Secure testing commits - Oct 2006 - r4851 - data/CVE

Author: stef-guest
Date: 2006-10-14 18:15:34 +0000 (Sat, 14 Oct 2006)
New Revision: 4851

Modified:
   data/CVE/list
Log:
- graphicsmagick issue affects imagemagick as well
- zope2.8 issue CVEified
- sun-java5 bugnum


Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-10-14 16:40:04 UTC (rev 4850)
+++ data/CVE/list	2006-10-14 18:15:34 UTC (rev 4851)
@@ -1,5 +1,6 @@
 CVE-2006-5229 (OpenSSH portable 4.1 on SUSE Linux, and possibly other platforms
and ...)
 	TODO: check
+	NOTE: Not reproducible with standard etch setup
 CVE-2006-5228 (Multiple SQL injection vulnerabilities in the Google Gadget
login.php ...)
 	NOT-FOR-US: ackerTodo
 CVE-2006-5227 (Cross-site scripting (XSS) vulnerability in admin.php in
TorrentFlux ...)
@@ -59,8 +60,8 @@
 CVE-2006-5202 (Linksys WRT54g firmware 1.00.9 does not require credentials when
...)
 	NOT-FOR-US: Linksys
 CVE-2006-5201 (Multiple packages on Sun Solaris, including (1) NSS; (2) Java
JDK and ...)
-	- sun-java5 <unfixed>
-	TODO: file bug
+	- sun-java5 <unfixed> (bug #393042)
+	NOTE: this is similar to CVE-2006-4339
 CVE-2006-5200 (Unspecified vulnerability in Adobe Breeze 5 Licensed Server and
Breeze ...)
 	NOT-FOR-US: Adobe
 CVE-2006-5199 (Adobe Contribute Publishing Server leaks the administrator
password in ...)
@@ -333,7 +334,8 @@
 	NOT-FOR-US: Solaris
 CVE-2006-XXXX [graphicsmagic buffer overflows]
 	- graphicsmagick 1.1.7-9 (medium)
-	TODO: check for CVE-ids. imagemagick is affected, too
+	- imagemagick <unfixed> (bug #393025)
+	TODO: check for CVE-ids
 CVE-2006-5072 (The System.CodeDom.Compiler classes in Novell Mono create
temporary ...)
 	- mono 1.1.17.1-5
 CVE-2006-5071 (Multiple cross-site scripting (XSS) vulnerabilities in eyeOS
before ...)
@@ -1152,6 +1154,7 @@
 CVE-2006-4684 (The docutils module in Zope (Zope2) 2.7.0 through 2.7.9 and
2.8.0 ...)
 	{DSA-1176-1}
 	- zope2.7 <removed>
+	- zope2.8 2.8.8-2
 CVE-2006-4683 (IBM Director before 5.10 allows remote attackers to obtain
sensitive ...)
 	NOT-FOR-US: IBM Director
 CVE-2006-4682 (Multiple unspecified vulnerabilities in IBM Director before 5.10
allow ...)
@@ -1990,9 +1993,6 @@
 CVE-2006-4330 (Unspecified vulnerability in the SCSI dissector in Wireshark
(formerly ...)
 	- wireshark 0.99.2-5 (medium; bug #384529)
 	- ethereal <not-affected> (only wireshark 0.99.2 affected)
-CVE-2006-XXXX [zope Arbitrary file inclusion]
-	TODO: check zope zope-2.7 zope2.8 zope2.9 zope3
-	- zope2.8 2.8.8-2
 CVE-2006-4329 (Multiple PHP remote file inclusion vulnerabilities in Shadows
Rising ...)
 	NOT-FOR-US: Shadows Rising
 CVE-2006-4328 (SQL injection vulnerability in admin.php in CloudNine
Interactive ...)