Author: jmm-guest
Date: 2006-12-16 01:29:33 +0100 (Sat, 16 Dec 2006)
New Revision: 5131
Modified:
data/CVE/list
Log:
b2evolution not-affected
older linux-2.6 issue already fixed
NFUs
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-12-16 00:09:40 UTC (rev 5130)
+++ data/CVE/list 2006-12-16 00:29:33 UTC (rev 5131)
@@ -680,13 +680,13 @@
CVE-2006-6240 (Directory traversal vulnerability in Sorin Chitu Telnet-FTP
Server 1.0 ...)
NOT-FOR-US: Sorin Chitu Telnet-FTP Server
CVE-2006-6239 (webadmin in MailEnable NetWebAdmin Profession 2.32 and
Enterprise 2.32 ...)
- TODO: MailEnable NetWebAdmin
+ NOT-FOR-US: MailEnable NetWebAdmin
CVE-2006-6238 (The AutoFill feature in Apple Safari 2.0.4 does not properly
verify ...)
NOT-FOR-US: Apple Safari
CVE-2006-6237 (SQL injection vulnerability in the decode_cookie function in
...)
NOT-FOR-US: Woltlab Burning Board Lite
CVE-2006-6236 (Adobe Reader (Adobe Acrobat Reader) 7.0 through 7.0.8 allows
remote ...)
- TODO: check
+ NOT-FOR-US: Acrobat Reader
CVE-2006-6235 (A "stack overwrite" vulnerability in GnuPG
(gpg) 1.x before 1.4.6, 2.x ...)
{DSA-1231-1}
- gnupg 1.4.6-1 (high; bug #401894; bug #401898; bug #401914)
@@ -716,7 +716,7 @@
CVE-2006-6223 (Cross-site scripting (XSS) vulnerability in Google Search
Appliance ...)
NOT-FOR-US: Google Search Appliance
CVE-2006-6222 (Stack-based buffer overflow in the NetBackup bpcd daemon
(bpcd.exe) in ...)
- TODO: check
+ NOT-FOR-US: Symantec Veritas NetBackup
CVE-2006-6221 (2X ThinClientServer Enterprise Edition before 4.0.2248 allows
remote ...)
NOT-FOR-US: 2X ThinClientServer Enterprise Edition
CVE-2006-6220 (Multiple SQL injection vulnerabilities in Recipes Website
(Recipes ...)
@@ -766,7 +766,7 @@
CVE-2006-6198 (Multiple cross-site scripting (XSS) vulnerabilities in cPanel
WebHost ...)
NOT-FOR-US: cPanel
CVE-2006-6197 (Multiple cross-site scripting (XSS) vulnerabilities in
b2evolution ...)
- TODO: check b2evolution
+ - b2evolution <not-affected> (0.9 releases not vulnerable)
CVE-2006-6196 (Cross-site scripting (XSS) vulnerability in the search
functionality ...)
NOT-FOR-US: Fixit iDMS Pro Image Gallery
CVE-2006-6195 (Multiple SQL injection vulnerabilities in Fixit iDMS Pro Image
Gallery ...)
@@ -1578,7 +1578,7 @@
CVE-2006-5823 (The zlib_inflate function in Linux kernel 2.6.x allows local
users to ...)
- linux-2.6 <unfixed>
CVE-2006-5822 (Stack-based buffer overflow in the NetBackup bpcd daemon
(bpcd.exe) in ...)
- TODO: check
+ NOT-FOR-US: Symantec Veritas NetBackup
CVE-2006-5821 (Heap-based buffer overflow in the IMA_SECURE_DecryptData1
function in ...)
NOT-FOR-US: Citrix
CVE-2006-5820
@@ -1890,7 +1890,7 @@
CVE-2006-5681
RESERVED
CVE-2006-5680 (The libarchive library in FreeBSD 6-STABLE after 2006-09-05 and
before ...)
- TODO: check libarchive
+ TODO: check libarchive, pinged maintainer
CVE-2006-5679 (Integer overflow in the ffs_mountfs function in FreeBSD 6.1
allows ...)
- kfreebsd-5 <unfixed>
[etch] - kfreebsd-5 <no-dsa> (no security support for freebsd)
@@ -1953,7 +1953,7 @@
CVE-2006-5650 (The ICQPhone.SipxPhoneManager ActiveX control in America Online
ICQ ...)
NOT-FOR-US: ICQPhone.SipxPhoneManager
CVE-2006-5649 (Unspecified vulnerability in the "alignment check
exception handling" ...)
- TODO: check
+ - linux-2.6 2.6.18-4
CVE-2006-5648 (Ubuntu Linux 6.10 for the PowerPC (PPC) allows local users to
cause a ...)
TODO: check
CVE-2006-5647 (Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus
for ...)
@@ -2659,10 +2659,9 @@
CVE-2006-5331
RESERVED
CVE-2006-5330 (CRLF injection vulnerability in Adobe Flash Player plugin 9.0.16
for ...)
- - flashplugin-nonfree <unfixed> (medium)
+ - flashplugin-nonfree <unfixed> (bug #402822; medium)
[sarge] - flashplugin-nonfree <no-dsa> (Contrib not supported, only
installer package)
[etch] - flashplugin-nonfree <no-dsa> (Contrib not supported, only
installer package)
- TODO: file bug, fixed in 9.0.28.0
CVE-2006-5329
RESERVED
CVE-2006-5328 (OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 2.2
and ...)
@@ -3247,7 +3246,6 @@
NOT-FOR-US: Web-News
CVE-2006-5052 (Unspecified vulnerability in portable OpenSSH before 4.4, when
running ...)
TODO: check
- NOTE: This may be a dupe of CVE-2006-4925
CVE-2006-5051 (Signal handler race condition in OpenSSH before 4.4 allows
remote ...)
{DSA-1212 DSA-1189-1}
- openssh 1:4.3p2-4 (unimportant)
@@ -3574,7 +3572,7 @@
CVE-2006-4903
RESERVED
CVE-2006-4902 (The NetBackup bpcd daemon (bpcd.exe) in Symantec Veritas
NetBackup 5.0 ...)
- TODO: check
+ NOT-FOR-US: Symantec Veritas NetBackup
CVE-2006-4901 (Computer Associates (CA) eTrust Security Command Center 1.0 and
r8 up ...)
NOT-FOR-US: CA eTrust
CVE-2006-4900 (Directory traversal vulnerability in Computer Associates (CA)
eTrust ...)