Author: jmm-guest Date: 2006-08-31 18:56:25 +0000 (Thu, 31 Aug 2006) New Revision: 4658 Modified: data/CVE/list Log: capi4hylafax CVEfied base-config/shadow fixed in latest shadow update krusader not-affected / non-issue remove old login entry, not much of a vulnerability Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-08-29 21:14:30 UTC (rev 4657) +++ data/CVE/list 2006-08-31 18:56:25 UTC (rev 4658) @@ -321,8 +321,6 @@ TODO: check CVE-2006-4282 (PHP remote file inclusion vulnerability in MamboLogin.php in the ...) TODO: check -CVE-2006-XXXX [capi4hylafax arbitrary remote command execution ] - - capi4hylafax 1:01.03.00.99.svn.300-3 CVE-2006-4281 (PHP remote file inclusion vulnerability in akocomments.php in ...) TODO: check CVE-2006-4280 (PHP remote file inclusion vulnerability in anjel.index.php in ANJEL ...) @@ -2881,7 +2879,6 @@ CVE-2006-3126 [unspecivied vulnerability in capi4hylafax in mgetty mode] RESERVED - capi4hylafax 1:01.03.00.99.svn.300-3 - TODO: check CVE-2006-3125 RESERVED CVE-2006-3124 (Buffer overflow in the HTTP header parsing in Streamripper before ...) @@ -5883,6 +5880,9 @@ REJECTED NOT-FOR-US: exchange (Duplicate of CVE-2006-0537) CVE-2006-1844 (The Debian installer for the (1) shadow 4.0.14 and (2) base-config ...) + [sarge] - shadow 1:4.0.3-31sarge8 + NOTE: The installer is fixed separately, but the postinst of the shadow update + NOTE: corrects permissions of a faulty install NOTE: seems to be a duplicate of CVE-2006-1376 - shadow 1:4.0.14-9 (bug #358210; bug #356939) - base-config 2.68 (bug #254068; low) @@ -7163,6 +7163,9 @@ CVE-2006-1377 (Cross-site scripting (XSS) vulnerability in img.php in (1) EasyMoblog ...) NOT-FOR-US: EasyMoblog CVE-2006-1376 (The installation of Debian GNU/Linux 3.1r1 from the network install CD ...) + [sarge] - shadow 1:4.0.3-31sarge8 + NOTE: The installer is fixed separately, but the postinst of the shadow update + NOTE: corrects permissions of a faulty install - shadow 1:4.0.14-9 (bug #358210; bug #356939) - base-config 2.68 (bug #254068; low) CVE-2006-1375 (AdMan 1.0.20051221 and earlier allows remote attackers to obtain the ...) @@ -12277,6 +12280,8 @@ - linux-2.6 2.6.12-6 CVE-2005-3856 (The Popular URL capability (popularurls.cpp) in Krusader 1.60.0 and ...) - krusader 1.70.0-1 (bug #336169; low) + [sarge] - krusader <not-affected> + NOTE: This seems to be a dupe of CVE-2006-3816, pinged MITRE CVE-2005-3855 (SQL injection vulnerability in process.php in 1-2-3 music store allows ...) NOT-FOR-US: 1-2-3 music store CVE-2005-3854 (Cross-site scripting (XSS) vulnerability in index.php in EasyPageCMS ...) @@ -14733,8 +14738,6 @@ CVE-2005-XXXX [smbmount doesn''t honor gid/uid with kernel 2.4] - kernel-source-2.4.27 <unfixed> (bug #310982; low) NOTE: probably already fixed in testing, wrote for confirmation -CVE-2003-XXXX [Incomplete reporting of failed logins in login] - - login 1:4.0.3-36 (bug #192849) CVE-2004-XXXX [Unspecified buffer overflow in libmng] - libmng 1.0.8-1 (bug #250106) CVE-2004-XXXX [Multiple buffer overflows in isoqlog]