Author: stef-guest
Date: 2006-04-30 15:41:36 +0000 (Sun, 30 Apr 2006)
New Revision: 3895
Modified:
data/CVE/list
Log:
new clamav issue
some NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-04-29 16:25:08 UTC (rev 3894)
+++ data/CVE/list 2006-04-30 15:41:36 UTC (rev 3895)
@@ -59,8 +59,9 @@
CVE-2006-1990 (Integer overflow in the wordwrap function in string.c in PHP
4.4.2 and ...)
- php4 <unfixed> (bug #365311; medium)
- php5 <unfixed> (bug #365312; medium)
-CVE-2006-1989
+CVE-2006-1989 [freshclam: lack of proper check for the size of header data]
RESERVED
+ - clamav 0.88.2-1
CVE-2006-1988 (The WebTextRenderer(WebInternal) _CG_drawRun:style:geometry:
function ...)
NOT-FOR-US: Apple Safari
NOTE: PoC exploit does not work with konqueror 4:3.5.2-2
@@ -193,31 +194,31 @@
CVE-2006-1931 (The HTTP/XMLRPC server in Ruby before 1.8.2 uses blocking
sockets, ...)
TODO: check
CVE-2006-1930 (Multiple SQL injection vulnerabilities in userscript.php in
Green ...)
- TODO: check
+ NOT-FOR-US: Green Minute
CVE-2006-1929 (PHP remote file inclusion vulnerability in include/common.php
in ...)
- TODO: check
+ NOT-FOR-US: I-Rater Platinum
CVE-2006-1928 (Cisco IOS XR, when configured for Multi Protocol Label
Switching ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2006-1927 (Cisco IOS XR, when configured for Multi Protocol Label
Switching ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2006-1926 (SQL injection vulnerability in showtopic.php in ThWboard 2.84
beta 3 ...)
- TODO: check
+ NOT-FOR-US: ThWboard
CVE-2006-1925 (Directory traversal vulnerability in the editnews module ...)
- TODO: check
+ NOT-FOR-US: CuteNews
CVE-2006-1924 (SQL injection vulnerability in functions/db_api.php in LinPHA
1.1.1 ...)
- TODO: check
+ NOT-FOR-US: LinPHA
CVE-2006-1923 (Multiple cross-site scripting (XSS) vulnerabilities in LinPHA
before ...)
- TODO: check
+ NOT-FOR-US: LinPHA
CVE-2006-1922 (PHP remote file inclusion vulnerability in (1) about.php or (2)
...)
- TODO: check
+ NOT-FOR-US: TotalCalendar
CVE-2006-1921 (nettools.php in PHP Net Tools 2.7.1 allows remote attackers to
execute ...)
- TODO: check
+ NOT-FOR-US: PHP Net Tools
CVE-2006-1920 (SQL injection vulnerability in index.php in PMTool 1.2.2 allows
remote ...)
- TODO: check
+ NOT-FOR-US: PMTool
CVE-2006-1919 (PHP remote file inclusion vulnerability in index.php in
Internet ...)
- TODO: check
+ NOT-FOR-US: Internet Photoshow
CVE-2006-1918 (Multiple cross-site scripting (XSS) vulnerabilities in Papoo
2.1.5 ...)
- TODO: check
+ NOT-FOR-US: Papoo
CVE-2006-1917 (SQL injection vulnerability in member.php in Blackorpheus ...)
TODO: check
CVE-2006-1916 (Multiple cross-site scripting (XSS) vulnerabilities in
profile.php in ...)
@@ -736,6 +737,7 @@
CVE-2006-1721 (digestmd5.c in the CMU Cyrus Simple Authentication and Security
Layer ...)
{DSA-1042-1}
- cyrus-sasl2 2.1.19.dfsg1-0.2 (bug #361937; low)
+ - cyrus-sasl2-mit <not-affected> (does not install digest-md5)
CVE-2006-1720 (Cross-site scripting (XSS) vulnerability in search.php in
SaphpLesson ...)
NOT-FOR-US: SaphpLesson
CVE-2006-1719 (Internet Explorer 6 allows remote attackers to cause a denial
of ...)
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
