Secure testing commits - Jul 2006 - r4444 - data/CVE

Author: alec-guest
Date: 2006-07-23 01:13:41 +0000 (Sun, 23 Jul 2006)
New Revision: 4444

Modified:
   data/CVE/list
Log:
* CVE-2006-3600 (libtunepimp): fixed
* CVE-2006-3671 (hyperestraier): fixed
* CVE-2006-3681, CVE-2006-3682 (awstats): fixed in previous version but not
noted


Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-07-22 07:51:21 UTC (rev 4443)
+++ data/CVE/list	2006-07-23 01:13:41 UTC (rev 4444)
@@ -112,9 +112,9 @@
 CVE-2006-3683 (PHP remote file inclusion vulnerability in poll.php in Flipper
Poll ...)
 	NOT-FOR-US: Flipper Poll
 CVE-2006-3682 (awstats.pl in AWStats 6.5 build 1.857 and earlier allows remote
...)
-	- awstats <unfixed> (bug #378960; low)
+	- awstats 6.5-2 (bug #378960; low)
 CVE-2006-3681 (Multiple cross-site scripting (XSS) vulnerabilities in
awstats.pl in ...)
-	- awstats <unfixed> (bug #378960; low)
+	- awstats 6.5-2 (bug #378960; low)
 CVE-2006-3680 (Cross-site scripting (XSS) vulnerability in photocycle in
Photocycle ...)
 	NOT-FOR-US: Photocycle
 CVE-2006-3679 (FatWire Content Server 5.5.0 allows remote attackers to bypass
access ...)
@@ -134,7 +134,7 @@
 CVE-2006-3672 (KDE Konqueror 3.5.1 and earlier allows remote attackers to cause
a ...)
 	- kdebase <unfixed> (bug #378962; low)
 CVE-2006-3671 (Cross-site request forgery (CSRF) vulnerability in the
communicate ...)
-	- hyperestraier <unfixed> (bug #379060; low)
+	- hyperestraier 1.3.3-1 (bug #379060; low)
 CVE-2006-3670 (Stack-based buffer overflow in Winlpd 1.26 allows remote
attackers to ...)
 	NOT-FOR-US: Winlpd
 CVE-2006-3669 (Mercury Messenger, possibly 1.7.1.1 and other versions, when
running ...)
@@ -276,7 +276,7 @@
 CVE-2006-3601 (** UNVERIFIABLE ** ...)
 	NOT-FOR-US: DotNetNuke
 CVE-2006-3600 (Multiple stack-based buffer overflows in the LookupTRM::lookup
...)
-	- libtunepimp <unfixed> (bug #378091; medium)
+	- libtunepimp 0.4.2-3.0etch1 (bug #378091; medium)
 CVE-2006-3599 (SQL injection vulnerability in the Nuke Advanced Classifieds
module ...)
 	NOT-FOR-US: Nuke Advanced Classifieds module for PHP-Nuke
 CVE-2006-3598 (SQL injection vulnerability in the Sections module for PHP-Nuke
allows ...)