Author: jmm-guest
Date: 2006-10-11 17:44:26 +0000 (Wed, 11 Oct 2006)
New Revision: 4841
Modified:
data/CVE/list
Log:
new kernel issue (already fixed)
phpmyadmin fixed
moodle CVEfied
steam issue is not a security problem (talked to maintainer
and upstream)
thunderbird/xulrunner issue windows-specific
remove old, unreproducible php bug, basedir unsupported anyway
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-10-11 09:14:25 UTC (rev 4840)
+++ data/CVE/list 2006-10-11 17:44:26 UTC (rev 4841)
@@ -150,7 +150,7 @@
TODO: check again later
NOTE: might or might not be a real firefox issue, probably low impact
CVE-2006-5158 (The nlmclnt_mark_reclaim in clntlock.c in NFS lockd in Linux
kernel ...)
- TODO: check
+ - linux-2.6 2.6.15
CVE-2006-5157 (Format string vulnerability in the ActiveX control
(ATXCONSOLE.OCX) in ...)
NOT-FOR-US: TrendMicro OfficeScan
CVE-2006-5156 (Buffer overflow in McAfee ePolicy Orchestrator before 3.5.0.720
and ...)
@@ -234,9 +234,9 @@
CVE-2006-5118 (PHP remote file inclusion vulnerability in index.php3 in the PDD
...)
NOT-FOR-US: PHPSelect Web Development Division
CVE-2006-5117 (phpMyAdmin before 2.9.1-rc1 has a libraries directory under the
web ...)
- - phpmyadmin <unfixed> (bug #391090; low)
+ - phpmyadmin 4:2.9.0.2-0.1 (bug #391090; low)
CVE-2006-5116 (Multiple cross-site request forgery (CSRF) vulnerabilities in
...)
- - phpmyadmin <unfixed> (bug #391090; low)
+ - phpmyadmin 4:2.9.0.2-0.1 (bug #391090; low)
CVE-2006-5115 (Directory traversal vulnerability in kgcall.php in KGB 1.87
allows ...)
NOT-FOR-US: KGB
CVE-2006-5114 (Multiple cross-site scripting (XSS) vulnerabilities in wgate in
SAP ...)
@@ -324,10 +324,8 @@
CVE-2006-5073 (Unspecified vulnerability in Sun Solaris 8, 9 and 10 allows
remote ...)
NOT-FOR-US: Solaris
CVE-2006-XXXX [graphicsmagic buffer overflows]
- - graphicsmagick 1.1.7-9
- TODO: check for security relevance and CVE-ids. Maybe imagemagick is affected,
too
-CVE-2006-XXXX [moodle SQL injection]
- - moodle 1.6.2+20060930-1 (bug #390294)
+ - graphicsmagick 1.1.7-9 (medium)
+ TODO: check for CVE-ids. imagemagick is affected, too
CVE-2006-5072 (The System.CodeDom.Compiler classes in Novell Mono create
temporary ...)
- mono 1.1.17.1-5
CVE-2006-5071 (Multiple cross-site scripting (XSS) vulnerabilities in eyeOS
before ...)
@@ -2784,8 +2782,6 @@
NOT-FOR-US: Ajax Chat
CVE-2006-3971 (Cross-site scripting (XSS) vulnerability in ...)
NOT-FOR-US: Ajax Chat
-CVE-2006-XXXX [unspecified security issues in steam]
- - steam 2.2.16-1
CVE-2006-XXXX [Buffer overflow in XML::Parser::Expat triggered by utf8]
- libxml-parser-perl 2.34-4.2 (bug #378411; medium)
CVE-2006-XXXX [Buffer overflow in XML::Parser::Expat triggered by deep nesting]
@@ -7441,9 +7437,9 @@
{DSA-1134-1 DSA-1120 DSA-1118}
NOTE: MFSA-2006-39
- firefox 1.5.dfsg+1.5.0.4-1 (low)
- - thunderbird <unfixed> (low)
+ - thunderbird <not-affected> (Windows-specific)
- mozilla 2:1.7.13-0.3 (low)
- - xulrunner <unfixed> (low)
+ - xulrunner <not-affected> (Windows-specific)
CVE-2006-1941 (Neon Responder 5.4 for LANsurveyor allows remote attackers to
cause a ...)
NOT-FOR-US: Neon Responder
CVE-2006-1940 (Unspecified vulnerability in Ethereal 0.10.4 up to 0.10.14
allows ...)
@@ -9934,7 +9930,7 @@
CVE-2006-0951 (The GUI (nod32.exe) in NOD32 2.5 runs with SYSTEM privileges
when the ...)
NOT-FOR-US: NOD32
CVE-2006-0950 (unalz 0.53 allows user-assisted attackers to overwrite arbitrary
...)
- - unalz 0.55-1 (bug #356832; medium)
+ - unalz 0.55-1 (bug #356832; low)
CVE-2006-0949 (RaidenHTTPD 1.1.47 allows remote attackers to obtain source code
of ...)
NOT-FOR-US: RaidenHTTPD
CVE-2006-0948 (AOL 9.0 Security Edition revision 4184.2340, and probably other
...)
@@ -16720,10 +16716,6 @@
[sarge] - distcc <no-dsa> (Only affects distcc in a very non-standard
way not recommended for unstrusted environments)
CVE-2004-XXXX [phpwiki shares a cookie for all wikis on a host]
- phpwiki 1.3.12p2-1 (bug #282565; medium)
-CVE-2005-XXXX [Possibly incorrect virtualisation in php4]
- - php4 <unfixed> (bug #317577; bug #330419; low)
- [sarge] - php4 <no-dsa> (Basedir violations not supported)
- NOTE: Unreproducible
CVE-1999-XXXX [Insecure access control on GNU Mach''s IO ports]
- gnumach 1:20050801-3 (bug #46709)
NOTE: Nearly six years old :-)