Author: stef-guest
Date: 2006-08-29 16:20:39 +0000 (Tue, 29 Aug 2006)
New Revision: 4655
Modified:
data/CVE/list
Log:
- sendmail & asterisk CVEivied
- add some more mozilla epochs
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-08-29 16:09:03 UTC (rev 4654)
+++ data/CVE/list 2006-08-29 16:20:39 UTC (rev 4655)
@@ -3,7 +3,7 @@
CVE-2006-4435 (OpenBSD 3.8, 3.9, and possibly earlier versions allows ...)
TODO: check
CVE-2006-4434 (Use-after-free vulnerability in Sendmail before 8.13.8 allows
remote ...)
- TODO: check
+ - sendmail <unfixed> (bug #385054; medium)
CVE-2006-4433 (PHP before 4.4.3 and 5.x before 5.1.4 does not limit the
character set ...)
TODO: check
CVE-2006-4432 (Directory traversal vulnerability in Zend Platform 2.2.1 and
earlier ...)
@@ -179,7 +179,7 @@
CVE-2006-4347 (SQL injection vulnerability in user logon authentication request
...)
TODO: check
CVE-2006-4346 (Asterisk 1.2.10 supports the use of client-controlled variables
to ...)
- TODO: check
+ - asterisk <unfixed> (medium; bug #385060)
CVE-2006-4345 (Stack-based buffer overflow in channels/chan_mgcp.c in MGCP in
...)
TODO: check
CVE-2006-4344 (CRLF injection vulnerability in CGI-Rescue Mail F/W System
(formd) ...)
@@ -216,13 +216,9 @@
CVE-2006-4330 (Unspecified vulnerability in the SCSI dissector in Wireshark
(formerly ...)
- wireshark <unfixed> (medium; bug #384529)
- ethereal <not-affected> (only wireshark 0.99.2 affected)
-CVE-2006-XXXX [asterisk MGCP AUEP Response Handling Buffer Overflow]
- - asterisk <unfixed> (medium; bug #385060)
CVE-2006-XXXX [zope Arbitrary file inclusion]
TODO: check zope zope-2.7 zope2.8 zope2.9 zope3
- zope2.8 2.8.8-2
-CVE-2006-XXXX [sendmail remote DoS]
- - sendmail <unfixed> (bug #385054; medium)
CVE-2006-XXXX [segfault on corrupt gif from php bug #38112]
- libgd2 <unfixed> (medium; bug #384838)
- xloadimage <unfixed> (low; bug #384841)
@@ -3658,7 +3654,7 @@
- firefox 1.5.dfsg+1.5.0.4-1 (medium)
- thunderbird 1.5.0.4-1 (medium)
[sarge] - mozilla-thunderbird <unfixed> (medium)
- - mozilla 1.7.13-0.3 (medium)
+ - mozilla 2:1.7.13-0.3 (medium)
- xulruner 1.8.0.4-1 (medium)
CVE-2006-2786 (HTTP response smuggling vulnerability in Mozilla Firefox and
...)
{DSA-1134-1 DSA-1120 DSA-1118}
@@ -3666,13 +3662,13 @@
- firefox 1.5.dfsg+1.5.0.4-1 (medium)
- thunderbird 1.5.0.4-1 (medium)
[sarge] - mozilla-thunderbird <unfixed> (medium)
- - mozilla 1.7.13-0.3 (medium)
+ - mozilla 2:1.7.13-0.3 (medium)
- xulruner 1.8.0.4-1 (medium)
CVE-2006-2785 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox
before ...)
{DSA-1134-1 DSA-1120 DSA-1118}
NOTE: MFSA-2006-34
- firefox 1.5.dfsg+1.5.0.4-1 (medium)
- - mozilla 1.7.13-0.3 (medium)
+ - mozilla 2:1.7.13-0.3 (medium)
- xulruner 1.8.0.4-1 (medium)
CVE-2006-2784 (The PLUGINSPAGE functionality in Mozilla Firefox before 1.5.0.4
allows ...)
{DSA-1134-1 DSA-1120 DSA-1118}
@@ -3687,21 +3683,21 @@
- firefox 1.5.dfsg+1.5.0.4-1 (medium)
- thunderbird 1.5.0.4-1 (medium)
[sarge] - mozilla-thunderbird <unfixed> (medium)
- - mozilla 1.7.13-0.3 (medium)
+ - mozilla 2:1.7.13-0.3 (medium)
- xulruner 1.8.0.4-1 (medium)
CVE-2006-2782 (Firefox 1.5.0.2 does not fix all test cases associated with ...)
{DSA-1134-1 DSA-1120 DSA-1118}
NOTE: MFSA-2006-41
- firefox 1.5.dfsg+1.5.0.4-1 (medium)
[sarge] - mozilla-thunderbird <unfixed> (medium)
- - mozilla 1.7.13-0.3 (medium)
+ - mozilla 2:1.7.13-0.3 (medium)
- xulruner 1.8.0.4-1 (medium)
CVE-2006-2781 (Double-free vulnerability in Mozilla Thunderbird before 1.5.0.4
and ...)
{DSA-1134-1 DSA-1118}
NOTE: MFSA-2006-40
- thunderbird 1.5.0.4-1 (high)
[sarge] - mozilla-thunderbird <unfixed> (high)
- - mozilla 1.7.13-0.3 (high)
+ - mozilla 2:1.7.13-0.3 (high)
- xulruner <unfixed> (high)
CVE-2006-2780 (Integer overflow in Mozilla Firefox and Thunderbird before
1.5.0.4 ...)
{DSA-1134-1 DSA-1120 DSA-1118}
@@ -3709,7 +3705,7 @@
- firefox 1.5.dfsg+1.5.0.4-1 (high)
- thunderbird 1.5.0.4-1 (high)
[sarge] - mozilla-thunderbird <unfixed> (high)
- - mozilla 1.7.13-0.3 (high)
+ - mozilla 2:1.7.13-0.3 (high)
- xulruner 1.8.0.4-1 (high)
CVE-2006-2779 (Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote
attackers ...)
{DSA-1134-1 DSA-1120 DSA-1118}
@@ -3717,7 +3713,7 @@
- firefox 1.5.dfsg+1.5.0.4-1 (high)
- thunderbird 1.5.0.4-1 (high)
[sarge] - mozilla-thunderbird <unfixed> (high)
- - mozilla 1.7.13-0.3 (high)
+ - mozilla 2:1.7.13-0.3 (high)
- xulruner <unfixed> (high)
CVE-2006-2778 (The crypto.signText function in Mozilla Firefox and Thunderbird
before ...)
{DSA-1134-1 DSA-1120 DSA-1118}
@@ -3725,13 +3721,13 @@
- firefox 1.5.dfsg+1.5.0.4-1 (high)
- thunderbird 1.5.0.4-1 (high)
[sarge] - mozilla-thunderbird <unfixed> (high)
- - mozilla 1.7.13-0.3 (high)
+ - mozilla 2:1.7.13-0.3 (high)
- xulruner 1.8.0.4-1 (high)
CVE-2006-2777 (Unspecified vulnerability in Mozilla Firefox before 1.5.0.4 and
...)
{DSA-1134-1 DSA-1120 DSA-1118}
NOTE: MFSA-2006-43
- firefox 1.5.dfsg+1.5.0.4-1 (high)
- - mozilla 1.7.13-0.3 (high)
+ - mozilla 2:1.7.13-0.3 (high)
- xulruner <unfixed> (high)
CVE-2006-2776 (Certain privileged UI code in Mozilla Firefox and Thunderbird
before ...)
{DSA-1134-1 DSA-1120 DSA-1118}
@@ -3739,7 +3735,7 @@
- firefox 1.5.dfsg+1.5.0.4-1 (high)
- thunderbird 1.5.0.4-1 (high)
[sarge] - mozilla-thunderbird <unfixed> (high)
- - mozilla 1.7.13-0.3 (high)
+ - mozilla 2:1.7.13-0.3 (high)
- xulruner 1.8.0.4-1 (high)
CVE-2006-2775 (Mozilla Firefox and Thunderbird before 1.5.0.4 associates XUL
...)
{DSA-1134-1 DSA-1120 DSA-1118}
@@ -3747,7 +3743,7 @@
- firefox 1.5.dfsg+1.5.0.4-1 (high)
- thunderbird 1.5.0.4-1 (high)
[sarge] - mozilla-thunderbird <unfixed> (high)
- - mozilla 1.7.13-0.3 (high)
+ - mozilla 2:1.7.13-0.3 (high)
- xulruner 1.8.0.4-1 (high)
CVE-2006-2774 (Cross-site scripting (XSS) vulnerability in search.php in
QontentOne ...)
NOT-FOR-US: QontentOne
@@ -5637,7 +5633,7 @@
- firefox 1.5.dfsg+1.5.0.4-1 (low)
- thunderbird <unfixed> (low)
[sarge] - mozilla-thunderbird <unfixed> (low)
- - mozilla 1.7.13-0.3 (low)
+ - mozilla 2:1.7.13-0.3 (low)
- xulruner <unfixed> (low)
CVE-2006-1941 (Neon Responder 5.4 for LANsurveyor allows remote attackers to
cause a ...)
NOT-FOR-US: Neon Responder