Author: stef-guest
Date: 2006-06-06 08:51:01 +0000 (Tue, 06 Jun 2006)
New Revision: 4153
Modified:
data/CVE/list
Log:
many mozilla issues, some fixed in firefox
new webalizer issue
mysql issue CVEified and fixed in 5.0
python-pgsql fixed
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-06-06 07:45:18 UTC (rev 4152)
+++ data/CVE/list 2006-06-06 08:51:01 UTC (rev 4153)
@@ -2,6 +2,8 @@
- dokuwiki <unfixed> (medium)
CVE-2006-XXXX [PHP injection vulnerability in dokuwiki via curly braces]
- dokuwiki <unfixed> (medium)
+CVE-2006-XXXX [webalizer: symlink vulnerability]
+ - webalizer 2.01.10-29
CVE-2006-2805 (SQL injection vulnerability in VBulletin 3.0.10 allows remote
...)
NOT-FOR-US: vBulletin
CVE-2006-2804 (Cross-site scripting (XSS) vulnerability in index.cfm in Goss
iCM 7.0 ...)
@@ -41,31 +43,99 @@
CVE-2006-2788 (Double-free vulnerability in the getRawDER function for
nsIX509Cert in ...)
TODO: check
CVE-2006-2787 (EvalInSandbox in Mozilla Firefox and Thunderbird before 1.5.0.4
allows ...)
- TODO: check
+ NOTE: MFSA-2006-31
+ - firefox 1.5.dfsg+1.5.0.4-1 (medium)
+ [sarge] - mozilla-firefox <unfixed> (medium)
+ - thunderbird <unfixed> (medium)
+ [sarge] - mozilla-thunderbird <unfixed> (medium)
+ - mozilla <unfixed> (medium)
+ - xulruner <unfixed> (medium)
CVE-2006-2786 (HTTP response smuggling vulnerability in Mozilla Firefox and
...)
- TODO: check
+ NOTE: MFSA-2006-33
+ - firefox 1.5.dfsg+1.5.0.4-1 (medium)
+ [sarge] - mozilla-firefox <unfixed> (medium)
+ - thunderbird <unfixed> (medium)
+ [sarge] - mozilla-thunderbird <unfixed> (medium)
+ - mozilla <unfixed> (medium)
+ - xulruner <unfixed> (medium)
CVE-2006-2785 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox
before ...)
- TODO: check
+ NOTE: MFSA-2006-34
+ - firefox 1.5.dfsg+1.5.0.4-1 (medium)
+ [sarge] - mozilla-firefox <unfixed> (medium)
+ - mozilla <unfixed> (medium)
+ - xulruner <unfixed> (medium)
CVE-2006-2784 (The PLUGINSPAGE functionality in Mozilla Firefox before 1.5.0.4
allows ...)
- TODO: check
+ NOTE: MFSA-2006-36
+ - firefox 1.5.dfsg+1.5.0.4-1 (medium)
+ [sarge] - mozilla-firefox <unfixed> (medium)
+ - mozilla <unfixed> (medium)
+ - xulruner <unfixed> (medium)
CVE-2006-2783 (Mozilla Firefox and Thunderbird before 1.5.0.4 strips the
Unicode ...)
- TODO: check
+ NOTE: MFSA-2006-42
+ - firefox 1.5.dfsg+1.5.0.4-1 (medium)
+ [sarge] - mozilla-firefox <unfixed> (medium)
+ - thunderbird <unfixed> (medium)
+ [sarge] - mozilla-thunderbird <unfixed> (medium)
+ - mozilla <unfixed> (medium)
+ - xulruner <unfixed> (medium)
CVE-2006-2782 (Firefox 1.5.0.2 does not fix all test cases associated with ...)
- TODO: check
+ NOTE: MFSA-2006-41
+ - firefox 1.5.dfsg+1.5.0.4-1 (medium)
+ [sarge] - mozilla-thunderbird <unfixed> (medium)
+ - mozilla <unfixed> (medium)
+ - xulruner <unfixed> (medium)
CVE-2006-2781 (Double-free vulnerability in Mozilla Thunderbird before 1.5.0.4
and ...)
- TODO: check
+ NOTE: MFSA-2006-40
+ - thunderbird <unfixed> (high)
+ [sarge] - mozilla-thunderbird <unfixed> (high)
+ - mozilla <unfixed> (high)
+ - xulruner <unfixed> (high)
CVE-2006-2780 (Integer overflow in Mozilla Firefox and Thunderbird before
1.5.0.4 ...)
- TODO: check
+ NOTE: MFSA-2006-32
+ - firefox 1.5.dfsg+1.5.0.4-1 (high)
+ [sarge] - mozilla-firefox <unfixed> (high)
+ - thunderbird <unfixed> (high)
+ [sarge] - mozilla-thunderbird <unfixed> (high)
+ - mozilla <unfixed> (high)
+ - xulruner <unfixed> (high)
CVE-2006-2779 (Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote
attackers ...)
- TODO: check
+ NOTE: MFSA-2006-32
+ - firefox 1.5.dfsg+1.5.0.4-1 (high)
+ [sarge] - mozilla-firefox <unfixed> (high)
+ - thunderbird <unfixed> (high)
+ [sarge] - mozilla-thunderbird <unfixed> (high)
+ - mozilla <unfixed> (high)
+ - xulruner <unfixed> (high)
CVE-2006-2778 (The crypto.signText function in Mozilla Firefox and Thunderbird
before ...)
- TODO: check
+ NOTE: MFSA-2006-38
+ - firefox 1.5.dfsg+1.5.0.4-1 (high)
+ [sarge] - mozilla-firefox <unfixed> (high)
+ - thunderbird <unfixed> (high)
+ [sarge] - mozilla-thunderbird <unfixed> (high)
+ - mozilla <unfixed> (high)
+ - xulruner <unfixed> (high)
CVE-2006-2777 (Unspecified vulnerability in Mozilla Firefox before 1.5.0.4 and
...)
- TODO: check
+ NOTE: MFSA-2006-43
+ - firefox 1.5.dfsg+1.5.0.4-1 (high)
+ [sarge] - mozilla-firefox <unfixed> (high)
+ - mozilla <unfixed> (high)
+ - xulruner <unfixed> (high)
CVE-2006-2776 (Certain privileged UI code in Mozilla Firefox and Thunderbird
before ...)
- TODO: check
+ NOTE: MFSA-2006-37
+ - firefox 1.5.dfsg+1.5.0.4-1 (high)
+ [sarge] - mozilla-firefox <unfixed> (high)
+ - thunderbird <unfixed> (high)
+ [sarge] - mozilla-thunderbird <unfixed> (high)
+ - mozilla <unfixed> (high)
+ - xulruner <unfixed> (high)
CVE-2006-2775 (Mozilla Firefox and Thunderbird before 1.5.0.4 associates XUL
...)
- TODO: check
+ NOTE: MFSA-2006-35
+ - firefox 1.5.dfsg+1.5.0.4-1 (high)
+ [sarge] - mozilla-firefox <unfixed> (high)
+ - thunderbird <unfixed> (high)
+ [sarge] - mozilla-thunderbird <unfixed> (high)
+ - mozilla <unfixed> (high)
+ - xulruner <unfixed> (high)
CVE-2006-2774 (Cross-site scripting (XSS) vulnerability in search.php in
QontentOne ...)
TODO: check
CVE-2006-2773 (admin/redigera/redigera2.asp in Hogstorps hogstorp Guestbook
2.0 does ...)
@@ -108,8 +178,6 @@
TODO: check
CVE-2006-2754 (Stack-based buffer overflow in st.c in slurpd for OpenLDAP
before ...)
TODO: check
-CVE-2006-2753 (SQL injection vulnerability in MySQL 4.1.x before 4.1.20 and
5.0.x ...)
- TODO: check
CVE-2006-2752 (The RedCarpet /etc/ximian/rcd.conf configuration file in Novell
Linux ...)
TODO: check
CVE-2006-2751 (Cross-site scripting (XSS) vulnerability in Open Searchable
Image ...)
@@ -333,10 +401,10 @@
CVE-2006-XXXX [drupal: Execution of arbitrary files in certain Apache
configurations]
- drupal <unfixed> (bug #368835; medium)
NOTE: Micah requested CVE, June 6, 2006
-CVE-2006-XXXX [mysql SQL-injection with multibyte encoding]
+CVE-2006-2753 [mysql SQL-injection with multibyte encoding]
- mysql-dfsg <removed> (bug #369741; bug #356751; medium)
- mysql <unfixed> (bug #369754; medium)
- - mysql-dfsg-5.0 <unfixed> (bug #369735; medium)
+ - mysql-dfsg-5.0 5.0.22-1 (bug #369735; medium)
- mysql-dfsg-4.1 <unfixed> (medium)
CVE-2006-2659 (libs/comverp.c in Courier MTA before 0.53.2 allows attackers to
cause ...)
- courier 0.53.2-1 (bug #368834)
@@ -1068,7 +1136,7 @@
- postgresql-8.0 <removed> (medium)
- postgresql-8.1 8.1.4-1 (medium)
- psycopg 1.1.21-5 (bug #369230)
- - python-pgsql <unfixed> (bug #369250)
+ - python-pgsql 2.4.0-8 (bug #369250)
- pygresql 1:3.6.1-1 (bug #369239)
[sarge] - pygresql <not-affected> (Already includes proper quoting)
NOTE: Beginning with version 7.5.4, postgresql is a transition
@@ -1910,9 +1978,13 @@
CVE-2006-1943 (Multiple cross-site scripting (XSS) vulnerabilities in Smarter
Scripts ...)
NOT-FOR-US: Smarter Scripts IntelliLink Pro
CVE-2006-1942 (Mozilla Firefox 1.5.0.2 and possibly other versions before
1.5.0.4, ...)
- TODO: check
- NOTE: pkg-mozilla-maintainers are preparing a big security release,
I've pinged them
- NOTE: to ask about this issue
+ NOTE: MFSA-2006-39
+ - firefox 1.5.dfsg+1.5.0.4-1 (low)
+ [sarge] - mozilla-firefox <unfixed> (low)
+ - thunderbird <unfixed> (low)
+ [sarge] - mozilla-thunderbird <unfixed> (low)
+ - mozilla <unfixed> (low)
+ - xulruner <unfixed> (low)
CVE-2006-1941 (Neon Responder 5.4 for LANsurveyor allows remote attackers to
cause a ...)
NOT-FOR-US: Neon Responder
CVE-2006-1940 (Unspecified vulnerability in Ethereal 0.10.4 up to 0.10.14
allows ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
