Author: stef-guest Date: 2006-09-17 19:26:39 +0000 (Sun, 17 Sep 2006) New Revision: 4734 Modified: data/CVE/list Log: - new linux-ftpd issues fixed (medium) - new libxml-parser-perl issue fixed (medium) - new ejabberd issue fixed (low?) - CVE-2006-4731: new sql-ledger issue fixed - new flashplugin-nonfree version fixes many issues - new thunderbird version fixes many issues - newer mozilla issues affect xulrunner as well Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-09-16 21:14:26 UTC (rev 4733) +++ data/CVE/list 2006-09-17 19:26:39 UTC (rev 4734) @@ -1,3 +1,11 @@ +CVE-2006-XXXX [linux-ftpd allows chdir to disallowed directories] + - linux-ftpd 0.17-22 (low; bug #384454) +CVE-2006-XXXX [linux-ftpd does not check return code of setuid] + - linux-ftpd 0.17-22 (medium) +CVE-2006-XXXX [buffer overflow when reading UTF-8 data] + - libxml-parser-perl 2.34-4.2 (bug #378411; medium) +CVE-2006-XXXX [ejabberd HTML code injection] + - ejabberd 1.1.1-8 CVE-2006-4792 RESERVED CVE-2006-4791 @@ -125,7 +133,7 @@ CVE-2000-1241 (Unspecified vulnerability in Haakon Nilsen simple, integrated ...) TODO: check CVE-2006-4731 (Directory traversal vulnerability in login.pl in (1) SQL-Ledger before ...) - TODO: check + - sql-ledger 2.6.19-1 CVE-2006-4730 RESERVED CVE-2006-4729 @@ -307,7 +315,7 @@ CVE-2006-4641 (SQL injection vulnerability in kategori.asp in Muratsoft Haber Portal ...) TODO: check CVE-2006-4640 (Unspecified vulnerability in Adobe Flash Player before 9.0.16.0 allows ...) - TODO: check + - flashplugin-nonfree 7.0.68.0.1 CVE-2006-4639 (Multiple PHP remote file inclusion vulnerabilities in C-News.fr C-News ...) TODO: check CVE-2006-4638 (PHP remote file inclusion vulnerability in article.php in ACGV News ...) @@ -464,41 +472,54 @@ RESERVED CVE-2006-4571 RESERVED + NOTE: MFSA-2006-64 - mozilla <unfixed> - firefox <unfixed> - - thunderbird <unfixed> + - thunderbird 1.5.0.7-1 [sarge] - mozilla-firefox <unfixed> [sarge] - mozilla-thunderbird <unfixed> CVE-2006-4570 RESERVED + NOTE: MFSA-2006-63 + - thunderbird 1.5.0.7-1 + - mozilla <unfixed> CVE-2006-4569 [firefox popup blocker xss] RESERVED + NOTE: MFSA-2006-62 - firefox <unfixed> (low) + - xulrunner <unfixed> (low) [sarge] - mozilla-firefox <unfixed> (low) CVE-2006-4568 RESERVED + NOTE: MFSA-2006-61 - mozilla <unfixed> (low) - firefox <unfixed> (low) + - xulrunner <unfixed> (low) [sarge] - mozilla-firefox <unfixed> (low) CVE-2006-4567 [Spoofing in internal auto update] RESERVED + NOTE: MFSA-2006-58 - firefox <unfixed> (unimportant) - - thunderbird <unfixed> (unimportant) + - thunderbird 1.5.0.7-1 (unimportant) [sarge] - mozilla-firefox <unfixed> (unimportant) [sarge] - mozilla-thunderbird <unfixed> (unimportant) NOTE: The internal update mechanism is disabled in Debian CVE-2006-4566 RESERVED + NOTE: MFSA-2006-57 - mozilla <unfixed> - firefox <unfixed> - - thunderbird <unfixed> + - thunderbird 1.5.0.7-1 + - xulrunner <unfixed> [sarge] - mozilla-firefox <unfixed> [sarge] - mozilla-thunderbird <unfixed> CVE-2006-4565 RESERVED + NOTE: MFSA-2006-57 - mozilla <unfixed> - firefox <unfixed> - - thunderbird <unfixed> + - xulrunner <unfixed> + - thunderbird 1.5.0.7-1 [sarge] - mozilla-firefox <unfixed> [sarge] - mozilla-thunderbird <unfixed> CVE-2006-4564 (SQL injection vulnerability in Sources/ManageBoards.php in Simple ...) @@ -998,9 +1019,11 @@ REJECTED CVE-2006-4340 RESERVED + NOTE: MFSA-2006-60, this is the similar to CVE-2006-4339 - mozilla <unfixed> - firefox <unfixed> - - thunderbird <unfixed> + - thunderbird 1.5.0.7-1 + - xulrunner <unfixed> [sarge] - mozilla-firefox <unfixed> [sarge] - mozilla-thunderbird <unfixed> CVE-2006-4339 (OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, ...) @@ -1194,13 +1217,14 @@ CVE-2006-4254 (Unspecified vulnerability in setlocale in IBM AIX 5.1.0 through 5.3.0 ...) NOT-FOR-US: IBM AIX CVE-2006-4253 (Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to cause a ...) + NOTE: MFSA-2006-59 - xulrunner <unfixed> - firefox <unfixed> - mozilla <unfixed> - - mozilla-firefox <unfixed> + - mozilla-firefox <removed> [sarge] - mozilla <unfixed> [sarge] - mozilla-thunderbird <unfixed> - [sarge] - mozilla-thunderbird <unfixed> + - thunderbird 1.5.0.7-1 CVE-2006-4252 RESERVED CVE-2006-4251 @@ -2743,9 +2767,9 @@ CVE-2006-3589 (vmware-config.pl in VMware for Linux, ESX Server 2.x, and Infrastructure ...) NOT-FOR-US: VMware CVE-2006-3588 (Unspecified vulnerability in Adobe (Macromedia) Flash Player 8.0.24.0 ...) - NOT-FOR-US: Macromedia Flash Player 8 + - flashplugin-nonfree 7.0.68.0.1 CVE-2006-3587 (Unspecified vulnerability in Adobe (Macromedia) Flash Player 8.0.24.0 ...) - NOT-FOR-US: Macromedia Flash Player 8 + - flashplugin-nonfree 7.0.68.0.1 CVE-2006-3586 (SQL injection vulnerability in Jetbox CMS 2.1 SR1 allows remote ...) NOT-FOR-US: Jetbox CMS CVE-2006-3585 (Multiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS 2.1 ...) @@ -3332,7 +3356,7 @@ CVE-2006-3312 (Multiple cross-site scripting (XSS) vulnerabilities in ashmans and ...) NOT-FOR-US: QaTraq CVE-2006-3311 (Buffer overflow in Adobe Flash Player 8.0.24.0 and earlier, Flash ...) - TODO: check + - flashplugin-nonfree 7.0.68.0.1 CVE-2006-3310 RESERVED CVE-2006-3309 (SQL injection vulnerability in SPT--ForumTopics.php in Scout Portal ...) @@ -3957,7 +3981,7 @@ CVE-2006-3015 (Argument injection vulnerability in WinSCP 3.8.1 build 328 allows ...) NOT-FOR-US: WinSCP CVE-2006-3014 (Microsoft Excel allows user-assisted attackers to execute arbitrary ...) - NOT-FOR-US: Microsoft Excel + NOT-FOR-US: Microsoft Excel / Flashplayer for Windows CVE-2006-3013 (Interpretation conflict in resetpw.php in phpBannerExchange before 2.0 ...) NOT-FOR-US: phpBannerExchange CVE-2006-3012 (SQL injection vulnerability in phpBannerExchange before 2.0 Update 6 ...)