Secure testing commits - Nov 2006 - r5012 - data/CVE

Author: stef-guest
Date: 2006-11-27 21:15:17 +0100 (Mon, 27 Nov 2006)
New Revision: 5012

Modified:
   data/CVE/list
Log:
- new torrentflux issue (medium)
- CVE-2006-6015: konqueror issue is actually a libpcre issue (medium)
- linux-ftpd fixed (previous fix was faulty)
- new phpmyadmin issue fixed
- new tikiwiki issue fixed
- new smb4k issue fixed
- new tdiary issue fixed


Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-11-27 11:14:44 UTC (rev 5011)
+++ data/CVE/list	2006-11-27 20:15:17 UTC (rev 5012)
@@ -1,3 +1,14 @@
+CVE-2006-XXXX [tikiwiki script insertion vulnerability]
+	- tikiwiki 1.9.7+dfsg-1
+CVE-2006-XXXX [several security issues in phpmyadmin]
+	- phpmyadmin 4:2.9.1.1-1 (bug #399329)
+	NOTE: PMASA-2006-7, PMASA-2006-8, PMASA-2006-9
+CVE-2006-XXXX [smb4k security issue]
+	- smb4k 0.7.5-1
+CVE-2006-XXXX [tdiary Cross Site Scripting]
+	- tdiary 2.1.4-4 (bug #400447)
+CVE-2006-XXXX [arbitrary code execution in metaInfo.php in torrentflux]
+	- torrentflux <unfixed> (bug #400582; medium)
 CVE-2006-6129 (Integer overflow in the fatfile_getarch2 in Apple Mac OS X
allows ...)
 	TODO: check
 CVE-2006-6128 (The ReiserFS functionality in Linux kernel 2.6.18, and possibly
other ...)
@@ -227,7 +238,7 @@
 CVE-2006-6016 (wp-admin/user-edit.php in WordPress before 2.0.5 allows remote
...)
 	- wordpress 2.0.5-0.1
 CVE-2006-6015 (Buffer overflow in the JavaScript implementation in Safari on
Apple ...)
-	- kdebase <unfixed> (medium; bug #400121)
+	- pcre3 <unfixed> (medium; bug #400121)
 	NOTE: konqueror 4:3.5.5a.dfsg.1-2 is vulnerable
 CVE-2006-6014 (The NetBSD-current kernel before 20061028 does not properly
perform ...)
 	NOT-FOR-US: NetBSD
@@ -243,7 +254,7 @@
 CVE-2006-6009 (Unspecified vulnerability in the Java Runtime Environment (JRE)
Swing ...)
 	- sun-java5 1.5.0-08-1
 CVE-2006-6008 (ftpd in Linux Netkit (linux-ftpd) 0.17, and possibly other
versions, ...)
-	- linux-ftpd 0.17-22
+	- linux-ftpd 0.17-23
 CVE-2006-6007 (save_profile.asp in WebEvents (Online Event Registration
Template) 2.0 ...)
 	NOT-FOR-US: WebEvents (Online Event Registration Template)
 CVE-2006-6006
@@ -2858,7 +2869,7 @@
 	NOT-FOR-US: HP-UX
 CVE-2006-5778 (ftpd in linux-ftpd 0.17, and possibly other versions, performs a
chdir ...)
 	{DSA-1217}
-	- linux-ftpd 0.17-22 (low; bug #384454)
+	- linux-ftpd 0.17-23 (low; bug #384454)
 CVE-2006-XXXX [ejabberd HTML code injection]
 	- ejabberd 1.1.1-8
 CVE-2006-4792