Author: stef-guest
Date: 2006-08-06 19:50:03 +0000 (Sun, 06 Aug 2006)
New Revision: 4513
Modified:
data/CVE/list
Log:
- CVE-2006-2660: new php issue (seems to be open_basedir or ''safe
mode''
related => low)
- CVE-2006-2723: new firefox DoS
- CVE-2006-2788: firefox issue fixed in 1.5.0.4, affects mozilla as well
- CVE-2004-2658, CVE-2005-4788, CVE-2005-4789: maintainer thinks
resmgr in sarge is not affected
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-08-06 18:46:30 UTC (rev 4512)
+++ data/CVE/list 2006-08-06 19:50:03 UTC (rev 4513)
@@ -2625,7 +2625,10 @@
NOTE: Verified that the patch has been applied in 2.4.0-1,
NOTE: may have been fixed earlier.
CVE-2006-2788 (Double-free vulnerability in the getRawDER function for
nsIX509Cert in ...)
- TODO: check
+ - mozilla <unfixed> (high)
+ - mozilla-firefox <unfixed> (high)
+ - firefox 1.5.dfsg+1.5.0.4 (high)
+ - xulrunner 1.8.0.4-1 (high)
CVE-2006-2787 (EvalInSandbox in Mozilla Firefox and Thunderbird before 1.5.0.4
allows ...)
{DSA-1134-1 DSA-1120 DSA-1118}
NOTE: MFSA-2006-31
@@ -2734,7 +2737,7 @@
CVE-2006-2770 (Directory traversal vulnerability in randompic.php in pppBLOG
0.3.8 ...)
NOT-FOR-US: pppBLOG
CVE-2006-2769 (The HTTP Inspect preprocessor (http_inspect) in Snort 2.4.0
through ...)
- TODO: check
+ - snort <unfixed> (low; bug filed)
CVE-2006-2768 (PHP remote file inclusion vulnerability in METAjour 2.1, when
...)
NOT-FOR-US: METAjour
CVE-2006-2767 (PHP remote file inclusion vulnerability in Ottoman 1.1.2, when
...)
@@ -2756,8 +2759,10 @@
NOT-FOR-US: 4nForum
CVE-2006-2759 (jetty 6.0.x (jetty6) beta16 allows remote attackers to read
arbitrary ...)
TODO: check
+ NOTE: sf: pinged maintainers about jetty 5
CVE-2006-2758 (Directory traversal vulnerability in jetty 6.0.x (jetty6) beta16
...)
TODO: check
+ NOTE: sf: pinged maintainers about jetty 5
CVE-2006-2757 (Cross-site scripting (XSS) vulnerability in Chipmunk guestbook
allows ...)
NOT-FOR-US: Chipmunk guestbook
CVE-2006-2756 (Eitsop My Web Server 1.0 allows remote attackers to cause a
denial of ...)
@@ -2828,7 +2833,10 @@
CVE-2006-2724 (Cross-site scripting (XSS) vulnerability in PunBB 1.2.11 allows
remote ...)
NOT-FOR-US: PunBB
CVE-2006-2723 (Unspecified versions of Mozilla Firefox allow remote attackers
to ...)
- TODO: check
+ - firefox <unfixed> (low)
+ - mozilla <unfixed> (low)
+ - mozilla-firefox <unfixed> (low)
+ - xulrunner <unfixed> (low)
CVE-2006-2722 (SQL injection vulnerability in view_album.php in SelectaPix 1.4
allows ...)
NOT-FOR-US: SelectaPix
CVE-2006-2721 (Cross-site scripting (XSS) vulnerability in news.php in VARIOMAT
...)
@@ -2955,7 +2963,8 @@
{DSA-1095-1}
- freetype 2.2.1-1 (medium)
CVE-2006-2660 (Buffer consumption vulnerability in the tempnam function in PHP
5.1.4 ...)
- TODO: check
+ - php4 <unfixed> (low)
+ - php5 <unfixed> (low)
CVE-2006-2658
RESERVED
CVE-2006-2657
@@ -4411,14 +4420,11 @@
CVE-2005-4790 (Multiple untrusted search path vulnerabilities in SUSE Linux 9.3
and ...)
NOT-FOR-US: SUSE-specific
CVE-2005-4789 (resmgr in SUSE Linux 9.2 and 9.3, and possibly other
distributions, ...)
- TODO: check
- NOTE: sf: pinged maintainer
+ - resmgr <not-affected>
CVE-2005-4788 (resmgr in SUSE Linux 9.2 and 9.3, and possibly other
distributions, ...)
- TODO: check
- NOTE: sf: pinged maintainer
+ - resmgr <not-affected>
CVE-2004-2658 (resmgr in SUSE CORE 9 does not properly identify terminal names,
which ...)
- TODO: check
- NOTE: sf: pinged maintainer
+ - resmgr <not-affected>
CVE-2006-XXXX [librsvg2 crash on certain svg files]
- librsvg 2.14.3-2 (bug #361653; bug #361540; medium)
CVE-2006-2018 (** DISPUTED ** ...)