[Secure-testing-commits] r4940 - data/CVE

Wed, 08 Nov 2006 12:54:02 -0800 

Author: stef-guest
Date: 2006-11-08 21:53:57 +0100 (Wed, 08 Nov 2006)
New Revision: 4940

Modified:
   data/CVE/list
Log:
- CVE-2006-5779: new openldap DoS
- CVE-2006-5757: new linux DoS
- phpmyadmin CVEified
- CVE-2006-5706: new php openbasedir issue
- CVE-2006-5705: wordpress issue already fixed


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2006-11-08 20:27:49 UTC (rev 4939)
+++ data/CVE/list       2006-11-08 20:53:57 UTC (rev 4940)
@@ -29,7 +29,8 @@
 CVE-2006-5780 (Stack-based buffer overflow in nfsd.exe in XLink Omni-NFS 
Server 5.2 ...)
        NOT-FOR-US: XLink Omni-NFS
 CVE-2006-5779 (Unspecified vulnerability in the openldap-2.2.29-1 package of 
OpenLDAP ...)
-       TODO: check
+       - openldap2.2 <unfixed> (bug filed)
+       - openldap2.3 <unfixed>
 CVE-2006-5777 (Creasito E-Commerce Content Manager 1.3.08 allows remote 
attackers to ...)
        NOT-FOR-US: Creasito E-Commerce Content Manager
 CVE-2006-5776 (** DISPUTED ** ...)
@@ -71,7 +72,7 @@
 CVE-2006-5758 (Microsoft Windows 2000 through 2000 SP4 and Windows XP through 
SP2 ...)
        NOT-FOR-US: Microsoft
 CVE-2006-5757 (Race condition in the __find_get_block_slow function in the 
ISO9660 ...)
-       TODO: check
+       - linux-2.6 <unfixed> (low)
 CVE-2006-5756
        RESERVED
 CVE-2006-5755
@@ -147,7 +148,8 @@
 CVE-2006-5719 (SQL injection vulnerability in libs/sessions.lib.php in 
BytesFall ...)
        NOT-FOR-US: BytesFall Explorer (bfExplorer)
 CVE-2006-5718 (Cross-site scripting (XSS) vulnerability in error.php in 
phpMyAdmin ...)
-       TODO: check
+       - phpmyadmin 4:2.9.0.3-1 (low; bug #396638)
+       [sarge] - phpmyadmin <not-affected> (Vulnerable code not present)
 CVE-2006-5717 (Multiple cross-site scripting (XSS) vulnerabilities in Zend 
Google ...)
        NOT-FOR-US: Zend Google Data Client Library (ZendGData)
 CVE-2006-5716 (Directory traversal vulnerability in aff_news.php in FreeNews 
2.1 ...)
@@ -171,9 +173,11 @@
 CVE-2006-5707 (SQL injection vulnerability in index.php in PHPEasyData Pro 
1.4.1 and ...)
        NOT-FOR-US: PHPEasyData
 CVE-2006-5706 (Unspecified vulnerabilities in PHP, probably before 5.2.0, 
allow local ...)
-       TODO: check
+       - php5 5.2.0-1
+       - php4 <unfixed> (low)
+       [sarge] - php4 <no-dsa> (open_basedir not supported)
 CVE-2006-5705 (Directory traversal vulnerability in plugins/wp-db-backup.php 
in ...)
-       TODO: check
+       - wordpress 2.0.5-0.1
 CVE-2006-5704 (HP NonStop Server G06.29, when running Standard Security 
T6533G06 ...)
        NOT-FOR-US: HP
 CVE-2006-5703 (Cross-site scripting (XSS) vulnerability in 
tiki-featured_link.php in ...)
@@ -284,9 +288,6 @@
        NOT-FOR-US: DigiOz Guestbook
 CVE-2006-5650 (The ICQPhone.SipxPhoneManager ActiveX control in America Online 
ICQ ...)
        NOT-FOR-US: ICQPhone.SipxPhoneManager
-CVE-2006-XXXX [phpmyadmin XSS (PMASA-2006-6)]
-       - phpmyadmin 4:2.9.0.3-1 (low; bug #396638)
-       [sarge] - phpmyadmin <not-affected> (Vulnerable code not present)
 CVE-2006-XXXX [avahi fake netlink message vulnerability ]
        - avahi 0.6.15-1 (low)
 CVE-2006-5649


_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

Reply via email to