Author: jmm-guest Date: 2006-12-15 17:11:59 +0100 (Fri, 15 Dec 2006) New Revision: 5125 Modified: data/CVE/list Log: new gdm issue xine-lib issue only in xine NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-12-15 11:48:23 UTC (rev 5124) +++ data/CVE/list 2006-12-15 16:11:59 UTC (rev 5125) @@ -331,7 +331,7 @@ - linux-2.6 <unfixed> [etch] - linux-2.6 <not-affected> (Only affects 2.6.19, introduced after 2.6.18) CVE-2006-6332 (Stack-based buffer overflow in net80211/ieee80211_wireless.c in ...) - - madwifi 1:0.9.2+r1842.20061207-2 + - madwifi 1:0.9.2+r1842.20061207-2 (high; bug #402836) [etch] - madwifi <no-dsa> (Non-free not supported) CVE-2006-6331 (metaInfo.php in TorrentFlux 2.2, when $cfg["enable_file_priority"] is ...) TODO: check @@ -564,7 +564,7 @@ CVE-2006-6222 RESERVED CVE-2006-6221 (2X ThinClientServer Enterprise Edition before 4.0.2248 allows remote ...) - TODO: check + NOT-FOR-US: 2X ThinClientServer Enterprise Edition CVE-2006-6220 (Multiple SQL injection vulnerabilities in Recipes Website (Recipes ...) NOT-FOR-US: Recipes Complete Website CVE-2006-6219 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) @@ -582,7 +582,7 @@ CVE-2006-6213 (index.php in PEGames uses the extract function to overwrite critical ...) NOT-FOR-US: PEGames CVE-2006-6212 (PHP remote file inclusion vulnerability in centre.php in Site News ...) - TODO: check + NOT-FOR-US: Site News CVE-2006-6211 (Multiple cross-site scripting (XSS) vulnerabilities in BirdBlog 1.4.0 ...) NOT-FOR-US: BirdBlog CVE-2006-6210 (SQL injection vulnerability in listpics.asp in ASP ListPics 5.0 allows ...) @@ -600,51 +600,51 @@ CVE-2006-6204 (Multiple SQL injection vulnerabilities in Enthrallweb eHomes allow ...) NOT-FOR-US: Enthrallweb eHomes CVE-2006-6203 (Directory traversal vulnerability in startdown.php in the Flyspray ME ...) - TODO: check + NOT-FOR-US: Flyspray componenten for Mamba, this appears to be different from the Flyspray bug tracker CVE-2006-6202 (PHP remote file inclusion vulnerability in modules/NukeAI/util.php in ...) - TODO: check + NOT-FOR-US: PHP-Nuke CVE-2006-6201 (Heap-based buffer overflow in Borland idsql32.dll 5.1.0.4, as used by ...) - TODO: check + NOT-FOR-US: Borland idsql32.dll CVE-2006-6200 (Multiple SQL injection vulnerabilities in the (1) rate_article and (2) ...) - TODO: check + NOT-FOR-US: PHP-Nuke CVE-2006-6199 (Stack-based buffer overflow in BlazeVideo BlazeDVD Standard and ...) - TODO: check + NOT-FOR-US: BlazeVideo BlazeDVD CVE-2006-6198 (Multiple cross-site scripting (XSS) vulnerabilities in cPanel WebHost ...) - TODO: check + NOT-FOR-US: cPanel CVE-2006-6197 (Multiple cross-site scripting (XSS) vulnerabilities in b2evolution ...) - TODO: check b2evolution + TODO: check b2evolution CVE-2006-6196 (Cross-site scripting (XSS) vulnerability in the search functionality ...) - TODO: check + NOT-FOR-US: Fixit iDMS Pro Image Gallery CVE-2006-6195 (Multiple SQL injection vulnerabilities in Fixit iDMS Pro Image Gallery ...) - TODO: check + NOT-FOR-US: Fixit iDMS Pro Image Gallery CVE-2006-6194 (Multiple SQL injection vulnerabilities in index.asp in Ultimate Survey ...) - TODO: check + NOT-FOR-US: Ultimate Survey Pro CVE-2006-6193 (SQL injection vulnerability in edit.asp in BasicForum 1.1 and earlier ...) - TODO: check + NOT-FOR-US: BasicForum CVE-2006-6192 (Unspecified scripts in the admin directory in 8pixel.net SimpleBlog ...) - TODO: check + NOT-FOR-US: 8pixel.net SimpleBlog CVE-2006-6191 (SQL injection vulnerability in admin/edit.asp in 8pixel.net simpleblog ...) - TODO: check + NOT-FOR-US: 8pixel.net SimpleBlog CVE-2006-6190 (SQL injection vulnerability in anna.pl in Anna^ IRC Bot before 0.30 ...) - TODO: check + NOT-FOR-US: Anna^ IRC Bot CVE-2006-6189 (SQL injection vulnerability in displayCalendar.asp in ClickTech Click ...) - TODO: check + NOT-FOR-US: ClickTech Click Blog CVE-2006-6188 (Cross-site scripting (XSS) vulnerability in view_search.asp in ...) - TODO: check + NOT-FOR-US: ClickTech Click Gallery CVE-2006-6187 (Multiple SQL injection vulnerabilities in ClickTech Click Gallery ...) - TODO: check + NOT-FOR-US: ClickTech Click Gallery CVE-2006-6186 (Multiple directory traversal vulnerabilities in enomphp 4.0 allow ...) - TODO: check + NOT-FOR-US: enomphp CVE-2006-6185 (Directory traversal vulnerability in script.php in Wabbit PHP Gallery ...) - TODO: check + NOT-FOR-US: Wabbit PHP Gallery CVE-2006-6184 (Multiple stack-based buffer overflows in Allied Telesyn TFTP Server ...) - TODO: check + NOT-FOR-US: Allied Telesyn TFTP Server CVE-2006-6183 (Multiple stack-based buffer overflows in 3Com 3CTftpSvc 2.0.1, and ...) - NOT-FOR-US: 3CTftpSvc + NOT-FOR-US: 3Com 3CTftpSvc CVE-2006-6182 (The Gabriele Teotino GNotebook 0.7.0.1 gadget for Google Desktop ...) - NOT-FOR-US: GNotebook + NOT-FOR-US: Gabriele Teotino GNotebook CVE-2006-6181 (Multiple SQL injection vulnerabilities in default.asp in ClickTech ...) - TODO: check + NOT-FOR-US: ClickTech ClickContact CVE-2006-6180 (Cross-site scripting (XSS) vulnerability in articles.asp in ...) NOT-FOR-US: iNews Publisher CVE-2006-6179 (Buffer overflow in ...) @@ -652,7 +652,7 @@ CVE-2006-6178 (Buffer overflow in PCCSRV\Web_console\RemoteInstallCGI\Wizard.exe for ...) NOT-FOR-US: Trend Micro OfficeScan CVE-1999-1590 (Directory traversal vulnerability in Muhammad A. Muquit wwwcount ...) - TODO: check + NOT-FOR-US: Muhammad A. Muquit wwwcoun CVE-2006-XXXX [libxslt segfault / DoS] - libxslt 1.1.18-3 (low) [sarge] - libxslt <not-affected> (vulnerability added later) @@ -669,7 +669,6 @@ NOT-FOR-US: Mac OS X CVE-2006-6172 (Buffer overflow in the asmrp_eval function for Real Media input plugin ...) - xine-lib 1.1.2+dfsg-2 (medium; bug #401740) - TODO: check usual suspects (ffmpeg, ...) CVE-2006-6171 (** DISPUTED ** ...) {DSA-1218} - proftpd-dfsg 1.3.0-13 (low; bug #399070) @@ -820,8 +819,10 @@ - dbus 1.0.2-1 CVE-2006-6106 RESERVED -CVE-2006-6105 +CVE-2006-6105 [gdmchooser format string issue] RESERVED + - gdm <unfixed> (medium) + [sarge] - gdm <not-affected> (Vulnerable code not present) CVE-2006-6104 RESERVED CVE-2006-6103