Author: jmm-guest Date: 2006-09-18 17:26:20 +0000 (Mon, 18 Sep 2006) New Revision: 4741 Modified: data/CVE/list Log: remove libxml-parser-perl dupe flashplugin installer not supported by security team latest firefix issues fixed checked webalizer - not security relevant older gnumail-java issue is a non-issue Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-09-18 09:14:25 UTC (rev 4740) +++ data/CVE/list 2006-09-18 17:26:20 UTC (rev 4741) @@ -2,8 +2,6 @@ - linux-ftpd 0.17-22 (low; bug #384454) CVE-2006-XXXX [linux-ftpd does not check return code of setuid] - linux-ftpd 0.17-22 (medium) -CVE-2006-XXXX [buffer overflow when reading UTF-8 data] - - libxml-parser-perl 2.34-4.2 (bug #378411; medium) CVE-2006-XXXX [ejabberd HTML code injection] - ejabberd 1.1.1-8 CVE-2006-4792 @@ -315,6 +313,7 @@ TODO: check CVE-2006-4640 (Unspecified vulnerability in Adobe Flash Player before 9.0.16.0 allows ...) - flashplugin-nonfree 7.0.68.0.1 + [sarge] - flashplugin-non-free <no-dsa> (Contrib not supported) CVE-2006-4639 (Multiple PHP remote file inclusion vulnerabilities in C-News.fr C-News ...) TODO: check CVE-2006-4638 (PHP remote file inclusion vulnerability in article.php in ACGV News ...) @@ -472,7 +471,7 @@ RESERVED NOTE: MFSA-2006-64 - mozilla <unfixed> - - firefox <unfixed> + - firefox 1.5.dfsg+1.5.0.7-1 - thunderbird 1.5.0.7-1 [sarge] - mozilla-firefox <unfixed> [sarge] - mozilla-thunderbird <unfixed> @@ -484,7 +483,7 @@ CVE-2006-4569 [firefox popup blocker xss] RESERVED NOTE: MFSA-2006-62 - - firefox <unfixed> (low) + - firefox 1.5.dfsg+1.5.0.7-1 (low) - xulrunner <unfixed> (low) - thunderbird 1.5.0.7-1 [sarge] - mozilla-firefox <unfixed> (low) @@ -492,14 +491,14 @@ RESERVED NOTE: MFSA-2006-61 - mozilla <unfixed> (low) - - firefox <unfixed> (low) + - firefox 1.5.dfsg+1.5.0.7-1 (low) - xulrunner <unfixed> (low) - thunderbird 1.5.0.7-1 [sarge] - mozilla-firefox <unfixed> (low) CVE-2006-4567 [Spoofing in internal auto update] RESERVED NOTE: MFSA-2006-58 - - firefox <unfixed> (unimportant) + - firefox 1.5.dfsg+1.5.0.7-1 (unimportant) - thunderbird 1.5.0.7-1 (unimportant) [sarge] - mozilla-firefox <unfixed> (unimportant) [sarge] - mozilla-thunderbird <unfixed> (unimportant) @@ -508,7 +507,7 @@ RESERVED NOTE: MFSA-2006-57 - mozilla <unfixed> - - firefox <unfixed> + - firefox 1.5.dfsg+1.5.0.7-1 - thunderbird 1.5.0.7-1 - xulrunner <unfixed> [sarge] - mozilla-firefox <unfixed> @@ -517,7 +516,7 @@ RESERVED NOTE: MFSA-2006-57 - mozilla <unfixed> - - firefox <unfixed> + - firefox 1.5.dfsg+1.5.0.7-1 - xulrunner <unfixed> - thunderbird 1.5.0.7-1 [sarge] - mozilla-firefox <unfixed> @@ -530,7 +529,7 @@ NOT-FOR-US: Symantec CVE-2006-4561 (Mozilla Firefox 1.5.0.6 allows remote attackers to execute arbitrary ...) - xulrunner <unfixed> (low) - - firefox <unfixed> (low) + - firefox 1.5.dfsg+1.5.0.7-1 (low) - mozilla <unfixed> (low) - mozilla-firefox <removed> (low) CVE-2006-4560 (Internet Explorer 6 on Windows XP SP2 allows remote attackers to ...) @@ -1021,7 +1020,7 @@ RESERVED NOTE: MFSA-2006-60, this is the similar to CVE-2006-4339 - mozilla <unfixed> - - firefox <unfixed> + - firefox 1.5.dfsg+1.5.0.7-1 - thunderbird 1.5.0.7-1 - xulrunner <unfixed> [sarge] - mozilla-firefox <unfixed> @@ -1850,9 +1849,9 @@ CVE-2006-XXXX [unspecified security issues in steam] - steam 2.2.16-1 CVE-2006-XXXX [Buffer overflow in XML::Parser::Expat triggered by utf8] - - libxml-parser-perl <unfixed> (bug #378411; high) + - libxml-parser-perl 2.34-4.2 (bug #378411; medium) CVE-2006-XXXX [Buffer overflow in XML::Parser::Expat triggered by deep nesting] - - libxml-parser-perl 2.34-4.1 (bug #378412; high) + - libxml-parser-perl 2.34-4.1 (bug #378412; medium) CVE-2006-3970 (PHP remote file inclusion vulnerability in lmo.php in the LMO ...) NOT-FOR-US: LMO for joomla CVE-2006-3969 (PHP remote file inclusion vulnerability in ...) @@ -2135,9 +2134,6 @@ - ocp 0.1.10rc6-1 (medium; bug #381098) CVE-2006-XXXX [uqwk buffer overflow] - uqwk 2.21-13 (bug #376577; medium) -CVE-2006-XXXX [Webalizer buffer overflows] - - webalizer 2.01.10-30 (unknown) - NOTE: 11_various_buffer_overflows should be reviewed for exploitability CVE-2006-3837 (delcookie.php in Professional Home Page Tools Guestbook changes the ...) NOT-FOR-US: Professional Home Page Tools Guestbook CVE-2006-3836 (Directory traversal vulnerability in index.php in UNIDOmedia Chameleon ...) @@ -2768,8 +2764,10 @@ NOT-FOR-US: VMware CVE-2006-3588 (Unspecified vulnerability in Adobe (Macromedia) Flash Player 8.0.24.0 ...) - flashplugin-nonfree 7.0.68.0.1 + [sarge] - flashplugin-non-free <no-dsa> (Contrib not supported) CVE-2006-3587 (Unspecified vulnerability in Adobe (Macromedia) Flash Player 8.0.24.0 ...) - flashplugin-nonfree 7.0.68.0.1 + [sarge] - flashplugin-non-free <no-dsa> (Contrib not supported) CVE-2006-3586 (SQL injection vulnerability in Jetbox CMS 2.1 SR1 allows remote ...) NOT-FOR-US: Jetbox CMS CVE-2006-3585 (Multiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS 2.1 ...) @@ -3357,6 +3355,7 @@ NOT-FOR-US: QaTraq CVE-2006-3311 (Buffer overflow in Adobe Flash Player 8.0.24.0 and earlier, Flash ...) - flashplugin-nonfree 7.0.68.0.1 + [sarge] - flashplugin-non-free <no-dsa> (Contrib not supported) CVE-2006-3310 RESERVED CVE-2006-3309 (SQL injection vulnerability in SPT--ForumTopics.php in Scout Portal ...) @@ -23387,8 +23386,10 @@ CVE-2005-1106 (PictureViewer in QuickTime for Windows 6.5.2 allows remote attackers ...) NOT-FOR-US: Windows CVE-2005-1105 (Directory traversal vulnerability in the MimeBodyPart.getFileName ...) - - libgnumail-java <unfixed> (bug #304712; low) - [sarge] - libgnumail-java <no-dsa> (Only user in Sarge is ant, which isn''t affected) + - libgnumail-java <unfixed> (bug #304712; unimportant) + NOTE: This just provides an Java API function to receive a file name, sanitising + NOTE: this file name for further use must be done inside the application calling + NOTE: the function CVE-2005-1104 (Multiple cross-site scripting (XSS) vulnerabilities in Centra 7 ...) NOT-FOR-US: Centra CVE-2005-1103 (Sygate Security Agent (SSA) in Sygate Secure Enterprise 3.5 through ...)