[Secure-testing-commits] r5258 - data/CVE

Fri, 12 Jan 2007 13:59:30 -0800 

Author: jmm-guest
Date: 2007-01-12 22:59:24 +0100 (Fri, 12 Jan 2007)
New Revision: 5258

Modified:
   data/CVE/list
Log:
fixups


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2007-01-12 20:58:04 UTC (rev 5257)
+++ data/CVE/list       2007-01-12 21:59:24 UTC (rev 5258)
@@ -7,7 +7,7 @@
 CVE-2006-6920 (Cross-site scripting (XSS) vulnerability in Nucleus before 3.24 
allows ...)
        NOT-FOR-US: Nucleus
 CVE-2006-6919 (Firefox Sage extension 1.3.8 and earlier allows remote 
attackers to ...)
-       NOT-FOR-US: Sage extension
+       - firefox-sage <unfixed>
 CVE-2006-6918 (Unspecified vulnerability in the Admin login for Georgian 
discussion ...)
        NOT-FOR-US: GeoBB
 CVE-2006-6917 (Multiple buffer overflows in Computer Associates (CA) 
BrightStor ...)
@@ -15,9 +15,9 @@
 CVE-2006-6916 (Getahead Direct Web Remoting (DWR) before 1.1.3 allows 
attackers to ...)
        NOT-FOR-US: Getahead
 CVE-2007-0204 (Multiple cross-site scripting (XSS) vulnerabilities in 
phpMyAdmin ...)
-       - phpmyadmin <not-affected>
+       - phpmyadmin 4:2.9.1.1-2 (bug #406486; high)
 CVE-2007-0203 (Multiple unspecified vulnerabilities in phpMyAdmin before 
2.9.2-rc1 ...)
-       - phpmyadmin <not-affected>
+       - phpmyadmin 4:2.9.1.1-2 (bug #406486; high)
 CVE-2007-0202 (SQL injection vulnerability in index.php in @lex Guestbook 
4.0.2 and ...)
        NOT-FOR-US: @lex
 CVE-2007-0201 (Buffer overflow in the cmd_usr function in ftp-gw in TIS 
Internet ...)
@@ -104,7 +104,7 @@
 CVE-2007-0161 (The PML Driver HPZ12 (HPZipm12.exe) in the HP all-in-one 
drivers, as ...)
        NOT-FOR-US: HP all-in-one drivers 
 CVE-2007-0160 (Stack-based buffer overflow in the LiveJournal support ...)
-       TODO: LiveJournal
+       TODO: centericq
 CVE-2007-0159 (Directory traversal vulnerability in the 
GeoIP_update_database_general ...)
        - libgeoip1 <unfixed> (bug #406628; medium)
 CVE-2007-0158
@@ -572,11 +572,11 @@
 CVE-2006-6842 (SQL injection vulnerability in admin/admin_acronyms.php in the 
Acronym ...)
        NOT-FOR-US: Acronym Mod for phpBB2
 CVE-2006-6841 (Certain forms in phpBB before 2.0.22 lack session checks, which 
has ...)
-       - phpbb2 <unfixed> (bug #405980; high)
+       - phpbb2 <unfixed> (bug #405980)
 CVE-2006-6840 (Unspecified vulnerability in phpBB before 2.0.22 has unknown 
impact ...)
-       - phpbb2 <unfixed> (bug #405980; high)
+       - phpbb2 <unfixed> (bug #405980)
 CVE-2006-6839 (Unspecified vulnerability in phpBB before 2.0.22 has unknown 
impact ...)
-       - phpbb2 <unfixed> (bug #405980; high)
+       - phpbb2 <unfixed> (bug #405980)
 CVE-2006-6838 (Rediff Bol Downloader ActiveX (OCX) control allows remote 
attackers to ...)
        NOT-FOR-US: Rediff Bol Downloader ActiveX (OCX) control
 CVE-2006-6837 (Multiple stack-based buffer overflows in the (1) LoadTree, (2) 
...)
@@ -725,7 +725,8 @@
 CVE-2006-6773 (pages/register/register.php in Fishyshoop 0.930 beta allows 
remote ...)
        NOT-FOR-US: Fishyshoop
 CVE-2006-6772 (Format string vulnerability in w3m 0.5.1, when run with the 
dump or ...)
-       - w3m 0.5.1-5.1 (bug #404564; high)
+       - w3m 0.5.1-5.1 (bug #404564; low)
+       NOTE: Only exploitable in dump mode
        TODO: Check w3mee, is this forked version still needed?
 CVE-2006-6771 (Multiple PHP remote file inclusion vulnerabilities in Irokez 
CMS 0.7.1 ...)
        NOT-FOR-US: Irokez CMS
@@ -894,8 +895,8 @@
 CVE-2006-6699 (Multiple CRLF injection vulnerabilities in Oracle Portal 9.0.2 
and ...)
        NOT-FOR-US: Oracle Portal
 CVE-2006-6698 (The GConf daemon (gconfd) in GConf 2.14.0 creates temporary 
files ...)
-       - gconf2 <unfixed> (low; bug #404743)
-       [sarge] - gconf2 <no-dsa> (Minor nuisance, not much of a security 
problem)
+       - gconf2 <unfixed> (unimportant; bug #404743)
+       NOTE: Minor nuisance, not much of a security problem
 CVE-2005-4816 (Buffer overflow in mod_radius in ProFTPD before 1.3.0rc2 allows 
remote ...)
        {DSA-1245-1}
        - proftpd-dfsg 1.2.10+1.3.0rc5-1
@@ -1117,7 +1118,8 @@
 CVE-2006-6611 (PHP remote file inclusion vulnerability in interface.php in 
Barman ...)
        NOT-FOR-US: Barman
 CVE-2006-6610 (clientcommands in Nexuiz before 2.2.1 has unknown impact and 
remote ...)
-       - nexuiz 2.2.1-1 (high)
+       - nexuiz 2.2.1-1 (low)
+       NOTE: Only game console command execution possible, not shell commands 
 CVE-2006-6609 (Nexuiz before 2.2.1 allows remote attackers to cause a denial 
of ...)
        - nexuiz 2.2.1-1
 CVE-2006-6608 (Unspecified vulnerability in SSH key based authentication in HP 
...)
@@ -2884,7 +2886,7 @@
 CVE-2006-5825 (Cross-site scripting (XSS) vulnerability in index.php in Kayako 
...)
        NOT-FOR-US: Kayako SupportSuite
 CVE-2006-5824 (Integer overflow in the ffs_rdextattr function in FreeBSD 6.1 
allows ...)
-       - kfreebsd-5 <unfixed> (low)
+       - kfreebsd-5 <unfixed>
        [etch] - kfreebsd-5 <no-dsa> (no security support for freebsd)
 CVE-2006-5823 (The zlib_inflate function in Linux kernel 2.6.x allows local 
users to ...)
        - linux-2.6 <unfixed> (low)
@@ -5627,7 +5629,7 @@
        {DSA-1202-1}
        - screen 4.0.3-0.1 (bug #395225; bug #395999; medium)
 CVE-2006-4572 (ip6_tables in netfilter in the Linux kernel before 2.6.16.31 
allows ...)
-       - linux-2.6 2.6.18-9 (high)
+       - linux-2.6 2.6.18-9 (medium)
 CVE-2006-4571 (Multiple unspecified vulnerabilities in Firefox before 1.5.0.7, 
...)
        {DSA-1210 DSA-1192-1 DSA-1191-1}
        NOTE: MFSA-2006-64


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

Reply via email to