thr3ads.net - Secure testing commits - [Secure-testing-commits] r4701

If this information is useful, please help other people find it:
Share via:
Joey Hess
2006-Sep-08 09:14 UTC
[Secure-testing-commits] r4701 - data/CVE

Author: joeyh
Date: 2006-09-08 09:14:22 +0000 (Fri, 08 Sep 2006)
New Revision: 4701

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-09-07 22:13:16 UTC (rev 4700)
+++ data/CVE/list	2006-09-08 09:14:22 UTC (rev 4701)
@@ -1,3 +1,207 @@
+CVE-2006-4622 (PHP remote file inclusion vulnerability in annonce.php in
AnnonceV ...)
+	TODO: check
+CVE-2006-4621 (PHP remote file inclusion vulnerability in settings.php in Pheap
1.2, ...)
+	TODO: check
+CVE-2006-4620 (The useredit_account.wdm module in Alt-N WebAdmin 3.2.5 running
with ...)
+	TODO: check
+CVE-2006-4619 (The start update window in Avira AntiVir PersonalEdition Classic
...)
+	TODO: check
+CVE-2006-4618 (PHP remote file inclusion vulnerability in
adodb-postgres7.inc.php in ...)
+	TODO: check
+CVE-2006-4617 (Unrestricted file upload vulnerability in fileupload.html in
vtiger ...)
+	TODO: check
+CVE-2006-4616 (SMTP service in MailEnable Standard, Professional, and
Enterprise ...)
+	TODO: check
+CVE-2006-4615 (Shape Services IM+ Mobile Instant Messenger for Pocket PC 3.10
stores ...)
+	TODO: check
+CVE-2006-4614 (PDAapps Verichat for Pocket PC 1.30bh stores usernames and
passwords ...)
+	TODO: check
+CVE-2006-4613 (Multiple unspecified vulnerabilities in SnapGear before 3.1.4u1
allow ...)
+	TODO: check
+CVE-2006-4612 (SQL injection vulnerability in ReplyNew.asp in ZIXForum 1.12
allows ...)
+	TODO: check
+CVE-2006-4611 (Buffer overflow in the _tor_resolve function in dsocks.c in
dsocks ...)
+	TODO: check
+CVE-2006-4610 (PHP remote file inclusion vulnerability in index.php in
GrapAgenda ...)
+	TODO: check
+CVE-2006-4609 (** DISPUTED ** ...)
+	TODO: check
+CVE-2006-4608 (Multiple cross-site scripting (XSS) vulnerabilities in Longino
Jacome ...)
+	TODO: check
+CVE-2006-4607 (admin/index.php in Longino Jacome php-Revista 1.1.2 allows
remote ...)
+	TODO: check
+CVE-2006-4606 (Multiple SQL injection vulnerabilities in Longino Jacome
php-Revista ...)
+	TODO: check
+CVE-2006-4605 (PHP remote file inclusion vulnerability in index.php in Longino
Jacome ...)
+	TODO: check
+CVE-2006-4604 (PHP remote file inclusion vulnerability in
LFXlib/access_manager.php ...)
+	TODO: check
+CVE-2006-4603 (NCH Swift Sound Web Dictate 1.02 allows remote attackers to
bypass ...)
+	TODO: check
+CVE-2006-4602 (Unrestricted file upload vulnerability in jhot.php in TikiWiki
1.9.4 ...)
+	TODO: check
+CVE-2006-4601 (SQL injection vulnerability in index.php in Annuaire 1Two 2.2
allows ...)
+	TODO: check
+CVE-2006-4600 (slapd in OpenLDAP before 2.3.25 allows remote authenticated
users with ...)
+	TODO: check
+CVE-2006-4599 (SQL injection vulnerability in aut_verifica.inc.php in
Autentificator ...)
+	TODO: check
+CVE-2006-4598 (Multiple SQL injection vulnerabilities in links.php in ssLinks
1.22 ...)
+	TODO: check
+CVE-2006-4597 (SQL injection vulnerability in devam.asp in ICBlogger 2.0 and
earlier ...)
+	TODO: check
+CVE-2006-4596 (PHP remote file inclusion in MyBace Light Skrip, when
register_globals ...)
+	TODO: check
+CVE-2006-4595 (muforum (&#181;forum) 0.4c stores membres/members.dat under
the web ...)
+	TODO: check
+CVE-2006-4594 (Multiple PHP remote file inclusion vulnerabilities in PHP
Advanced ...)
+	TODO: check
+CVE-2006-4593 (Cross-site scripting (XSS) vulnerability in index.php in SoftBB
0.1 ...)
+	TODO: check
+CVE-2006-4592 (Incomplete blacklist vulnerability in default.asp in 8pixel.net
Simple ...)
+	TODO: check
+CVE-2006-4591 (Multiple PHP remote file inclusion vulnerabilities in AlstraSoft
...)
+	TODO: check
+CVE-2006-4590 (SQL injection vulnerability in admin/default.asp in Jetstat.com
JS ASP ...)
+	TODO: check
+CVE-2006-4589 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2006-4588 (vtiger CRM 4.2.4, and possibly earlier, allows remote attackers
to ...)
+	TODO: check
+CVE-2006-4587 (Multiple cross-site scripting (XSS) vulnerabilities in vtiger
CRM ...)
+	TODO: check
+CVE-2006-4586 (The admin panel in Tr Forum 2.0 accepts a username and password
hash ...)
+	TODO: check
+CVE-2006-4585 (SQL injection vulnerability in admin/editer.php in Tr Forum 2.0
allows ...)
+	TODO: check
+CVE-2006-4584 (Tr Forum 2.0 allows remote attackers to bypass authentication
and add ...)
+	TODO: check
+CVE-2006-4583 (Multiple PHP remote file inclusion vulnerabilities in FlashChat
before ...)
+	TODO: check
+CVE-2006-4582
+	RESERVED
+CVE-2006-4581
+	RESERVED
+CVE-2006-4580
+	RESERVED
+CVE-2006-4579
+	RESERVED
+CVE-2006-4578
+	RESERVED
+CVE-2006-4577
+	RESERVED
+CVE-2006-4576
+	RESERVED
+CVE-2006-4575
+	RESERVED
+CVE-2006-4574
+	RESERVED
+CVE-2006-4573
+	RESERVED
+CVE-2006-4572
+	RESERVED
+CVE-2006-4571
+	RESERVED
+CVE-2006-4570
+	RESERVED
+CVE-2006-4569
+	RESERVED
+CVE-2006-4568
+	RESERVED
+CVE-2006-4567
+	RESERVED
+CVE-2006-4566
+	RESERVED
+CVE-2006-4565
+	RESERVED
+CVE-2006-4564 (SQL injection vulnerability in Sources/ManageBoards.php in
Simple ...)
+	TODO: check
+CVE-2006-4563 (Cross-site scripting (XSS) vulnerability in modules.php in
PHP-Nuke ...)
+	TODO: check
+CVE-2006-4562 (** DISPUTED ** ...)
+	TODO: check
+CVE-2006-4561 (Mozilla Firefox 1.5.0.6 allows remote attackers to execute
arbitrary ...)
+	TODO: check
+CVE-2006-4560 (Internet Explorer 6 on Windows XP SP2 allows remote attackers to
...)
+	TODO: check
+CVE-2006-4559 (Multiple PHP remote file inclusion vulnerabilities in Yet
Another ...)
+	TODO: check
+CVE-2006-4558 (DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server
with the ...)
+	TODO: check
+CVE-2006-4557 (** DISPUTED ** ...)
+	TODO: check
+CVE-2006-4556 (** DISPUTED ** ...)
+	TODO: check
+CVE-2006-4555 (Buffer overflow in the Retro64 / Miniclip CR64Loader ActiveX
control ...)
+	TODO: check
+CVE-2006-4554 (Stack-based buffer overflow in the ReadFile function in the ...)
+	TODO: check
+CVE-2006-4553 (PHP remote file inclusion vulnerability in plugin.class.php in
the ...)
+	TODO: check
+CVE-2006-4552 (Cross-site scripting (XSS) vulnerability in CHXO Feedsplitter
...)
+	TODO: check
+CVE-2006-4551 (Eval injection vulnerability in CHXO Feedsplitter 2006-01-21
allows ...)
+	TODO: check
+CVE-2006-4550 (Directory traversal vulnerability in CHXO Feedsplitter
2006-01-21 ...)
+	TODO: check
+CVE-2006-4549 (CHXO Feedsplitter 2006-01-21 allows remote attackers to read the
...)
+	TODO: check
+CVE-2006-4548 (e107 0.75 and earlier does not properly unset variables when the
input ...)
+	TODO: check
+CVE-2006-4547 (Lyris ListManager 8.95 allows remote authenticated users to
obtain ...)
+	TODO: check
+CVE-2006-4546 (Lyris ListManager 8.95 allows remote authenticated users, who
have ...)
+	TODO: check
+CVE-2006-4545 (** DISPUTED ** ...)
+	TODO: check
+CVE-2006-4544 (Multiple PHP remote file inclusion vulnerabilities in ExBB
1.9.1, when ...)
+	TODO: check
+CVE-2006-4543 (Cross-site scripting (XSS) vulnerability in index.php in HLStats
1.34 ...)
+	TODO: check
+CVE-2006-4542 (Webmin before 1.296 and Usermin before 1.226 do not properly
handle a ...)
+	TODO: check
+CVE-2006-4541 (RapDrv.sys in BlackICE PC Protection 3.6.cpn, cpj, cpiE, and
possibly ...)
+	TODO: check
+CVE-2006-4540 (Cross-site scripting (XSS) vulnerability in learncenter.asp in
...)
+	TODO: check
+CVE-2006-4539 ((1) includes/widgets/module_company_tickets.php and (2) ...)
+	TODO: check
+CVE-2006-4538 (Linux kernel 2.6.17 and earlier, when running on IA64 or SPARC
...)
+	TODO: check
+CVE-2006-4537 (NET$SESSION_CONTROL.EXE before 20060825 in DECnet-Plus in
OpenVMS ...)
+	TODO: check
+CVE-2006-4536 (SQL injection vulnerability in module/rejestracja.php in CMS
Frogss ...)
+	TODO: check
+CVE-2006-4535
+	RESERVED
+CVE-2006-4534 (Unspecified vulnerability in Microsoft Word 2000 allows remote
...)
+	TODO: check
+CVE-2006-4533 (Multiple PHP remote file inclusion vulnerabilities in Plume CMS
1.0.6 ...)
+	TODO: check
+CVE-2006-4532 (PHP remote file inclusion vulnerability in articles/article.php
in Yet ...)
+	TODO: check
+CVE-2006-4531 (PHP remote file inclusion vulnerability in lib/config.php in
Pheap CMS ...)
+	TODO: check
+CVE-2006-4530 (Direct static code injection vulnerability in include/change.php
in ...)
+	TODO: check
+CVE-2006-4529 (SQL injection vulnerability in recherchemembre.php in membrepass
1.5. ...)
+	TODO: check
+CVE-2006-4528 (Multiple cross-site scripting (XSS) vulnerabilities in
membrepass 1.5 ...)
+	TODO: check
+CVE-2006-4527 (includes/content/gateway.inc.php in CubeCart 3.0.12 and earlier,
when ...)
+	TODO: check
+CVE-2006-4526 (SQL injection vulnerability in includes/content/viewCat.inc.php
in ...)
+	TODO: check
+CVE-2006-4525 (Cross-site scripting (XSS) vulnerability in CubeCart 3.0.12 and
...)
+	TODO: check
+CVE-2006-4524 (Multiple SQL injection vulnerabilities in login_verif.asp in
Digiappz ...)
+	TODO: check
+CVE-2006-4523 (The web-based management interface in 2Wire, Inc. HomePortal and
...)
+	TODO: check
+CVE-2006-4522 (Unspecified vulnerability in dtterm in IBM AIX 5.2 and 5.3
allows ...)
+	TODO: check
+CVE-2004-2664 (John Lim ADOdb Library for PHP before 4.23 allows remote
attackers to ...)
+	TODO: check
 CVE-2006-XXXX [hostapd dos]
 	- hostapd 1:0.5.4-1
 	[sarge] - hostapd <not-affected> (Vulnerable code not present)
@@ -27,7 +231,7 @@
 	RESERVED
 CVE-2006-4509
 	RESERVED
-CVE-2006-4508 (Unspecified vulnerability in Tor 0.1.0.x before 0.1.0.18 and
0.1.1.x ...)
+CVE-2006-4508 (Unspecified vulnerability in (1) Tor 0.1.0.x before 0.1.0.18 and
...)
 	- tor 0.1.1.23-1
 CVE-2006-4507 (Unspecified vulnerability in the TIFF viewer (possibly libTIFF)
in the ...)
 	NOT-FOR-US: Sony
@@ -119,9 +323,9 @@
 	- joomla <itp> (bug #326398)
 CVE-2006-4468 (Multiple unspecified vulnerabilities in Joomla! before 1.0.11,
related ...)
 	- joomla <itp> (bug #326398)
-CVE-2006-4467 (Interpretation conflict in Simple Machines Forum (SMF) 1.1RCx
before ...)
+CVE-2006-4467 (Simple Machines Forum (SMF) 1.1RCx before 1.1RC3, and 1.0.x
before ...)
 	NOT-FOR-US: Simple Machines Forum
-CVE-2006-4466 (Interpretation conflict in Joomla! before 1.0.11 does not
properly ...)
+CVE-2006-4466 (Joomla! before 1.0.11 does not properly unset variables when the
input ...)
 	- joomla <itp> (bug #326398)
 CVE-2006-4465 (** DISPUTED ** ...)
 	NOT-FOR-US: Microsoft
@@ -135,8 +339,8 @@
 	NOT-FOR-US: Paessler IPCheck Server Monitor (not related to ipcheck in Debian)
 CVE-2006-4460 (Cross-site scripting (XSS) vulnerability in PHP iAddressBook
before ...)
 	NOT-FOR-US: iAddressBook
-CVE-2006-4459
-	RESERVED
+CVE-2006-4459 (Integer overflow in AnywhereUSB/5 1.80.00 allows local users to
cause ...)
+	TODO: check
 CVE-2006-4458 (Directory traversal vulnerability in ...)
 	- phpgroupware <unfixed> (bug #386061; medium)
 CVE-2006-4457 (PHP remote file inclusion vulnerability in index.php in phpECard
2.1.4 ...)
@@ -230,7 +434,7 @@
 	NOT-FOR-US: phpCOIN
 CVE-2006-4423 (Multiple PHP remote file inclusion vulnerabilities in Bigace
1.8.2 ...)
 	NOT-FOR-US: Bigace
-CVE-2006-4422 (PHP remote file inclusion vulnerability in ...)
+CVE-2006-4422 (** DISPUTED ** ...)
 	NOT-FOR-US: Jetbox CMS
 CVE-2006-4421 (Cross-site scripting (XSS) vulnerability in ...)
 	NOT-FOR-US: Yet Another PHP Image Gallery
@@ -315,6 +519,7 @@
 CVE-2006-4381
 	RESERVED
 CVE-2006-4380 (MySQL before 4.1.13 allows local users to cause a denial of
service ...)
+	{DSA-1169}
 	- mysql-dfsg-5.0 <not-affected> (only 4.1 affected)
 	- mysql-dfsg <not-affected> (only 4.1 affected)
 	- mysql-dfsg-4.1 <removed>
@@ -398,8 +603,7 @@
 	RESERVED
 CVE-2006-4340
 	RESERVED
-CVE-2006-4339 [openssl Signature Forgery vulnerability]
-	RESERVED
+CVE-2006-4339 (OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before
0.9.8c, ...)
 	- openssl 0.9.8b-3 (medium)
 	- openssl097 0.9.7i-2 (medium)
 	- openssl096 <removed>
@@ -414,6 +618,7 @@
 CVE-2006-4334
 	RESERVED
 CVE-2006-4333 (The SSCOP dissector in Wireshark (formerly Ethereal) before
0.99.3 allows ...)
+	{DSA-1171}
 	- wireshark 0.99.2-5.1 (low; bug #384529)
 	- ethereal <removed> (low; bug #384528)
 CVE-2006-4332 (Unspecified vulnerability in the DHCP dissector in Wireshark
(formerly ...)
@@ -579,7 +784,7 @@
 	NOT-FOR-US: Fotopholder
 CVE-2006-4258 (Absolute path traversal vulnerability in the get functionality
in ...)
 	NOT-FOR-US: Anti-Spam SMTP Proxy
-CVE-2006-4257 (Unspecified vulnerability in IBM DB2 Universal Database (UDB)
before ...)
+CVE-2006-4257 (IBM DB2 Universal Database (UDB) before 8.1 FixPak 13 allows
remote ...)
 	NOT-FOR-US: IBM DB2
 CVE-2006-4256 (index.php in Horde Application Framework before 3.1.2 allows
remote ...)
 	- horde3 3.1.3-1 (low; bug #383416)
@@ -608,7 +813,7 @@
 	RESERVED
 CVE-2006-4245
 	RESERVED
-CVE-2006-4244 (Unspecified vulnerability in unspecified versions of SQL-Ledger
allow ...)
+CVE-2006-4244 (Unspecified vulnerability in unspecified versions of SQL-Ledger,
...)
 	- sql-ledger <unfixed> (medium)
 CVE-2006-4243
 	RESERVED
@@ -645,6 +850,7 @@
 CVE-2006-4227 (MySQL before 5.0.25 and 5.1 before 5.1.12 evaluates arguments of
suid ...)
 	- mysql-dfsg-5.0 5.0.24-3 (low; bug #384798)
 CVE-2006-4226 (MySQL before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12,
when ...)
+	{DSA-1169}
 	- mysql-dfsg-5.0 5.0.24-3 (low; bug #384798)
 	[sarge] - mysql-dfsg <not-affected> (Vulnerable code not present)
 CVE-2006-4225
@@ -928,13 +1134,11 @@
 	RESERVED
 CVE-2006-4097
 	RESERVED
-CVE-2006-4096 [bind DoS in Recursive Queries]
-	RESERVED
+CVE-2006-4096 (BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote
attackers to ...)
 	- bind <unfixed> (medium)
 	- bind9 1:9.3.2-P1-1 (medium; bug #386245)
 	NOTE: there is no info whether bind 8 is affected
-CVE-2006-4095 [bind DoS in SIG Query Processing]
-	RESERVED
+CVE-2006-4095 (BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote
attackers ...)
 	- bind <unfixed> (medium)
 	- bind9 1:9.3.2-P1-1 (medium; bug #386245)
 	NOTE: there is no info whether bind 8 is affected
@@ -1329,6 +1533,7 @@
 CVE-2006-3919 (SQL injection vulnerability in index.php in SD Studio CMS allows
...)
 	NOT-FOR-US: SD Studio CMS
 CVE-2006-3918 (http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and
6.1 ...)
+	{DSA-1167-1}
 	- apache2 2.0.55-4.1 (bug #381376; medium)
 	- apache 1.3.34-3 (bug #381381; medium)
 CVE-2006-3917 (PHP remote file inclusion vulnerability in inc/gabarits.php in
R. ...)
@@ -1777,11 +1982,13 @@
 	- linux-2.6 2.6.17-7
 	- linux-2.6.16 <unfixed>
 CVE-2006-3744 (Multiple integer overflows in ImageMagick before 6.2.9 allows
...)
+	{DSA-1168-1}
 	- imagemagick <unfixed> (bug #385062)
 CVE-2006-3743 (Multiple buffer overflows in ImageMagick before 6.2.9 allow ...)
+	{DSA-1168-1}
 	- imagemagick <unfixed> (bug #385062)
-CVE-2006-3742
-	RESERVED
+CVE-2006-3742 (The KDE PAM configuration shipped with Fedora Core 5 causes KDM
...)
+	TODO: check
 CVE-2006-3741
 	RESERVED
 CVE-2006-3740
@@ -2013,8 +2220,8 @@
 	NOT-FOR-US: Microsoft
 CVE-2006-3637 (Microsoft Internet Explorer 5.01 SP4 and 6 does not properly
handle ...)
 	NOT-FOR-US: Microsoft
-CVE-2006-3636
-	RESERVED
+CVE-2006-3636 (Multiple cross-site scripting (XSS) vulnerabilities in Mailman
before ...)
+	TODO: check
 CVE-2006-3635
 	RESERVED
 CVE-2006-3634 (The (1) __futex_atomic_op and (2) futex_atomic_cmpxchg_inatomic
...)
@@ -2059,6 +2266,7 @@
 CVE-2006-3620 (Cross-site scripting (XSS) vulnerability in the showtopic module
in ...)
 	NOT-FOR-US: Koobi Pro CMS
 CVE-2006-3619 (Directory traversal vulnerability in FastJar 0.93, as used in
Gnu GCC ...)
+	{DSA-1170}
 	- gcc-4.1 4.1.1-11 (bug #368397; low)
 CVE-2006-3618 (SQL injection vulnerability in pblguestbook.php in Pixelated By
Lev ...)
 	NOT-FOR-US: Pixelated By Lev (PBL) Guestbook
@@ -3092,8 +3300,7 @@
 	NOT-FOR-US: easy-CMS
 CVE-2006-3127 (Memory leak in Network Security Services (NSS) 3.11, as used in
Sun ...)
 	- mozilla <not-affected> (SunSolve claims it is only in 3.11; latest
released is 3.10)
-CVE-2006-3126 [unspecivied vulnerability in capi4hylafax in mgetty mode]
-	RESERVED
+CVE-2006-3126 (c2faxrecv in capi4hylafax 01.02.03 allows remote attackers to
execute ...)
 	{DSA-1165}
 	- capi4hylafax 1:01.03.00.99.svn.300-3
 CVE-2006-3125 (Array index error in tetrinet.c in gtetrinet 0.7.8 and earlier
allows ...)
@@ -3507,8 +3714,8 @@
 	NOT-FOR-US: WebFORM
 CVE-2006-2942 (TWiki 4.0.0, 4.0.1, and 4.0.2 allows remote attackers to gain
Twiki ...)
 	- twiki <not-affected> (Debian''s version is old and does not
include affected file)
-CVE-2006-2941
-	RESERVED
+CVE-2006-2941 (Mailman before 2.1.9rc1 allows remote attackers to cause a
denial of ...)
+	TODO: check
 CVE-2006-2940
 	RESERVED
 CVE-2006-2939
@@ -8850,6 +9057,7 @@
 CVE-2005-4724 (SQL injection vulnerability in post.php in PhpTagCool 1.0.3
allows ...)
 	NOT-FOR-US: PhpTagCool
 CVE-2006-2440 (Heap-based buffer overflow in the libMagick componet of
ImageMagick ...)
+	{DSA-1168-1}
 	- imagemagick 6:6.2.4.5-0.6 (bug #345595)
 CVE-2006-0735 (Cross-site scripting (XSS) vulnerability in BBcode.pm in M. Blom
...)
 	NOT-FOR-US: My Blog
@@ -9983,7 +10191,7 @@
 	- thunderbird 1.5.0.2-1
 	- xulrunner 1.8.0.1-9
 CVE-2006-0296 (The XULDocument.persist function in Mozilla, Firefox before
1.5.0.1, ...)
-	{DSA-1051-1}
+	{DSA-1051-1 DSA-1044-1}
 	- firefox 1.5.dfsg+1.5.0.1-1 (bug #351442)
 	- mozilla 2:1.7.13-0.1
 	- thunderbird 1.5.0.2-1
@@ -14135,6 +14343,7 @@
 	- php4 4:4.4.2-1 (bug #339577; medium)
 	- php5 5.1.1-1 (bug #336654; medium)
 CVE-2005-3352 (Cross-site scripting (XSS) vulnerability in the mod_imap module
of ...)
+	{DSA-1167-1}
 	- apache 1.3.34-2 (bug #343466; low)
 	- apache2 2.0.55-4 (bug #343467; bug #349793; low)
 	NOTE: Version(s): prior to 1.3.35-dev, 2.0.56-dev are affected
@@ -14548,6 +14757,7 @@
 	- ethereal 0.10.13-1 (bug #334880; medium)
 	NOTE: Sarge is vulnerable
 CVE-2005-3248 (Unspecified vulnerability in the X11 dissector in Ethereal
0.10.12 and ...)
+	{DSA-1171}
 	[woody] - ethereal <not-affected> (This only affects Ethereal 0.10.1 to
0.10.12)
 	- ethereal 0.10.13-1 (bug #334880; medium)
 	NOTE: Sarge is vulnerable
@@ -14556,6 +14766,7 @@
 	[sarge] - ethereal <not-affected> (This only affects Ethereal 0.10.12)
 	- ethereal 0.10.13-1 (bug #334880; medium)
 CVE-2005-3246 (Ethereal 0.10.12 and earlier allows remote attackers to cause a
denial ...)
+	{DSA-1171}
 	[woody] - ethereal <not-affected> (This only affects Ethereal 0.9.14 to
0.10.12)
 	- ethereal 0.10.13-1 (bug #334880; medium)
 	NOTE: Sarge is vulnerable
@@ -14564,17 +14775,21 @@
 	NOTE: This affects Woody and Sarge
 	TODO: This is disabled by default, if this is a compile-time option change to
"unimportant"
 CVE-2005-3244 (The BER dissector in Ethereal 0.10.3 to 0.10.12 allows remote
...)
+	{DSA-1171}
 	[woody] - ethereal <not-affected> (This only affects Ethereal 0.10.3 to
0.10.12)
 	- ethereal 0.10.13-1 (bug #334880; medium)
 	NOTE: Sarge is vulnerable
 CVE-2005-3243 (Multiple buffer overflows in Ethereal 0.10.12 and earlier might
allow ...)
+	{DSA-1171}
 	- ethereal 0.10.13-1 (bug #334880; medium)
 	NOTE: The SLIMP3 issue affects Woody/Sarge, the AgentX issue only Sarge
 CVE-2005-3242 (Ethereal 0.10.12 and earlier allows remote attackers to cause a
denial ...)
+	{DSA-1171}
 	[woody] - ethereal <not-affected> (This only affects Ethereal 0.9.7 to
0.10.12)
 	- ethereal 0.10.13-1 (bug #334880; medium)
 	NOTE: Sarge is vulnerable
 CVE-2005-3241 (Multiple vulnerabilities in Ethereal 0.10.12 and earlier allow
remote ...)
+	{DSA-1171}
 	- ethereal 0.10.13-1 (bug #334880; medium)
 	NOTE: The ISAKMP issue only affects sid, the other three Woody and Sarge
 CVE-2005-3240 (Race condition in Microsoft Internet Explorer allows
user-assisted ...)
@@ -20476,7 +20691,7 @@
 	NOT-FOR-US: Microsoft
 CVE-2005-1682 (JavaMail API, as used by Solstice Internet Mail Server POP3 2.0,
does ...)
 	NOT-FOR-US: Solstice Internet Mail Server
-CVE-2005-1681 (PHP remote code injection vulnerability in common.php in phpATM
1.21, ...)
+CVE-2005-1681 (PHP remote file inclusion vulnerability in common.php in phpATM
1.21, ...)
 	NOT-FOR-US: phpATM
 CVE-2005-1680 (D-Link DSL-502T, DSL-504T, DSL-562T, and DSL-G604T, when ...)
 	NOT-FOR-US: D-Link hardware
Secure testing commits - Sep 2006 - r4701 - data/CVE

[Secure-testing-commits] r4701 - data/CVE
