Author: stef-guest Date: 2006-11-13 22:50:18 +0100 (Mon, 13 Nov 2006) New Revision: 4962 Modified: data/CVE/list Log: - CVE-2006-5633, CVE-2006-5464, CVE-2006-5463, CVE-2006-5462: new mozilla* issues (high) - CVE-2006-5467: new ruby issue (medium) - CVE-2006-5397: new libx11 issue (low) Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-11-13 21:14:00 UTC (rev 4961) +++ data/CVE/list 2006-11-13 21:50:18 UTC (rev 4962) @@ -394,7 +394,13 @@ CVE-2006-5634 (Multile PHP remote file inclusion vulnerabilities in phpProfiles 2.1 ...) NOT-FOR-US: phpProfiles CVE-2006-5633 (Firefox 1.5.0.7 and 2.0 allows remote attackers to cause a denial of ...) - TODO: check + - firefox <unfixed> (low) + - thunderbird <removed> (low) + - icedove <unfixed> (low) + - mozilla <unfixed> (low) + - xulrunner <unfixed> (low) + - mozilla-firefox <removed> (low) + - mozilla-thunderbird <removed> (low) CVE-2006-5632 (Cross-site scripting (XSS) vulnerability in change_pass.php in iG Shop ...) NOT-FOR-US: iG Shop CVE-2006-5631 (Cross-site scripting (XSS) vulnerability in change_pass.php in iG Shop ...) @@ -637,7 +643,7 @@ CVE-2006-5515 (Cross-site scripting (XSS) vulnerability in lib-history.inc.php in ...) NOT-FOR-US: phpPgAds / phpAdsNew CVE-2006-5514 (SQL injection vulnerability in quiz.php in Web Group Communication ...) - TODO: check + NOT-FOR-US: Web Group Communication CVE-2006-5513 (SQL injection vulnerability in GeoNetwork opensource before 2.0.3 ...) NOT-FOR-US: GeoNetwork opensource CVE-2005-4814 (Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when ...) @@ -743,7 +749,8 @@ CVE-2006-5468 (Unspecified vulnerability in the HTTP dissector in Wireshark (formerly ...) - wireshark 0.99.4-1 (bug #396258; medium) CVE-2006-5467 (The cgi.rb CGI library for Ruby 1.8 allows remote attackers to cause a ...) - TODO: check + - ruby1.8 <unfixed> (medium; bug filed) + - ruby1.9 <unfixed> (medium) CVE-2006-5466 (Heap-based buffer overflow in the showQueryPackage function in librpm ...) - rpm 4.4.1-11 (low) [sarge] - rpm <no-dsa> (You need to trust the RPMs you''re installing) @@ -753,11 +760,31 @@ - php4 4:4.4.4-4 (high; bug #396764) - php5 5.1.6-6 (high; bug #396766) CVE-2006-5464 (Multiple unspecified vulnerabilities in the layout engine in Mozilla ...) - TODO: check + - firefox <unfixed> (low) + - thunderbird <removed> (low) + - icedove <unfixed> (low) + - mozilla <unfixed> (low) + - xulrunner <unfixed> (low) + - mozilla-firefox <removed> (low) + - mozilla-thunderbird <removed> (low) CVE-2006-5463 (Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, ...) - TODO: check + - firefox <unfixed> (high) + - thunderbird <removed> (medium) + - icedove <unfixed> (medium) + - mozilla <unfixed> (high) + - xulrunner <unfixed> (high) + - mozilla-firefox <removed> (high) + - mozilla-thunderbird <removed> (medium) CVE-2006-5462 (Mozilla Network Security Service (NSS) library before 3.11.3, as used ...) - TODO: check + NOTE: this is the similar to CVE-2006-4339, see also CVE-2006-4340 + NOTE: the fixes for CVE-2006-4340 were incomplete + - firefox <unfixed> (high) + - thunderbird <removed> (medium) + - icedove <unfixed> (medium) + - mozilla <unfixed> (high) + - xulrunner <unfixed> (high) + - mozilla-firefox <removed> (high) + - mozilla-thunderbird <removed> (medium) CVE-2006-5461 RESERVED CVE-2006-XXXX [diffmon information leakage] @@ -894,7 +921,7 @@ CVE-2006-5398 (SQL injection vulnerability in comments.php in Simplog 0.9.3.1 allows ...) NOT-FOR-US: Simplog CVE-2006-5397 (The Xinput module (modules/im/ximcp/imLcIm.c) in X.Org libX11 1.0.2 ...) - TODO: check + - libx11 <unfixed> (low, bug filed) CVE-2006-5396 (The tcp_fuse_rcv_drain function in the Sun Solaris 10 kernel before ...) NOT-FOR-US: Sun Solaris CVE-2006-5395 (Buffer overflow in Microsoft Class Package Export Tool (aka ...)