thr3ads.net - Secure testing commits - [Secure-testing-commits] r4831

If this information is useful, please help other people find it:
Share via:
Moritz Muehlenhoff
2006-Oct-09 16:48 UTC
[Secure-testing-commits] r4831 - data/CVE

Author: jmm-guest
Date: 2006-10-09 16:47:49 +0000 (Mon, 09 Oct 2006)
New Revision: 4831

Modified:
   data/CVE/list
Log:
several no-dsa and bugnums


Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-10-07 12:04:07 UTC (rev 4830)
+++ data/CVE/list	2006-10-09 16:47:49 UTC (rev 4831)
@@ -1,7 +1,7 @@
 CVE-2006-XXXX [zabbix format string vulnerabilities]
-	- zabbix 1:1.1.2-4
+	- zabbix 1:1.1.2-4 (bug #391388)
 CVE-2006-XXXX [zabbix buffer overflows]
-	- zabbix 1:1.1.2-4
+	- zabbix 1:1.1.2-4 (bug #391388)
 CVE-2006-5167 (Multiple PHP remote file inclusion vulnerabilities in BasiliX
1.1.1 ...)
 	NOT-FOR-US: BasiliX
 CVE-2006-5166 (PHP remote file inclusion vulnerability in functions.php in PHP
Web ...)
@@ -1937,6 +1937,7 @@
 	NOT-FOR-US: cPanel
 CVE-2006-4292 (Unspecified vulnerability in Niels Provos Honeyd before 1.5b
allows ...)
 	- honeyd <unfixed> (low; bug #384806)
+	[sarge] - honeyd <no-dsa> (Minor issue)
 CVE-2006-4291 (PHP remote file inclusion vulnerability in ...)
 	NOT-FOR-US: PHlyMail Lite
 CVE-2006-4290 (Directory traversal vulnerability in Sony VAIO Media Server 2.x,
3.x, ...)
@@ -5013,8 +5014,10 @@
 	NOT-FOR-US: CMPro
 CVE-2006-2920 (Sylpheed-Claws before 2.2.2 and Sylpheed before 2.2.6 allow
remote ...)
 	- sylpheed 2.2.6-1 (low)
+	[sarge] - sylpheed <no-dsa> (Minor evasion of phishing protection
feature)
 	- sylpheed-gtk1 1.0.6-3 (bug #373187; low)
 	- sylpheed-claws 1.0.5-3 (bug #372891; low)
+	[sarge] - sylpheed-claws <no-dsa> (Minor evasion of phishing protection
feature)
 	- sylpheed-claws-gtk2 2.3.0-1 (bug #372889; low)
 CVE-2006-2919 (Unspecified vulnerability in Microsoft NetMeeting 3.01 allows
remote ...)
 	NOT-FOR-US: Microsoft
@@ -5700,10 +5703,10 @@
 	- wordpress 2.0.3-1 (high; bug #369014)
 CVE-2006-2753 (SQL injection vulnerability in MySQL 4.1.x before 4.1.20 and
5.0.x ...)
 	{DSA-1092-1}
-	- mysql-dfsg <not-affected> (Vulnerable code was introduced in 4.1)
-	- mysql <not-affected> (Vulnerable code was introduced in 4.1)
+	- mysql-dfsg <not-affected> (Vulnerable code was introduced in 4.1, see
#369741)
+	- mysql <not-affected> (Vulnerable code was introduced in 4.1, see
#369754)
 	- mysql-dfsg-5.0 5.0.22-1 (bug #369735; medium)
-	- mysql-dfsg-4.1 <unfixed> (medium)
+	- mysql-dfsg-4.1 <unfixed> (bug #369754; medium)
 CVE-2006-2659 (libs/comverp.c in Courier MTA before 0.53.2 allows attackers to
cause ...)
 	{DSA-1101}
 	- courier 0.53.2-1 (bug #368834)
@@ -10221,6 +10224,7 @@
 	NOT-FOR-US: Kadu
 CVE-2006-0767 (CGIWrap before 3.10 allows remote attackers to obtain sensitive
...)
 	- cgiwrap 3.9-3.1
+	[sarge] - cgiwrap <no-dsa> (Only leaks information about the existance
of users on a system)
 CVE-2006-0766 (ICQ Inc. (formerly Mirabilis) ICQ 2003a, 2003b, Lite 4.0, Lite
4.1, ...)
 	NOT-FOR-US: ICQ
 CVE-2006-0765 (GUI display truncation vulnerability in ICQ Inc. (formerly
Mirabilis) ...)
@@ -15879,6 +15883,7 @@
 	NOTE:
http://www.kernel.org/git/?p=linux/kernel/git/chrisw/linux-2.6.12.y.git;a=commit;h=4717ecd49ce5c556d38e8c7b6fdc9fac5d35c00e
 CVE-2005-XXXX [Insecure temp file usage in thttpd''s syslogtocern]
 	- thttpd 2.23beta1-4 (low)
+	[sarge] - thttpd <no-dsa> (Minor issue in addon package)
 CVE-2005-3301 (Multiple cross-site scripting (XSS) vulnerabilities in
phpMyAdmin ...)
 	{DSA-880-1}
 	- phpmyadmin 4:2.6.4-pl3-1 (bug #335513; medium)
@@ -18564,6 +18569,7 @@
 	- sysklogd <unfixed> (bug #281448; unimportant)
 CVE-2005-XXXX [fftw3-dev: Insecure tempfile usage in fftw-wisdom-to-conf
script]
 	- fftw3 3.0.1-12 (low; bug #321566)
+	[sarge] - fftw3 <no-dsa> (Minor issue)
 CVE-2005-XXXX [clamav-getfile: Insecure use of temporary files]
 	- clamav-getfiles 0.5-1 (bug #321446; medium)
 	[sarge] - clamav-getfiles <not-affected> (Sarge version uses mktemp)
@@ -19800,8 +19806,9 @@
 	NOTE: the affected probe.cgi
 CVE-2005-2177 (Unknown vulnerability in Net-SNMP 5.0.x before 5.0.10.2, 5.2.x
before ...)
 	{DSA-873-1}
-	- net-snmp 5.2.1.2-1 (bug #318420; medium)
-	- ucd-snmp 4.2.5-5.1 (bug #337394; medium)
+	- net-snmp 5.2.1.2-1 (bug #318420; low)
+	- ucd-snmp 4.2.5-5.1 (bug #337394; low)
+	[sarge] - ucd-snmp <no-dsa> (Minor issue)
 CVE-2005-2176 (Novell NetMail automatically processes HTML in an attachment
without ...)
 	NOT-FOR-US: Novell NetMail
 CVE-2005-2175 (The web interface for Lotus Notes mail automatically processes
HTML in ...)
Secure testing commits - Oct 2006 - r4831 - data/CVE

[Secure-testing-commits] r4831 - data/CVE
