thr3ads.net - Secure testing commits - [Secure-testing-commits] r5040

If this information is useful, please help other people find it:
Share via:
Stefan Fritsch
2006-Dec-01 23:25 UTC
[Secure-testing-commits] r5040 - data/CVE

Author: stef-guest
Date: 2006-12-01 23:25:55 +0100 (Fri, 01 Dec 2006)
New Revision: 5040

Modified:
   data/CVE/list
Log:
- CVE-2006-3122: dhcp issue still unfixed in sid
- CVE-2006-1066: linux issue already fixed
- CVE-2005-0378: horde3 issue already fixed
- some NFUs


Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-12-01 22:01:02 UTC (rev 5039)
+++ data/CVE/list	2006-12-01 22:25:55 UTC (rev 5040)
@@ -671,7 +671,7 @@
 CVE-2006-5862 (Directory traversal vulnerability in the session mechanism of
the web ...)
 	NOT-FOR-US: Network Administration Visualized
 CVE-2006-5861 (The Independent Management Architecture (IMA) service
(ImaSrv.exe) in ...)
-	TODO: check
+	NOT-FOR-US: Citrix
 CVE-2006-5860
 	RESERVED
 CVE-2006-5859
@@ -687,11 +687,11 @@
 CVE-2006-5854
 	RESERVED
 CVE-2006-5853 (Cross-site scripting (XSS) vulnerability in logon.aspx in
Immediacy ...)
-	TODO: check
+	NOT-FOR-US: Immediacy CMS
 CVE-2006-5852 (Untrusted search path vulnerability in openexec in OpenBase SQL
before ...)
-	TODO: check
+	NOT-FOR-US: OpenBase SQL
 CVE-2006-5851 (openexec in OpenBase SQL before 10.0.1 allows local users to
create ...)
-	TODO: check
+	NOT-FOR-US: OpenBase SQL
 CVE-2006-5850 (Stack-based buffer overflow in Essentia Web Server 2.15 for
Windows ...)
 	NOT-FOR-US: Essentia Web Server
 CVE-2006-5849 (PHP remote file inclusion vulnerability in inc/irayofuncs.php in
...)
@@ -738,13 +738,13 @@
 CVE-2006-5829 (Multiple SQL injection vulnerabilities in All In One Control
Panel ...)
 	NOT-FOR-US: All In One Control Panel (AIOCP)
 CVE-2006-5828 (SQL injection vulnerability in detail.php in DeltaScripts PHP
...)
-	TODO: check
+	NOT-FOR-US: PHP Classifieds
 CVE-2006-5827 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
in ...)
-	TODO: check
+	NOT-FOR-US: phpComasy CMS
 CVE-2006-5826 (Buffer overflow in Texas Imperial Software WFTPD Pro Server
3.23.1.1 ...)
-	TODO: check
+	NOT-FOR-US: Texas Imperial Software WFTPD Pro Server
 CVE-2006-5825 (Cross-site scripting (XSS) vulnerability in index.php in Kayako
...)
-	TODO: check
+	NOT-FOR-US: Kayako SupportSuite
 CVE-2006-5824 (Integer overflow in the ffs_rdextattr function in FreeBSD 6.1
allows ...)
 	TODO: check
 CVE-2006-5823 (The zlib_inflate function in Linux kernel 2.6.x allows local
users to ...)
@@ -752,11 +752,11 @@
 CVE-2006-5822
 	RESERVED
 CVE-2006-5821 (Heap-based buffer overflow in the IMA_SECURE_DecryptData1
function in ...)
-	TODO: check
+	NOT-FOR-US: Citrix
 CVE-2006-5820
 	RESERVED
 CVE-2006-5819 (Verity Ultraseek before 5.7 allows remote attackers to use the
server ...)
-	TODO: check
+	NOT-FOR-US: Verity Ultraseek
 CVE-2006-5864 (Stack-based buffer overflow in the ps_gettext function in ps.c
for GNU ...)
 	{DSA-1214}
 	- gv 1:3.6.2-2 (medium; bug #398292)
@@ -840,7 +840,7 @@
 CVE-2006-5783 (** DISPUTED ** ...)
 	NOTE: irreproducible firefox issue
 CVE-2006-5782 (radexecd.exe in HP OpenView Client Configuraton Manager (CCM)
does not ...)
-	TODO: check
+	NOT-FOR-US: HP OpenView
 CVE-2006-5781 (Stack-based buffer overflow in the handshake function in iodine
0.3.2 ...)
 	NOT-FOR-US: iodine
 CVE-2006-5780 (Stack-based buffer overflow in nfsd.exe in XLink Omni-NFS Server
5.2 ...)
@@ -903,7 +903,7 @@
 CVE-2006-5751
 	RESERVED
 CVE-2006-5750 (Directory traversal vulnerability in JBoss Application Server
...)
-	TODO: check
+	NOT-FOR-US: JBoss
 CVE-2006-5749
 	RESERVED
 CVE-2006-5748 (Multiple unspecified vulnerabilities in the JavaScript engine in
...)
@@ -1389,7 +1389,7 @@
 CVE-2006-5520 (PHP remote file inclusion vulnerability in functions.php in ...)
 	NOT-FOR-US: PHP Classifieds
 CVE-2006-5519 (PHP remote file inclusion vulnerability in ...)
-	TODO: check
+	TODO: check egroupware
 CVE-2006-5518 (Multiple PHP remote file inclusion vulnerabilities in
Christopher ...)
 	NOT-FOR-US: RSSonate
 CVE-2006-5517 (Multiple PHP remote file inclusion vulnerabilities in Rhode
Island ...)
@@ -1587,7 +1587,7 @@
 CVE-2006-5443 (Unspecified vulnerability in XIAO Gang WWW Interactive
Mathematics ...)
 	- wims 3.60-1 (bug #395102)
 CVE-2006-5442 (ViewVC 1.0.2 and earlier does not specify a charset in its HTTP
...)
-	TODO: check
+	TODO: check viewcvs
 CVE-2006-5441 (PHP remote file inclusion vulnerability in adminfoot.php in
Comdev Web ...)
 	NOT-FOR-US: Comdev Web Blogger
 CVE-2006-5440 (PHP remote file inclusion vulnerability in adminfoot.php in
Comdev ...)
@@ -3604,7 +3604,7 @@
 CVE-2006-4519
 	RESERVED
 CVE-2006-4518 (Qbik WinGate 6.1.4 and earlier allows remote attackers to cause
a ...)
-	TODO: check
+	NOT-FOR-US: Qbik WinGate
 CVE-2006-4517 (Novell iManager 2.5 and 2.0.2 allows remote attackers to cause a
...)
 	NOT-FOR-US: Novell iManager
 CVE-2006-4516 (Integer signedness error in FreeBSD 6.0-RELEASE allows local
users to ...)
@@ -4393,7 +4393,7 @@
 	{DSA-1196-1}
 	- clamav 0.88.5-1 (high; bug #393445)
 CVE-2006-4181 (Format string vulnerability in the sqllog function in the SQL
...)
-	TODO: check
+	NOT-FOR-US: GNU Radius 
 CVE-2006-4180
 	REJECTED
 CVE-2006-4179
@@ -4852,7 +4852,7 @@
 CVE-2006-3974
 	RESERVED
 CVE-2006-3973 (My Firewall Plus 5.0 Build 1119 does not verify if explorer.exe
is ...)
-	TODO: check
+	NOT-FOR-US: My Firewall Plus
 CVE-2006-3972 (Directory traversal vulnerability in ...)
 	NOT-FOR-US: Ajax Chat
 CVE-2006-3971 (Cross-site scripting (XSS) vulnerability in ...)
@@ -5028,7 +5028,7 @@
 CVE-2006-3891
 	RESERVED
 CVE-2006-3890 (Stack-based buffer overflow in the Sky Software FileView ActiveX
...)
-	TODO: check
+	NOT-FOR-US: Sky Software FileView ActiveX
 CVE-2006-3889
 	RESERVED
 CVE-2006-3888 (Buffer overflow in AOL You''ve Got Pictures (YGP) Pic
Downloader ...)
@@ -6769,7 +6769,7 @@
 	- cfs 1.4.1-17
 CVE-2006-3122 (The supersede_lease function in memory.c in ISC DHCP (dhcpd)
server ...)
 	{DSA-1143-1}
-	TODO: check
+	- dhcp <unfixed> (bug #380273)
 CVE-2006-3121 (The peel_netstring function in cl_netstring.c in the heartbeat
...)
 	{DSA-1151-1}
 	- heartbeat-2 2.0.6-2
@@ -11755,7 +11755,7 @@
 	NOT-FOR-US: VXWorks
 CVE-2006-1066 (Linux kernel 2.6.16-rc2 and earlier, when running on x86_64
systems ...)
 	{DSA-1017-1}
-	TODO: check
+	- linux-2.6 2.6.16-1
 CVE-2006-1065 (SQL injection vulnerability in search.php in MyBulletinBoard
(MyBB) ...)
 	NOT-FOR-US: MyBulletinBoard
 CVE-2006-1064 (Multiple cross-site scripting (XSS) vulnerabilities in Lurker
2.0 and ...)
@@ -24117,7 +24117,6 @@
 	NOT-FOR-US: Serendipity
 CVE-2005-1711 (Gibraltar Firewall 2.2 and earlier, when using the ClamAV update
to ...)
 	NOT-FOR-US: Gibraltar Firewall
-	TODO: check, whether gibraltar-bootcd is in any way related/affected
 CVE-2005-1710 (Multiple cross-site scripting (XSS) vulnerabilities in Blue Coat
...)
 	NOT-FOR-US: Blue Coat
 CVE-2005-1709 (Unknown vulnerability in Blue Coat Reporter before 7.1.2 allows
remote ...)
@@ -28975,7 +28974,7 @@
 	NOT-FOR-US: ZeroBoard
 CVE-2005-0378 (Multiple cross-site scripting (XSS) vulnerabilities in Horde 3.0
allow ...)
 	- horde2 <not-affected>
-	TODO: check horde3
+	- horde3 3.0.1-1
 CVE-2005-0377 (SQL injection vulnerability in imageview.php for SGallery 1.01
allows ...)
 	NOT-FOR-US: sgallery
 CVE-2005-0376 (PHP remote file inclusion vulnerability in SGallery 1.01 allows
local ...)
Secure testing commits - Dec 2006 - r5040 - data/CVE

[Secure-testing-commits] r5040 - data/CVE
