[Secure-testing-commits] r3891 - data/CVE

Stefan Fritsch Sat, 29 Apr 2006 00:20:54 -0700

Author: stef-guest
Date: 2006-04-29 07:19:39 +0000 (Sat, 29 Apr 2006)
New Revision: 3891


Modified:
   data/CVE/list
Log:
new phpldapadmin issue
php bugnums
safari issues don't affect konqueror in sid
some NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2006-04-29 06:42:18 UTC (rev 3890)
+++ data/CVE/list       2006-04-29 07:19:39 UTC (rev 3891)
@@ -1,90 +1,93 @@
 CVE-2006-XXXX [librsvg2 crash on certain svg files]
        - librsvg 2.14.3-2 (bug #361653; bug #361540; medium)
-begin claimed by stef-guest
 CVE-2006-2018 (** DISPUTED ** ...)
-       TODO: check
+       NOT-FOR-US: vBulletin
 CVE-2006-2017 (Dnsmasq 2.29 allows remote attackers to cause a denial of 
service ...)
        - dnsmasq 2.30-1 (medium)
 CVE-2006-2016 (Multiple cross-site scripting (XSS) vulnerabilities in 
phpLDAPadmin ...)
-       TODO: check
+       - phpldapadmin <unfixed> (bug #365313; low)
+       - egroupware <unfixed> (bug #365314; low)
 CVE-2006-2015 (Cross-site scripting (XSS) vulnerability in SL_site 1.0 allows 
remote ...)
-       TODO: check
+       NOT-FOR-US: SL_site
 CVE-2006-2014 (Directory traversal vulnerability in gallerie.php in SL_site 
1.0 ...)
-       TODO: check
+       NOT-FOR-US: SL_site
 CVE-2006-2013 (SQL injection vulnerability in page.php in SL_site 1.0 allows 
remote ...)
-       TODO: check
+       NOT-FOR-US: SL_site
 CVE-2006-2012 (Format string vulnerability in Skulltag 0.96f and earlier 
allows ...)
-       TODO: check
+       NOT-FOR-US: Skulltag
 CVE-2006-2011 (Cross-site scripting (XSS) vulnerability in member.php in 
4images 1.7 ...)
-       TODO: check
+       NOT-FOR-US: 4images
 CVE-2006-2010 (Multiple SQL injection vulnerabilities in check_login.asp in 
Bloggage ...)
-       TODO: check
+       NOT-FOR-US: Bloggage
 CVE-2006-2009 (PHP remote file inclusion vulnerability in agenda.php3 in 
phpMyAgenda ...)
-       TODO: check
+       NOT-FOR-US: phpMyAgenda
 CVE-2006-2008 (PHP remote file inclusion vulnerability in movie_cls.php in 
Built2Go ...)
-       TODO: check
+       NOT-FOR-US: Built2Go
 CVE-2006-2007 (Heap-based buffer overflow in Winny 2.0 b7.1 and earlier allows 
remote ...)
-       TODO: check
+       NOT-FOR-US: Winny
 CVE-2006-2006 (Multiple directory traversal vulnerabilities in IZArc Archiver 
3.5 ...)
-       TODO: check
+       NOT-FOR-US: IZArc Archiver 
 CVE-2006-2005 (Eval injection vulnerability in index.php in ClanSys 1.1 allows 
remote ...)
-       TODO: check
+       NOT-FOR-US: ClanSys
 CVE-2006-2004 (Multiple SQL injection vulnerabilities in RI Blog 1.1 allow 
remote ...)
-       TODO: check
+       NOT-FOR-US: RI Blog
 CVE-2006-2003 (Cross-site scripting (XSS) vulnerability in cgi-bin/guest in 
Community ...)
-       TODO: check
+       NOT-FOR-US: Community Architect Guestbook
 CVE-2006-2002 (PHP remote file inclusion vulnerability in stats.php in 
MyGamingLadder ...)
-       TODO: check
+       NOT-FOR-US: MyGamingLadder
 CVE-2006-2001 (Cross-site scripting (XSS) vulnerability in index.php in Scry 
Gallery ...)
-       TODO: check
+       NOT-FOR-US: Scry Gallery
 CVE-2006-2000 (Cross-site scripting (XSS) vulnerability in /lms/a2z.jsp in 
logMethods ...)
-       TODO: check
+       NOT-FOR-US: logMethods
 CVE-2006-1999 (The multiplayer menu in OpenTTD 0.4.7 allows remote attackers 
to cause ...)
-       TODO: check
+       NOT-FOR-US: OpenTTD
 CVE-2006-1998 (OpenTTD 0.4.7 and earlier allows local users to cause a denial 
of ...)
-       TODO: check
+       NOT-FOR-US: OpenTTD
 CVE-2006-1997 (Unspecified vulnerability in Sybase Pylon Anywhere before 7.0 
allows ...)
-       TODO: check
+       NOT-FOR-US: Sybase Pylon Anywhere
 CVE-2006-1996 (Scry Gallery 1.1 allows remote attackers to obtain sensitive 
...)
-       TODO: check
+       NOT-FOR-US: Scry Gallery
 CVE-2006-1995 (Directory traversal vulnerability in index.php in Scry Gallery 
1.1 ...)
-       TODO: check
+       NOT-FOR-US: Scry Gallery
 CVE-2006-1994 (PHP remote file inclusion vulnerability in dForum 1.5 and 
earlier ...)
-       TODO: check
+       NOT-FOR-US: dForum
 CVE-2006-1992 (mshtml.dll 6.00.2900.2873, as used in Microsoft Internet 
Explorer, ...)
-       TODO: check
+       NOT-FOR-US: Microsoft Internet Explorer
 CVE-2006-1991 (The substr_compare function in string.c in PHP 4.4.2 and 5.1.2 
allows ...)
-       - php4 <unfixed> (bug filed; medium)
-       - php5 <unfixed> (bug filed; medium)
+       - php4 <unfixed> (bug #365311; medium)
+       - php5 <unfixed> (bug #365312; medium)
 CVE-2006-1990 (Integer overflow in the wordwrap function in string.c in PHP 
4.4.2 and ...)
-       - php4 <unfixed> (bug filed; medium)
-       - php5 <unfixed> (bug filed; medium)
+       - php4 <unfixed> (bug #365311; medium)
+       - php5 <unfixed> (bug #365312; medium)
 CVE-2006-1989
        RESERVED
 CVE-2006-1988 (The WebTextRenderer(WebInternal) _CG_drawRun:style:geometry: 
function ...)
-       TODO: check
+       NOT-FOR-US: Apple Safari
+       NOTE: PoC exploit does not work with konqueror 4:3.5.2-2
 CVE-2006-1987 (Apple Safari 2.0.3 allows remote attackers to cause a denial of 
...)
-       TODO: check
+       NOT-FOR-US: Apple Safari
+       NOTE: PoC exploit does not work with konqueror 4:3.5.2-2
 CVE-2006-1986 (Apple Safari 2.0.3 allows remote attackers to cause a denial of 
...)
-       TODO: check
+       NOT-FOR-US: Apple Safari
+       NOTE: PoC exploit does not work with konqueror 4:3.5.2-2
 CVE-2006-1985 (Heap-based buffer overflow in BOMArchiveHelper 10.4 (6.3) Build 
312, ...)
-       TODO: check
+       NOT-FOR-US: BOMArchiveHelper
 CVE-2006-1984 (Unspecified vulnerability in the _cg_TIFFSetField function in 
Mac OS X ...)
-       TODO: check
+       NOT-FOR-US: Mac OS X
 CVE-2006-1983 (Multiple heap-based buffer overflows in Mac OS X 10.4.6 and 
earlier ...)
-       TODO: check
+       NOT-FOR-US: Mac OS X
 CVE-2006-1982 (Heap-based buffer overflow in the LZWDecodeVector function in 
Mac OS X ...)
-       TODO: check
+       NOT-FOR-US: Mac OS X
 CVE-2006-1981 (Unspecified vulnerability in Java InputMethods on Mac OS X 
10.4.5 may ...)
-       TODO: check
+       NOT-FOR-US: Mac OS X
 CVE-2006-1980 (Cross-site scripting (XSS) vulnerability in W2B Online Banking 
allows ...)
-       TODO: check
+       NOT-FOR-US: W2B Online Banking
 CVE-2006-1979 (Cross-site scripting (XSS) vulnerability in mwguest.php in 
Manic Web ...)
-       TODO: check
+       NOT-FOR-US: Manic Web MWGuest
 CVE-2006-1978 (SQL injection vulnerability in inc/start.php in FlexBB 0.5.5 
and ...)
-       TODO: check
+       NOT-FOR-US: FlexBB
 CVE-2006-1977 (Cross-site scripting (XSS) vulnerability in FlexBB 0.5.7 BETA 
and ...)
-       TODO: check
+       NOT-FOR-US: FlexBB
 CVE-2006-1993 (Mozilla Firefox 1.5.0.2 allows remote attackers to cause a 
denial of ...)
        - firefox 1.5.dfsg+1.5.0.2-2
        [sarge] - mozilla-firefox <not-affected>
@@ -92,7 +95,6 @@
        - typo3-src <unfixed> (bug #364350)
 CVE-2006-XXXX [moinmoin XSS]
        - moin 1.5.3-1
-end claimed by stef-guest
 CVE-2006-1976 (Cross-site scripting (XSS) vulnerability in addRequest.php in 
Prayer ...)
        NOT-FOR-US: Prayer Request Board
 CVE-2006-1975 (Cross-site scripting (XSS) vulnerability in 
guestbook_newentry.php in ...)


_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r3891 - data/CVE

Reply via email to