Author: stef-guest Date: 2006-08-05 09:19:53 +0000 (Sat, 05 Aug 2006) New Revision: 4505 Modified: data/CVE/list Log: - CVE-2006-3274: webmin not affected - CVE-2006-3355: new mpg123 issue (medium) - CVE-2006-3376: new libwmf issue (medium) - CVE-2006-3392: new webmin issue not fixed in sarge - CVE-2006-3467: new freetype issue not fixed in sarge - CVE-2006-3819: twiki not affected Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-08-05 08:38:40 UTC (rev 4504) +++ data/CVE/list 2006-08-05 09:19:53 UTC (rev 4505) @@ -184,7 +184,7 @@ CVE-2006-3881 (Cross-site scripting (XSS) vulnerability in Shalwan MusicBox 2.3.4 and ...) NOT-FOR-US: Shalwan MusicBox CVE-2006-3880 (** DISPUTED ** ...) - TODO: check + NOT-FOR-US: Zen Cart CVE-2006-3879 (Integer overflow in the loadChunk function in loaders/load_gt2.c in ...) - libmikmod2 <unfixed> (bug #381379) CVE-2006-3878 (Opsware Network Automation System (NAS) 6.0 installs /etc/init.d/mysql ...) @@ -321,7 +321,7 @@ CVE-2006-3820 (Cross-site scripting (XSS) vulnerability in loudblog/index.php in ...) NOT-FOR-US: Loudblog CVE-2006-3819 (Eval injection vulnerability in the configure script in TWiki 4.0.0 ...) - TODO: check + - twiki <not-affected> (only 4.0.x is affected) CVE-2006-3818 RESERVED CVE-2006-3817 @@ -1140,7 +1140,7 @@ - linux-2.6 <unfixed> - linux-2.6.16 <unfixed> CVE-2006-3467 (Integer overflow in FreeType before 2.2 allows remote attackers to ...) - TODO: check + - freetype 2.2.1-1 (bug #379920; medium) CVE-2006-3466 REJECTED CVE-2006-3465 [libtiff: flaw in custom tag support] @@ -1306,7 +1306,7 @@ CVE-2006-3393 (Papyrus NASCAR Racing 4 4.1.3.1.6 and earlier, 2002 Season 1.1.0.2 and ...) NOT-FOR-US: Papyrus NASCAR Racing CVE-2006-3392 (Webmin before 1.290 and Usermin before 1.220 calls the simplify_path ...) - TODO: check + - webmin <unfixed> (medium; bug #381537) CVE-2006-3391 (The Execute function in iMBCContents ActiveX Control before 2.0.0.59 ...) NOT-FOR-US: iMBCContents CVE-2006-3390 (WordPress 2.0.3 allows remote attackers to obtain the installation ...) @@ -1339,7 +1339,7 @@ CVE-2006-3377 (Cross-site scripting (XSS) vulnerability in JMB Software AutoRank PHP ...) NOT-FOR-US: JMB Software AutoRank PHP CVE-2006-3376 (Integer overflow in player.c in libwmf 0.2.8.4, as used in multiple ...) - TODO: check + - libwmf <unfixed> (bug filed; medium) CVE-2006-3375 (PHP remote file inclusion vulnerability in includes/header.inc.php in ...) NOT-FOR-US: Randshop CVE-2006-3374 (PHP remote file inclusion vulnerability in index.php in Randshop 1.2 ...) @@ -1381,7 +1381,7 @@ CVE-2006-3356 (The TIFFFetchAnyArray function in ImageIO in Apple OS X 10.4.7 and ...) TODO: check CVE-2006-3355 (Heap-based buffer overflow in httpdget.c in mpg123 before 0.59s-rll ...) - TODO: check + - mpg123 <unfixed> (bug #377264; medium) CVE-2006-3354 (Microsoft Internet Explorer 6 allows remote attackers to cause a ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2006-3353 (Opera 9 allows remote attackers to cause a denial of service (crash) ...) @@ -1562,7 +1562,7 @@ CVE-2006-3275 (SQL injection vulnerability in profile.php in YaBB SE 1.5.5 and ...) NOT-FOR-US: YaBB CVE-2006-3274 (Directory traversal vulnerability in Webmin before 1.280, when run on ...) - TODO: check + - webmin <not-affected> (only windows) CVE-2006-3273 (Cross-site scripting (XSS) vulnerability in menu.php in Some Chess 1.5 ...) NOT-FOR-US: Some Chess CVE-2006-3272 (Cross-site request forgery (CSRF) vulnerability in menu.php in Some ...)