Author: jmm-guest
Date: 2006-04-07 10:51:25 +0000 (Fri, 07 Apr 2006)
New Revision: 3772
Modified:
data/CVE/list
Log:
new mantis issues
new thunderbird issues
Well, all not very new, but noone cared to check them in time
older xscreensaver issues already fixed in sarge
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-04-07 09:21:17 UTC (rev 3771)
+++ data/CVE/list 2006-04-07 10:51:25 UTC (rev 3772)
@@ -1500,11 +1500,11 @@
CVE-2006-0992
RESERVED
CVE-2006-0991 (Buffer overflow in the NetBackup Sharepoint Services server
daemon ...)
- TODO: check
+ NOT-FOR-US: Veritas NetBackup
CVE-2006-0990 (Stack-based buffer overflow in the NetBackup Catalog daemon
(bpdbm) in ...)
- TODO: check
+ NOT-FOR-US: Veritas NetBackup
CVE-2006-0989 (Stack-based buffer overflow in the volume manager daemon (vmd)
in ...)
- TODO: check
+ NOT-FOR-US: Veritas NetBackup
CVE-2006-0988 (The default configuration of the DNS Server service on Windows
Server ...)
NOT-FOR-US: MS Windows issue
CVE-2006-0987 (The default configuration of ISC BIND, when configured as a
caching ...)
@@ -1729,11 +1729,13 @@
CVE-2006-0885 (Cross-site scripting (XSS) vulnerability in show_news.php in
CuteNews ...)
NOT-FOR-US: CuteNews
CVE-2006-0884 (The WYSIWYG rendering engine in Mozilla Thunderbird 1.0.7 and
earlier ...)
- TODO: check
+ - mozilla-thunderbird <unfixed>
CVE-2003-1295 (Unspecified vulnerability in xscreensaver 4.12, and possibly
other ...)
- TODO: check
+ - xscreensaver 4.21-1
+ NOTE: Might be fixed earlier, but I've verified that the SuSE patch is
included
+ NOTE: in the Sarge version --jmm
CVE-2003-1294 (Xscreensaver before 4.15 creates temporary files insecurely in
(1) ...)
- TODO: check
+ - xscreensaver 4.15-1
CVE-2006-0883 (OpenSSH on FreeBSD 5.3 and 5.4, when used with OpenPAM, does
not ...)
- openssh 3.8.1p1-4
[woody] - openssh <not-affected>
@@ -1823,17 +1825,17 @@
CVE-2006-0842 (Cross-site scripting (XSS) vulnerability in Calacode @Mail 4.3
allows ...)
TODO: check
CVE-2006-0841 (Multiple cross-site scripting (XSS) vulnerabilities in Mantis
1.00rc4 ...)
- TODO: check
+ - mantis <unfixed>
CVE-2006-0840 (manage_user_page.php in Mantis 1.00rc4 and earlier does not
properly ...)
- TODO: check
+ - mantis <unfixed>
CVE-2006-0839 (The frag3 preprocessor in Sourcefire Snort 2.4.3 does not
properly ...)
TODO: check
CVE-2006-0838 (IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 stores cleartext
...)
- TODO: check
+ NOT-FOR-US: Tivoli
CVE-2006-0837 (IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 has
world-readable ...)
- TODO: check
+ NOT-FOR-US: Tivoli
CVE-2006-0836 (Mozilla Thunderbird 1.5 allows user-complicit attackers to
cause an ...)
- TODO: check
+ - mozilla-thunderbird <unfixed>
CVE-2006-0835 (SQL injection vulnerability in dropbase.php in MitriDAT Web
Calendar ...)
TODO: check
CVE-2006-0834 (Uniden UIP1868P VoIP Telephone and Router has a default
password of ...)
@@ -1845,7 +1847,7 @@
CVE-2006-0831 (PHP remote file include vulnerability in index.php in Tasarim
Rehberi ...)
TODO: check
CVE-2006-0830 (The scripting engine in Internet Explorer allows remote
attackers to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-0829 (Cross-site scripting vulnerability in E-Blah Platinum 9.7
allows ...)
TODO: check
CVE-2006-0828 (Unspecified vulnerability in ESS/ Network Controller and
MicroServer ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
