Author: joeyh
Date: 2006-10-05 21:14:30 +0000 (Thu, 05 Oct 2006)
New Revision: 4819
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-10-05 20:23:13 UTC (rev 4818)
+++ data/CVE/list 2006-10-05 21:14:30 UTC (rev 4819)
@@ -240,6 +240,7 @@
TODO: check
NOTE: This may be a dupe of CVE-2006-4925
CVE-2006-5051 (Signal handler race condition in OpenSSH before 4.4 allows
remote ...)
+ {DSA-1189-1}
- openssh 1:4.3p2-4 (unimportant)
- openssh-krb5 <unfixed> (high)
NOTE: From my analysis only openssh with Kerberos support should be vulnerable
@@ -505,6 +506,7 @@
- openssh <unfixed> (unimportant)
NOTE: That''s a non-issue
CVE-2006-4924 (sshd in OpenSSH before 4.4, when using the version 1 SSH
protocol, ...)
+ {DSA-1189-1}
- openssh 1:4.3p2-4 (low; bug #389995)
- openssh-krb5 <unfixed> (low)
CVE-2006-4923 (Cross-site scripting (XSS) vulnerability in search.php in
eSyndiCat ...)
@@ -1126,6 +1128,7 @@
- php5 <unfixed> (bug #391281; low)
[sarge] - php4 <no-dsa> (open_basedir violations not supported)
CVE-2006-4624 (CRLF injection vulnerability in Utils.py in Mailman before
2.1.9rc1 ...)
+ {DSA-1188-1}
- mailman 1:2.1.8-3
CVE-2006-4623 (The Unidirectional Lightweight Encapsulation (ULE) decapsulation
...)
- linux-2.6 <unfixed>
@@ -1250,6 +1253,7 @@
CVE-2006-4572
RESERVED
CVE-2006-4571 (Multiple unspecified vulnerabilities in Firefox before 1.5.0.7,
...)
+ {DSA-1191-1}
NOTE: MFSA-2006-64
- mozilla <unfixed> (high)
- firefox 1.5.dfsg+1.5.0.7-1 (high)
@@ -1257,6 +1261,7 @@
- xulrunner 1.8.0.7-1 (high)
[sarge] - mozilla-firefox <unfixed> (high)
CVE-2006-4570 (Mozilla Thunderbird before 1.5.0.7 and SeaMonkey before 1.0.5,
with ...)
+ {DSA-1191-1}
NOTE: MFSA-2006-63
- thunderbird 1.5.0.7-1
- mozilla <unfixed>
@@ -1267,6 +1272,7 @@
- thunderbird 1.5.0.7-1
[sarge] - mozilla-firefox <unfixed> (low)
CVE-2006-4568 (Mozilla Firefox before 1.5.0.7 and SeaMonkey before 1.0.5 allows
...)
+ {DSA-1191-1}
NOTE: MFSA-2006-61
- mozilla <unfixed> (low)
- firefox 1.5.dfsg+1.5.0.7-1 (low)
@@ -1281,6 +1287,7 @@
[sarge] - mozilla-thunderbird <unfixed> (unimportant)
NOTE: The internal update mechanism is disabled in Debian
CVE-2006-4566 (Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and
...)
+ {DSA-1191-1}
NOTE: MFSA-2006-57
- mozilla <unfixed> (high)
- firefox 1.5.dfsg+1.5.0.7-1 (high)
@@ -1288,6 +1295,7 @@
- xulrunner 1.8.0.7-1 (high)
[sarge] - mozilla-firefox <unfixed> (high)
CVE-2006-4565 (Heap-based buffer overflow in Mozilla Firefox before 1.5.0.7,
...)
+ {DSA-1191-1}
NOTE: MFSA-2006-57
- mozilla <unfixed> (high)
- firefox 1.5.dfsg+1.5.0.7-1 (high)
@@ -1798,6 +1806,7 @@
CVE-2006-4341
REJECTED
CVE-2006-4340 (Mozilla Network Security Service (NSS) library before 3.11.3, as
used ...)
+ {DSA-1191-1}
NOTE: MFSA-2006-60, this is the similar to CVE-2006-4339
- mozilla <unfixed> (high)
- firefox 1.5.dfsg+1.5.0.7-1 (high)
@@ -1892,6 +1901,7 @@
CVE-2006-4306 (Unspecified vulnerability in Sun Solaris 8 and 9 before 20060821
...)
NOT-FOR-US: Solaris
CVE-2006-4305 (Buffer overflow in SAP DB and MaxDB before 7.6.00.30 allows
remote ...)
+ {DSA-1190-1}
- maxdb-7.5.00 <unfixed> (high; bug #386182)
CVE-2006-4304 (Buffer overflow in the sppp driver in FreeBSD 4.11 through 6.1,
NetBSD ...)
- kfreebsd-5 <unfixed> (bug filed)
@@ -3446,6 +3456,7 @@
CVE-2006-3637 (Microsoft Internet Explorer 5.01 SP4 and 6 does not properly
handle ...)
NOT-FOR-US: Microsoft
CVE-2006-3636 (Multiple cross-site scripting (XSS) vulnerabilities in Mailman
before ...)
+ {DSA-1188-1}
- mailman 1:2.1.8-3
CVE-2006-3635
RESERVED
@@ -5304,6 +5315,7 @@
NOTE: Verified that the patch has been applied in 2.4.0-1,
NOTE: may have been fixed earlier.
CVE-2006-2788 (Double-free vulnerability in the getRawDER function for
nsIX509Cert in ...)
+ {DSA-1191-1}
- mozilla <unfixed> (high)
- mozilla-firefox <unfixed> (high)
- firefox 1.5.dfsg+1.5.0.4 (high)