Secure testing commits - Sep 2006 - r4676 - data/CVE

Author: stef-guest
Date: 2006-09-04 21:52:02 +0000 (Mon, 04 Sep 2006)
New Revision: 4676

Modified:
   data/CVE/list
Log:
- CVEs for several already fixed php issues
- of these, CVE-2006-4484 is actually a libgd2 issue
- CVE-2006-4262: cscope is already fixed
- CVE-2006-4226 was missing mysql-dfsg-4.1 (low)


Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-09-04 21:31:03 UTC (rev 4675)
+++ data/CVE/list	2006-09-04 21:52:02 UTC (rev 4676)
@@ -69,17 +69,23 @@
 CVE-2006-4487 (DUware DUpoll 3.0 and 3.1 stores _private/Dupoll.mdb under the
web ...)
 	NOT-FOR-US: DUpoll
 CVE-2006-4486 (Unspecified vulnerability in PHP before 5.1.6, when running on a
...)
-	TODO: check
+	- php5 5.1.6-1
+	- php4 4:4.4.4-1
 CVE-2006-4485 (The stripos function in PHP before 5.1.5 has unknown impact and
attack ...)
-	TODO: check
+	- php5 5.1.6-1
+	- php4 4:4.4.4-1
 CVE-2006-4484 (Buffer overflow in the LWZReadByte_ function in ...)
-	TODO: check
+	- libgd2 <unfixed> (medium; bug #384838)
+	- xloadimage <unfixed> (low; bug #384841)
 CVE-2006-4483 (The cURL extension files (1) ext/curl/interface.c and (2) ...)
-	TODO: check
+	- php5 5.1.6-1 (low)
+	- php4 4:4.4.4-1 (low)
 CVE-2006-4482 (Multiple heap-based buffer overflows in the (1) str_repeat and
(2) ...)
-	TODO: check
+	- php5 5.1.6-1 (low)
+	- php4 4:4.4.4-1 (low)
 CVE-2006-4481 (The (1) file_exists and (2) imap_reopen functions in PHP before
5.1.5 ...)
-	TODO: check
+	- php5 5.1.6-1 (low)
+	- php4 4:4.4.4-1 (low)
 CVE-2006-4480 (Incomplete blacklist vulnerability in the nk_CSS function in
nuked.php ...)
 	NOT-FOR-US: Nuked-Klan
 CVE-2006-4479 (Cross-site scripting (XSS) vulnerability in loginreq2.php in
Visual ...)
@@ -293,7 +299,7 @@
 CVE-2006-4380 (MySQL before 4.1.13 allows local users to cause a denial of
service ...)
 	- mysql-dfsg-5.0 <not-affected> (only 4.1 affected)
 	- mysql-dfsg <not-affected> (only 4.1 affected)
-	- mysql-dfsg-4.1 <unfixed>
+	- mysql-dfsg-4.1 <removed>
 CVE-2006-4379
 	RESERVED
 CVE-2006-4378 (** DISPUTED ** ...)
@@ -401,9 +407,6 @@
 CVE-2006-XXXX [zope Arbitrary file inclusion]
 	TODO: check zope zope-2.7 zope2.8 zope2.9 zope3
 	- zope2.8 2.8.8-2
-CVE-2006-XXXX [segfault on corrupt gif from php bug #38112]
-	- libgd2 <unfixed> (medium; bug #384838)
-	- xloadimage <unfixed> (low; bug #384841)
 CVE-2006-4329 (Multiple PHP remote file inclusion vulnerabilities in Shadows
Rising ...)
 	NOT-FOR-US: Shadows Rising
 CVE-2006-4328 (SQL injection vulnerability in admin.php in CloudNine
Interactive ...)
@@ -543,7 +546,7 @@
 CVE-2006-4263 (Multiple PHP remote file inclusion vulnerabilities in the
Product ...)
 	NOT-FOR-US: mambo-phpshop (com_phpshop) for Mambo and Joomla!
 CVE-2006-4262 (Multiple buffer overflows in cscope 15.5 and earlier allow ...)
-	- cscope <unfixed> (low; bug #385893)
+	- cscope 15.5+cvs20060902-1 (low; bug #385893)
 CVE-2006-4261 (Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to
cause a ...)
 	- xulrunner <unfixed>
 	- firefox <unfixed>
@@ -622,7 +625,8 @@
 	- mysql-dfsg-5.0 5.0.24-3 (low; bug #384798)
 CVE-2006-4226 (MySQL before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12,
when ...)
 	- mysql-dfsg-5.0 5.0.24-3 (low; bug #384798)
-	- mysql-dfsg <unfixed> (low)
+	- mysql-dfsg <removed> (low)
+	- mysql-dfsg-4.1 <removed> (low)
 CVE-2006-4225
 	REJECTED
 	NOT-FOR-US: Virtual War
@@ -1047,7 +1051,7 @@
 	NOT-FOR-US: Cisco
 CVE-2006-4031 (MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local
user to ...)
 	- mysql-dfsg-5.0 5.0.24-1 (bug #382415; low)
-	- mysql-dfsg <unfixed> (bug #380271; low)
+	- mysql-dfsg <removed> (bug #380271; low)
 	[sarge] - mysql-dfsg-4.1 <no-dsa> (Now documented design error, no real
fix feasible)
 	[sarge] - mysql-dfsg <no-dsa> (Now documented design error, no real fix
feasible)
 CVE-2006-4030 (Unspecified vulnerability in the stats module in Gallery
1.5.1-RC2 and ...)