[Secure-testing-commits] r3896 - data/CVE

Sun, 30 Apr 2006 10:52:26 -0700 

Author: stef-guest
Date: 2006-04-30 17:51:49 +0000 (Sun, 30 Apr 2006)
New Revision: 3896

Modified:
   data/CVE/list
Log:
ruby issue not fixed in sarge

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2006-04-30 15:41:36 UTC (rev 3895)
+++ data/CVE/list       2006-04-30 17:51:49 UTC (rev 3896)
@@ -192,7 +192,10 @@
 CVE-2006-1932 (Off-by-one error in the OID printing routine in Ethereal 0.10.x 
up to ...)
        - ethereal <unfixed> (bug #364758; medium)
 CVE-2006-1931 (The HTTP/XMLRPC server in Ruby before 1.8.2 uses blocking 
sockets, ...)
-       TODO: check
+       NOTE: the redhat bugzilla entry says this is fixed in 1.8.3
+       NOTE: the fix is definitely not in 1.8.2-7sarge2        
+       - ruby1.8 1.8.3
+       [sarge] - ruby1.8 <unfixed> (bug filed)
 CVE-2006-1930 (Multiple SQL injection vulnerabilities in userscript.php in 
Green ...)
        NOT-FOR-US: Green Minute
 CVE-2006-1929 (PHP remote file inclusion vulnerability in include/common.php 
in ...)
@@ -220,15 +223,15 @@
 CVE-2006-1918 (Multiple cross-site scripting (XSS) vulnerabilities in Papoo 
2.1.5 ...)
        NOT-FOR-US: Papoo
 CVE-2006-1917 (SQL injection vulnerability in member.php in Blackorpheus ...)
-       TODO: check
+       NOT-FOR-US: Blackorpheus ClanMemberSkript
 CVE-2006-1916 (Multiple cross-site scripting (XSS) vulnerabilities in 
profile.php in ...)
-       TODO: check
+       NOT-FOR-US: DbbS
 CVE-2006-1915 (SQL injection vulnerability in topics.php in DbbS 2.0-alpha and 
...)
-       TODO: check
+       NOT-FOR-US: DbbS
 CVE-2006-1914 (DbbS 2.0-alpha and earlier allows remote attackers to obtain 
sensitive ...)
-       TODO: check
+       NOT-FOR-US: DbbS
 CVE-2006-1913 (Cross-site scripting (XSS) vulnerability in jax_guestbook.php 
in Jax ...)
-       TODO: check
+       NOT-FOR-US: Jax Guestbook
 CVE-2006-1912 (MyBB (MyBulletinBoard) 1.1.0 does not set the constant 
KILL_GLOBAL ...)
        TODO: check
 CVE-2006-1911 (Cross-site scripting (XSS) vulnerability in MyBB 
(MyBulletinBoard) 1.1 ...)


_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

Reply via email to