Author: jmm-guest
Date: 2006-03-24 13:42:42 +0000 (Fri, 24 Mar 2006)
New Revision: 3683
Modified:
data/CVE/list
Log:
three more kernel issues
opie n-a
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-03-24 13:24:24 UTC (rev 3682)
+++ data/CVE/list 2006-03-24 13:42:42 UTC (rev 3683)
@@ -60,7 +60,6 @@
NOT-FOR-US: MusicBox
CVE-2006-1348 (Cross-site scripting (XSS) vulnerability in index.php in Greg
...)
NOT-FOR-US: Greg Neustaetter gCards
- TODO: check
CVE-2006-1347 (SQL injection vulnerability in loginfunction.php in Greg
Neustaetter ...)
NOT-FOR-US: Greg Neustaetter gCards
CVE-2006-1346 (Directory traversal vulnerability in inc/setLang.php in Greg
...)
@@ -189,7 +188,7 @@
CVE-2006-1284 (The installation of SQLAnywhere in Symantec Ghost 8.0 and 8.2,
as used ...)
NOT-FOR-US: Symantec Ghost
CVE-2006-1283 (opiepasswd in One-Time Passwords in Everything (OPIE) in
FreeBSD ...)
- TODO: check
+ - libpam-opie <not-affected> (FreeBSD specific vulnerability)
CVE-2006-1282 (CRLF injection vulnerability in inc/function.php in
MyBulletinBoard ...)
NOT-FOR-US: MyBB
CVE-2006-1281 (Cross-site scripting (XSS) in member.php in MyBulletinBoard
(MyBB) ...)
@@ -828,11 +827,11 @@
CVE-2006-1000 (Multiple SQL injection vulnerabilities in Pentacle In-Out Board
3.0 ...)
NOT-FOR-US: Pentacle In-Out Board
CVE-2006-0999 (The SSL server implementation in NILE.NLM in Novell NetWare 6.5
and ...)
- TODO: check
+ NOT-FOR-US: Novell
CVE-2006-0998 (The SSL server implementation in NILE.NLM in Novell NetWare 6.5
and ...)
- TODO: check
+ NOT-FOR-US: Novell
CVE-2006-0997 (The SSL server implementation in NILE.NLM in Novell NetWare 6.5
and ...)
- TODO: check
+ NOT-FOR-US: Novell
CVE-2006-0996
RESERVED
CVE-2006-0995 (EMC Dantz Retrospect 7 backup client 7.0.107, and other
versions ...)
@@ -1435,7 +1434,7 @@
CVE-2006-0721 (SQL injection vulnerability in pmlite.php in RunCMS 1.2 and
1.3a ...)
NOT-FOR-US: RunCMS
CVE-2006-0720 (Stack-based buffer overflow in Nullsoft Winamp 5.12 and 5.13
allows ...)
- TODO: check
+ NOT-FOR-US: Winamp
CVE-2006-0719 (SQL injection vulnerability in member_login.php in PHP
Classifieds ...)
NOT-FOR-US: PHP Classifieds
CVE-2006-0718 (The Internet Key Exchange version 1 (IKEv1) implementation in
Avaya ...)
@@ -1520,7 +1519,7 @@
CVE-2006-0680 (Unspecified vulnerability in WebGUI before 6.8.6-gamma allows
remote ...)
- webgui <itp> (bug #139749)
CVE-2006-0679 (SQL injection vulnerability in index.php in the Your_Account
module in ...)
- TODO: check
+ NOT-FOR-US: PHP-Nuke
CVE-2006-0678 (PostgreSQL 7.3.x before 7.3.14, 7.4.x before 7.4.12, 8.0.x
before ...)
NOTE: Only vulnerable when compiled with asserts
- postgresql <unfixed> (unimportant)
@@ -1566,7 +1565,7 @@
CVE-2006-0668 (SQL injection vulnerability in index.php in PwsPHP 1.2.3 allows
remote ...)
NOT-FOR-US: PwsPHP
CVE-2006-0667 (lscfg in IBM AIX 5.2 and 5.3 allows local users to modify
arbitrary ...)
- TODO: check
+ NOT-FOR-US: AIX
CVE-2006-0666 (Unspecified vulnerability in the (1) unix_mp and (2) unix_64
kernels ...)
NOT-FOR-US: AIX
CVE-2006-0665 (Unspecified vulnerability in (1) query_store.php and (2) ...)
@@ -1822,7 +1821,7 @@
CVE-2006-0558
RESERVED
CVE-2006-0557 (sys_mbind in mempolicy.c in Linux kernel 2.6.16 and earlier
does not ...)
- TODO: check
+ - linux-2.6 <unfixed>
CVE-2006-0556
RESERVED
CVE-2006-0555 (The Linux Kernel before 2.6.15.5 allows local users to cause a
denial ...)
@@ -2124,7 +2123,7 @@
CVE-2006-0458 (The DCC ACCEPT command handler in irssi before ...)
TODO: check
CVE-2006-0457 (Race condition in the (1) add_key, (2) request_key, and (3)
keyctl ...)
- TODO: check
+ - linux-2.6 <unfixed>
CVE-2006-0456
RESERVED
CVE-2006-0455 (gpgv in GnuPG before 1.4.2.1, when using unattended signature
...)
@@ -2137,11 +2136,11 @@
[sarge] - kernel-source-2.6.8 <not-affected>
[sarge] - kernel-source-2.4.27 <not-affected>
CVE-2006-0453 (The LDAP component in Fedora Directory Server 1.0 allow remote
...)
- TODO: check
+ NOT-FOR-US: Fedora Directory Server
CVE-2006-0452 (dn2ancestor in the LDAP component in Fedora Directory Server
1.0 ...)
- TODO: check
+ NOT-FOR-US: Fedora Directory Server
CVE-2006-0451 (Multiple memory leaks in the LDAP component in Fedora Directory
Server ...)
- TODO: check
+ NOT-FOR-US: Fedora Directory Server
CVE-2006-0450 (phpBB 2.0.19 and earlier allows remote attackers to cause a
denial of ...)
- phpbb2 <unfixed> (unimportant)
NOTE: As discussed with the phpbb maintainers; this is only a lack of
feature
@@ -2270,15 +2269,15 @@
CVE-2006-0401
RESERVED
CVE-2006-0400 (CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows remote
attackers ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2006-0399 (Unspecified vulnerability in Safari, LaunchServices, and/or
CoreTypes ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2006-0398 (Unspecified vulnerability in Safari, LaunchServices, and/or
CoreTypes ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2006-0397 (Unspecified vulnerability in Safari, LaunchServices, and/or
CoreTypes ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2006-0396 (Buffer overflow in Mail in Apple Mac OS X 10.4 up to 10.4.5,
when ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2006-0395
RESERVED
CVE-2006-0394
@@ -2288,25 +2287,25 @@
CVE-2006-0392
RESERVED
CVE-2006-0391 (Directory traversal vulnerability in the BOM framework in Mac
OS X ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2006-0390
REJECTED
CVE-2006-0389 (Cross-site scripting (XSS) vulnerability in Syndication (Safari
RSS) ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2006-0388 (Safari in Mac OS X 10.3 before 10.3.9 and 10.4 before 10.4.5
allows ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2006-0387 (Stack-based buffer overflow in Safari in Mac OS X 10.4.5 and
earlier, ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2006-0386 (FileVault in Mac OS X 10.4.5 and earlier does not properly
mount user ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2006-0385
RESERVED
CVE-2006-0384 (automount in Mac OS X 10.4.5 and earlier allows remote file
servers to ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2006-0383 (IPSec when used with VPN networks in Mac OS X 10.4 through
10.4.5 ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2006-0382 (Apple Mac OS X 10.4.5 and allows local users to cause a denial
of ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2006-0381 (A logic error in the IP fragment cache functionality in pf in
FreeBSD ...)
- kfreebsd-5 5.4-14
CVE-2006-0380 (A logic error in FreeBSD kernel 5.4-STABLE and 6.0 causes the
kernel ...)
@@ -3114,7 +3113,6 @@
NOT-FOR-US: B-Net Software
CVE-2006-0077 (Off-by-one error in the getfattr function in File::ExtAttr
before 0.03 ...)
NOT-FOR-US: File::ExtAttr
- TODO: check for further uploads.
CVE-2006-0076 (PHP remote file include vulnerability in forum.php in oaBoard
1.0 ...)
NOT-FOR-US: oaBoard
CVE-2006-0075 (Direct static code injection vulnerability in phpBook 1.3.2 and
...)
@@ -3533,7 +3531,7 @@
CVE-2006-0039
RESERVED
CVE-2006-0038 (Integer overflow in the do_replace function in netfilter for
Linux ...)
- TODO: check
+ - linux-2.6 2.6.16-1
CVE-2006-0037 (ip_nat_pptp in the PPTP NAT helper
(netfilter/ip_nat_helper_pptp.c) in ...)
- linux-2.6 2.6.15-3
[sarge] - kernel-source-2.6.8 <not-affected> (Vulnerable code not
present)
@@ -5521,6 +5519,7 @@
CVE-2006-0014
RESERVED
CVE-2006-0013 (Buffer overflow in the Web Client service (WebClnt.dll) for
Microsoft ...)
+ NOT-FOR-US: Microsoft
TODO: check
CVE-2006-0012
RESERVED
@@ -5529,17 +5528,17 @@
CVE-2006-0010 (Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows
2000 ...)
NOT-FOR-US: Microsoft
CVE-2006-0009 (Buffer overflow in Microsoft Office 2000 SP3, XP SP3, and other
...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-0008 (The ShellAbout API call in Korean Input Method Editor (IME) in
Korean ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-0007
RESERVED
CVE-2006-0006 (Heap-based buffer overflow in the bitmap processing routine in
...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-0005 (Buffer overflow in the plug-in for Microsoft Windows Media
Player ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-0004 (Microsoft PowerPoint 2000 in Office 2000 SP3 has an interaction
with ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-0003
RESERVED
CVE-2006-0002 (Unspecified vulnerability in Microsoft Outlook 2000 through
2003, ...)
@@ -5551,7 +5550,7 @@
CVE-2005-3713 (Heap-based buffer overflow in Apple Quicktime before 7.0.4
allows ...)
NOT-FOR-US: Apple Quicktime
CVE-2005-3712 (Heap-based buffer overflow in rsync in Mac OS X 10.4 through
10.4.5 ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2005-3711 (Integer overflow in Apple Quicktime before 7.0.4 allows remote
...)
NOT-FOR-US: Apple Quicktime
CVE-2005-3710 (Integer overflow in Apple Quicktime before 7.0.4 allows remote
...)
@@ -5563,7 +5562,7 @@
CVE-2005-3707 (Buffer overflow in Apple Quicktime before 7.0.4 allows remote
...)
NOT-FOR-US: Apple Quicktime
CVE-2005-3706 (Heap-based buffer overflow in LibSystem in Mac OS X 10.4
through ...)
- TODO: check
+ NOT-FOR-US: Mac OS X
CVE-2005-3705 (Heap-based buffer overflow in WebKit in Mac OS X and OS X
Server ...)
NOT-FOR-US: Mac OS X
CVE-2005-3704 (System log server in Mac OS X and OS X Server 10.4 through
10.4.3 ...)
@@ -5650,9 +5649,9 @@
{DSA-904-1}
- netpbm-free 2:10.0-10.1 (medium; bug #351639)
CVE-2005-3631 (udev does not properly set permissions on certain files in
/dev/input, ...)
- NOTE: does not appear to affect debian, redhat-specific
+ - udev <not-affected> (Red Hat specific)
CVE-2005-3630 (Fedora Directory Server before 10 allows remote attackers to
obtain ...)
- TODO: check
+ NOT-FOR-US: Fedora Directory Server
CVE-2005-3629 (initscripts in Red Hat Enterprise Linux 4 does not properly
handle ...)
TODO: check
CVE-2005-3628 (Buffer overflow in the JBIG2Bitmap::JBIG2Bitmap function in ...)
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
