
-       TODO: check
+       NOT-FOR-US: Motorola hardware
 CVE-2006-1365 (The Motorola PEBL U6, the Motorola V600, and possibly the 
Motorola ...)
-       TODO: check
+       NOT-FOR-US: Motorola hardware
 CVE-2006-1364 (Microsoft w3wp (aka w3wp.exe) does not properly handle when the 
...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2006-1363 (images.php in Justin White (aka YTZ) Free Web Publishing System 
...)
-       TODO: check
+       NOT-FOR-US: Justin White (aka YTZ) Free Web Publishing System
 CVE-2006-1362 (Multiple SQL injection vulnerabilities in Mini-Nuke CMS System 
1.8.2 ...)
-       TODO: check
+       NOT-FOR-US: Mini-Nuke
 CVE-2006-1361 (Cross-site scripting (XSS) vulnerability in OSWiki before 0.3.1 
allows ...)
-       TODO: check
+       NOT-FOR-US: OSWiki
 CVE-2006-1360 (Multiple SQL injection vulnerabilities in MusicBox 2.3 Beta 2 
allow ...)
-       TODO: check
+       NOT-FOR-US: MusicBox
 CVE-2006-1359 (Microsoft Internet Explorer 6 and 7 Beta 2 allows remote 
attackers to ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2006-1358 (Unspecified vulnerability in BEA WebLogic Portal 8.1 up to SP5 
causes ...)
-       TODO: check
+       NOT-FOR-US: BEA WebLogic
 CVE-2006-1357 (Cross-site scripting (XSS) vulnerability in my.support.php3 in 
F5 ...)
-       TODO: check
+       NOT-FOR-US: F5 Firepass 4100 SSL VPN
 CVE-2006-1356 (Stack-based buffer overflow in the count_vcards function in 
LibVC 3, ...)
-       TODO: check
+       NOT-FOR-US: LibVC
 CVE-2006-1355 (avast! Antivirus 4.6.763 and earlier sets 
"BUILTIN\Everyone" ...)
-       TODO: check
+       NOT-FOR-US: avast AV
 CVE-2006-1354 (Unspecified vulnerability in FreeRADIUS 1.0.0 up to 1.1.0 
allows ...)
        - freeradius <unfixed>
 CVE-2006-1353 (Multiple SQL injection vulnerabilities in ASPPortal 3.1.1 and 
earlier ...)
-       TODO: check
+       NOT-FOR-US: ASPPortal
 CVE-2006-1352 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 
7.0 SP6 ...)
-       TODO: check
+       NOT-FOR-US: BEA WebLogic
 CVE-2006-1351 (BEA WebLogic Server 6.1 SP7 and earlier allows remote ...)
-       TODO: check
+       NOT-FOR-US: BEA WebLogic
 CVE-2006-1350 (PHP remote file include vulnerability in index.php in 
99Articles.com ...)
-       TODO: check
+       NOT-FOR-US: 99Articles.com
 CVE-2006-1349 (Multiple cross-site scripting (XSS) vulnerabilities in Musicbox 
2.3 ...)
-       TODO: check
+       NOT-FOR-US: MusicBox
 CVE-2006-1348 (Cross-site scripting (XSS) vulnerability in index.php in Greg 
...)
+       NOT-FOR-US: Greg Neustaetter gCards
        TODO: check
 CVE-2006-1347 (SQL injection vulnerability in loginfunction.php in Greg 
Neustaetter ...)
-       TODO: check
+       NOT-FOR-US: Greg Neustaetter gCards
 CVE-2006-1346 (Directory traversal vulnerability in inc/setLang.php in Greg 
...)
-       TODO: check
+       NOT-FOR-US: Greg Neustaetter gCards
 CVE-2006-1345 (polls.php in MyBB (aka MyBulletinBoard) 1.10 allows remote 
attackers ...)
-       TODO: check
+       NOT-FOR-US: MyBB 
 CVE-2006-1344 (Cross-site scripting (XSS) vulnerability in VeriSign haydn.exe, 
as ...)
-       TODO: check
+       NOT-FOR-US: VeriSign haydn.exe
 CVE-2006-1343 (net/ipv4/netfilter/ip_conntrack_core.c in Linux kernel 2.4 and 
2.6, ...)
-       TODO: check
+       - linux-2.6 <unfixed>
 CVE-2006-1342 (net/ipv4/af_inet.c in Linux kernel 2.4 does not clear ...)
-       TODO: check
+       - linux-2.6 <unfixed>
+       NOTE: Possibly not-affected, needs further checking
 CVE-2003-1298 (Multiple directory traversal vulnerabilities in siteman.php3 in 
...)
-       TODO: check
+       NOT-FOR-US: Veritas Backup
 CVE-2000-1240 (Unspecified vulnerability in siteman.php3 in AnyPortal(php) 
before 22 ...)
-       TODO: check
+       NOT-FOR-US: AnyPortal
 CVE-2006-1341 (SQL injection vulnerability in events.php in Maian Events 1.0 
allows ...)
        NOT-FOR-US: Maian Events
 CVE-2006-1340 (CuteNews 1.4.1 and possibly other versions allows remote 
attackers to ...)
@@ -2428,7 +2430,7 @@
 CVE-2006-0324 (SQL injection vulnerability in WebspotBlogging 3.0 allows 
remote ...)
        NOT-FOR-US: WebspotBlogging
 CVE-2006-0323 (Buffer overflow in multiple RealNetworks products and versions 
...)
-       TODO: check
+       - helix-player <unfixed> (bug #358754; medium)
 CVE-2006-0322 (Unspecified vulnerability the edit comment formatting 
functionality in ...)
        - mediawiki <unfixed> (low)
 CVE-2005-4666 (Cross-site scripting (XSS) vulnerability in PHlyMail before 3.3 
Beta1 ...)


_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

Reply via email to