Author: stef-guest Date: 2006-07-28 16:21:34 +0000 (Fri, 28 Jul 2006) New Revision: 4461 Modified: data/CVE/list Log: - CVE-2006-3747: new apache issue - ldap-account-manager issues don''t affect sarge - CVE-2006-3486: unimportant mysql issue fixed - CVE-2006-3320: sitebar issue fixed Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-07-27 19:14:44 UTC (rev 4460) +++ data/CVE/list 2006-07-28 16:21:34 UTC (rev 4461) @@ -178,8 +178,10 @@ TODO: check CVE-2006-3748 (PHP remote file inclusion vulnerability in ...) TODO: check -CVE-2006-3747 +CVE-2006-3747 [apache mod_rewrite off-by-one bug] RESERVED + - apache <unfixed> (medium) + - apache2 <unfixed> (medium; bug #380182) CVE-2006-3746 RESERVED CVE-2006-3745 @@ -202,8 +204,10 @@ - htdig 1:3.2.0b6-1 CVE-2006-XXXX [ldap account manager sets trivial password instead of disabling it] - ldap-account-manager 1.0.2-1.1 (bug #368804; medium) + [sarge] - ldap-account-manager <not-affected> CVE-2006-XXXX [ldap account manager wrongly unlocks some passwords] - ldap-account-manager 1.0.3-1 (bug #375453; medium) + [sarge] - ldap-account-manager <not-affected> CVE-2006-3737 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: Plesk CVE-2006-3736 (PHP remote file inclusion vulnerability in core/videodb.class.xml.php ...) @@ -782,7 +786,7 @@ CVE-2006-3459 RESERVED CVE-2006-3486 (** DISPUTED ** ...) - - mysql-dfsg-5.0 <unfixed> (unimportant) + - mysql-dfsg-5.0 5.0.22-4 (unimportant) [sarge] - mysql-dfsg-4.1 <not-affected> (Vulnerable code not present) [sarge] - mysql-dfsg <not-affected> (Vulnerable code not present) NOTE: Only DoS possible, only root can trigger this -> non-issue @@ -1073,7 +1077,7 @@ CVE-2006-3321 (Multiple cross-site scripting (XSS) vulnerabilities in openforum.asp ...) NOT-FOR-US: OpenForum CVE-2006-3320 (Cross-site scripting (XSS) vulnerability in command.php in SiteBar ...) - - sitebar <unfixed> (bug #377299; low) + - sitebar 3.3.8-1.1 (bug #377299; low) CVE-2006-3319 (Cross-site scripting (XSS) vulnerability in rss/index.php in PHP ...) NOT-FOR-US: PHP iCalendar CVE-2006-3318 (SQL injection vulnerability in register.php for phpRaid 3.0.6 and ...)