Author: stef-guest
Date: 2006-10-05 21:23:20 +0000 (Thu, 05 Oct 2006)
New Revision: 4820
Modified:
data/CVE/list
Log:
- CVE-2006-5159/60: firefox non-issues
- update/close some old issues
- CVE-2006-2191: mailman non-issue
- bugnums
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-10-05 21:14:30 UTC (rev 4819)
+++ data/CVE/list 2006-10-05 21:23:20 UTC (rev 4820)
@@ -13,9 +13,10 @@
CVE-2006-5161 (IBM Client Security Password Manager stores and distributes
saved ...)
NOT-FOR-US: IBM
CVE-2006-5160 (** DISPUTED ** ...)
- TODO: check
+ - firefox <not-affected> (no real issues)
CVE-2006-5159 (** DISPUTED ** ...)
- TODO: check
+ TODO: check again later
+ NOTE: might or might not be a real firefox issue, probably low impact
CVE-2006-5158 (Unspecified vulnerability in NFS lockd in the kernel in SUSE
Linux 9.2 ...)
TODO: check
CVE-2006-5157 (Format string vulnerability in the ActiveX control
(ATXCONSOLE.OCX) in ...)
@@ -137,9 +138,9 @@
CVE-2006-5100 (PHP remote file inclusion vulnerability in parse/parser.php in
...)
NOT-FOR-US: WEB//NEWS (aka webnews)
CVE-2006-5099 (lib/exec/fetch.php in DokuWiki before 2006-03-09e, when ...)
- - dokuwiki <unfixed> (bug filed; medium)
+ - dokuwiki <unfixed> (bug #391291; medium)
CVE-2006-5098 (lib/exec/fetch.php in DokuWiki before 2006-03-09e allows remote
...)
- - dokuwiki <unfixed> (bug filed; medium)
+ - dokuwiki <unfixed> (bug #391291; medium)
CVE-2006-5097 (PHP remote file inclusion vulnerability in index.php in net2ftp
allows ...)
NOT-FOR-US: net2ftp
CVE-2006-5096 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
in ...)
@@ -1350,7 +1351,7 @@
CVE-2006-4543 (Cross-site scripting (XSS) vulnerability in index.php in HLStats
1.34 ...)
NOT-FOR-US: HLStats
CVE-2006-4542 (Webmin before 1.296 and Usermin before 1.226 do not properly
handle a ...)
- - webmin <removed> (bug filed)
+ - webmin <removed> (bug #391284)
- usermin <removed>
CVE-2006-4541 (RapDrv.sys in BlackICE PC Protection 3.6.cpn, cpj, cpiE, and
possibly ...)
NOT-FOR-US: BlackICE PC Protection
@@ -1904,7 +1905,7 @@
{DSA-1190-1}
- maxdb-7.5.00 <unfixed> (high; bug #386182)
CVE-2006-4304 (Buffer overflow in the sppp driver in FreeBSD 4.11 through 6.1,
NetBSD ...)
- - kfreebsd-5 <unfixed> (bug filed)
+ - kfreebsd-5 <unfixed> (bug #391289)
CVE-2006-4303 (Race condition in (1) libnsl and (2) TLI/XTI API routines in Sun
...)
NOT-FOR-US: Solaris
CVE-2006-4302 (The Java Plug-in J2SE 1.3.0_02 through 5.0 Update 5, and Java
Web ...)
@@ -2193,7 +2194,7 @@
CVE-2006-4179
RESERVED
CVE-2006-4178 (Integer signedness error in the i386_set_ldt call in FreeBSD
5.5, and ...)
- - kfreebsd-5 <unfixed> (bug filed)
+ - kfreebsd-5 <unfixed> (bug #391289)
CVE-2006-4177
RESERVED
CVE-2006-4176
@@ -2205,7 +2206,7 @@
CVE-2006-4173
RESERVED
CVE-2006-4172 (Integer overflow vulnerability in the i386_set_ldt call in
FreeBSD ...)
- - kfreebsd-5 <unfixed> (bug filed)
+ - kfreebsd-5 <unfixed> (bug #391289)
CVE-2006-4171
RESERVED
CVE-2006-4170
@@ -6728,7 +6729,8 @@
{DSA-1091-1}
- tiff 3.8.2-4 (bug #371064; medium)
CVE-2006-2191 (** DISPUTED ** ...)
- TODO: check
+ - mailman <unfixed> (unimportant)
+ NOTE: not exploitable
CVE-2006-2190 (Cross-site scripting (XSS) vulnerability in ow-shared.pl in ...)
NOT-FOR-US: OpenWebMail
CVE-2006-2189 (SQL injection vulnerability in search.php in Servous sBLOG 0.7.2
...)
@@ -18164,9 +18166,9 @@
CVE-2004-2314 (The Telnet listener for Novell iChain Server before 2.2 Field
Patch 3b ...)
NOT-FOR-US: Novell iChain Server
CVE-2004-2313 (Inter7 SqWebMail 3.4.1 through 3.6.1 generates different error
...)
- TODO: check
+ - courier <unfixed>
NOTE: Did not find reference to fix in upstream changelog or any other hint
that it is fixed
- NOTE: pinged Maintainer
+ NOTE: pinged Maintainer, no response
CVE-2004-2312 (Buffer overflow in GNU make for IBM AIX 4.3.3, when installed
setgid, ...)
NOT-FOR-US: AIX only
CVE-2004-2311 (Directory traversal vulnerability in webadmin.nsf in Lotus
Domino R6 ...)
@@ -29916,7 +29918,7 @@
CVE-2004-0593 (Sygate Enforcer 3.5MR1 and earlier passes broadcast traffic
before ...)
NOT-FOR-US: Sygate Enforcer
CVE-2004-0592 (The tcp_find_option function of the netfilter subsystem for IPv6
in ...)
- TODO: check
+ NOT-FOR-US: linux 2.4 with usagi patches
CVE-2004-0591 (Cross-site scripting (XSS) vulnerability in the print_header_uc
...)
{DSA-533}
- courier 0.45.4-4
@@ -31242,7 +31244,8 @@
CVE-2003-0987 (mod_digest for Apache before 1.3.31 does not properly verify the
nonce ...)
- apache 1.3.29.0.2-5
CVE-2003-0986 (Various routines for the ppc64 architecture on Linux kernel 2.6
prior ...)
- TODO: check
+ - kernel-source-2.4.27 <not-affected> (Fixed before initial upload;
2.4.24)
+ - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.2)
CVE-2003-0984 (Real time clock (RTC) routines in Linux kernel 2.4.23 and
earlier do ...)
{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.2)
@@ -31302,13 +31305,13 @@
CVE-2003-0960 (OpenCA before 0.9.1.4 does not use the correct certificate in a
chain ...)
NOT-FOR-US: OpenCA
CVE-2003-0959 (Multiple integer overflows in the 32bit emulation for AMD64 ...)
- TODO: check
+ - kernel-source-2.4.27 <not-affected> (Fixed before initial upload;
2.4.21)
CVE-2003-0958
RESERVED
CVE-2003-0957
RESERVED
CVE-2003-0956 (Multiple race conditions in the handling of O_DIRECT in Linux
kernel ...)
- TODO: check
+ - kernel-source-2.4.27 <not-affected> (Fixed before initial upload;
2.4.22)
CVE-2003-0955 (OpenBSD kernel 3.3 and 3.4 allows local users to cause a denial
of ...)
NOT-FOR-US: OpenBSD
CVE-2003-0954 (Buffer overflow in rcp for AIX 4.3.3, 5.1 and 5.2 allows local
users ...)
@@ -32915,7 +32918,7 @@
CVE-2003-0250
RESERVED
CVE-2003-0249 (** DISPUTED ** ...)
- TODO: check
+ NOTE: unimportant (php)
CVE-2003-0248 (The mxcsr code in Linux kernel 2.4 allows attackers to modify
CPU ...)
{DSA-442 DSA-336 DSA-332 DSA-312 DSA-311}
- kernel-source-2.4.27 <not-affected> (Fixed before initial upload;
2.4.22-pre10)