Author: stef-guest
Date: 2006-06-13 23:18:28 +0000 (Tue, 13 Jun 2006)
New Revision: 4202
Modified:
data/CVE/list
Log:
asterisk fixed
acidbase fixed
php4 fixed
php5 fixed
cscope fixed
xine-ui fixed
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-06-13 22:34:15 UTC (rev 4201)
+++ data/CVE/list 2006-06-13 23:18:28 UTC (rev 4202)
@@ -222,7 +222,7 @@
CVE-2006-2899 (Unspecified vulnerability in ESTsoft InternetDISK versions
before ...)
NOT-FOR-US: ESTsoft InternetDISK
CVE-2006-2898 (The IAX2 channel driver (chan_iax2) for Asterisk 1.2.x before
1.2.9 ...)
- - asterisk <unfixed>
+ - asterisk 1:1.2.7.1.dfsg-3
- iax 0.2.2-5
- iaxmodem 0.1.8.dfsg-2
CVE-2006-2897 (Cross-site scripting (XSS) vulnerability in FunkBoard 0.71
allows ...)
@@ -746,7 +746,7 @@
CVE-2006-2686 (PHP remote file inclusion vulnerabilities in ActionApps 2.8.1
allow ...)
NOT-FOR-US: ActionApps
CVE-2006-2685 (PHP remote file inclusion vulnerability in Basic Analysis and
Security ...)
- - acidbase <unfixed> (bug #370576; low)
+ - acidbase 1.2.5-1 (bug #370576; low)
CVE-2006-2684 (Cross-site scripting (XSS) vulnerability in the search module in
CMS ...)
NOT-FOR-US: Mundo
CVE-2006-2683 (PHP remote file inclusion vulnerability in 404.php in
open-medium.CMS ...)
@@ -2299,10 +2299,10 @@
NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-1991 (The substr_compare function in string.c in PHP 4.4.2 and 5.1.2
allows ...)
- php4 <unfixed> (bug #365311; medium)
- - php5 <unfixed> (bug #365312; medium)
+ - php5 5.1.4-0.1 (bug #365312; medium)
CVE-2006-1990 (Integer overflow in the wordwrap function in string.c in PHP
4.4.2 and ...)
- - php4 <unfixed> (bug #365311; medium)
- - php5 <unfixed> (bug #365312; medium)
+ - php4 4:4.4.2-1.1 (bug #365311; medium)
+ - php5 5.1.4-0.1 (bug #365312; medium)
CVE-2006-1989 (Buffer overflow in the get_database function in the HTTP client
in ...)
{DSA-1050-1}
- clamav 0.88.2
@@ -2534,7 +2534,7 @@
CVE-2006-1906 (Cross-site scripting (XSS) vulnerability in index.php in
jjgan852 ...)
NOT-FOR-US: phpLister
CVE-2006-1905 (Multiple format string vulnerabilities in xiTK (xitk/main.c) in
xine ...)
- - xine-ui <unfixed> (bug #363370; medium)
+ - xine-ui 0.99.4-1 (bug #363370; medium)
CVE-2006-1904 (Cross-site scripting (XSS) vulnerability in index.php in
AnimeGenesis ...)
NOT-FOR-US: AnimeGenesis Gallery
CVE-2006-1903 (Multiple cross-site scripting (XSS) vulnerabilities in UserLand
Manila ...)
@@ -3311,7 +3311,7 @@
CVE-2006-1608 (The copy function in file.c in PHP 4.4.2 and 5.1.2 allows local
users ...)
- php4 <unfixed> (bug #361856)
[sarge] - php4 <no-dsa> (Safe mode violations not supported)
- - php5 <unfixed> (bug #361915)
+ - php5 5.1.4-0.1 (bug #361915)
CVE-2006-1607 (Unspecified vulnerability in the banner module in Exponent CMS
before ...)
NOT-FOR-US: Exponent CMS
CVE-2006-1606 (Unspecified vulnerability in the image module in Exponent CMS
before ...)
@@ -3354,7 +3354,7 @@
CVE-2006-1591 (Heap-based buffer overflow in Microsoft Windows Help
winhlp32.exe ...)
NOT-FOR-US: Microsoft Windows Help
CVE-2006-1590 (Cross-site scripting (XSS) vulnerability in the PrintFreshPage
...)
- - acidbase <unfixed> (bug #363548; low)
+ - acidbase 1.2.5-1 (bug #363548; low)
[sarge] - acidbase <no-dsa> (Hardly exploitable)
- acidlab <unfixed> (bug #363549; low)
[sarge] - acidlab <no-dsa> (Hardly exploitable)
@@ -3453,7 +3453,7 @@
NOT-FOR-US: PAJAX
CVE-2006-1549 (PHP 4.4.2 and 5.1.2 allows local users to cause a crash
(segmentation ...)
- php4 <unfixed> (bug #361854)
- - php5 <unfixed> (bug #361917)
+ - php5 5.1.4-0.1 (bug #361917)
CVE-2005-4767 (BEA WebLogic Server and WebLogic Express 8.1 SP5 and earlier,
and 7.0 ...)
NOT-FOR-US: BEA WebLogic
CVE-2005-4766 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier,
and 7.0 ...)
@@ -3649,7 +3649,7 @@
NOT-FOR-US: PHPCollab / NetOffice
CVE-2006-1494 (Directory traversal vulnerability in file.c in PHP 4.4.2 and
5.1.2 ...)
- php4 <unfixed> (bug #361855)
- - php5 <unfixed> (bug #361916)
+ - php5 5.1.4-0.1 (bug #361916)
CVE-2006-1493 (Cross-site scripting (XSS) vulnerability in dir.php in Explorer
XP ...)
NOT-FOR-US: Explorer XP
CVE-2006-1492 (Directory traversal vulnerability in dir.php in Explorer XP
allows ...)
@@ -3683,8 +3683,8 @@
{DSA-1034-1 DSA-1033-1}
- horde3 3.1.1-1 (bug #361967)
CVE-2006-1490 (PHP before 5.1.3-RC1 might allow remote attackers to obtain
portions ...)
- - php5 <unfixed> (bug #359904; low)
- - php4 <unfixed> (bug #359907; low)
+ - php5 5.1.4-0.1 (bug #359907; low)
+ - php4 4:4.4.2-1.1 (bug #359904; low)
CVE-2006-1488 (ActiveCampaign SupportTrio 2.5 allows remote attackers to obtain
the ...)
NOT-FOR-US: ActiveCampaign SupportTrio
CVE-2006-1487 (Cross-site scripting (XSS) vulnerability in ActiveCampaign
SupportTrio ...)
@@ -4740,10 +4740,10 @@
CVE-2006-1016 (Buffer overflow in the IsComponentInstalled method in Internet
...)
NOT-FOR-US: Windows
CVE-2006-1015 (Argument injection vulnerability in certain PHP 3.x, 4.x, and
5.x ...)
- - php5 <unfixed> (bug #368595; low)
+ - php5 5.1.4-0.1 (bug #368595; low)
- php4 <unfixed> (bug #368592; low)
CVE-2006-1014 (Argument injection vulnerability in certain PHP 4.x and 5.x ...)
- - php5 <unfixed> (bug #368595; low)
+ - php5 5.1.4-0.1 (bug #368595; low)
- php4 <unfixed> (bug #368592; low)
CVE-2006-1013 (PHP remote file include vulnerability in index.php in SMartBlog
(aka ...)
NOT-FOR-US: SMartBlog
@@ -4782,7 +4782,7 @@
NOT-FOR-US: Novell
CVE-2006-0996 (Cross-site scripting (XSS) vulnerability in phpinfo (info.c) in
PHP ...)
- php4 <unfixed> (bug #361853)
- - php5 <unfixed> (bug #361914)
+ - php5 5.1.4-0.1 (bug #361914)
CVE-2006-0995 (EMC Dantz Retrospect 7 backup client 7.0.107, and other versions
...)
NOT-FOR-US: EMC Dantz Retrospect
CVE-2006-0994 (Multiple Sophos Anti-Virus products, including Anti-Virus for
Windows ...)
@@ -9506,7 +9506,7 @@
NOT-FOR-US: Dynix WebPac
CVE-2004-2541 (Buffer overflow in Cscope 15.5, and possibly multiple overflows,
...)
{DSA-1064-1}
- - cscope <unfixed> (bug #340177; medium)
+ - cscope 15.5+cvs20050816-1.1 (bug #340177; medium)
NOTE: Sarge and Woody are affected
CVE-2005-XXXX [unsafe file permissions in vpnc]
- vpnc 0.3.3+SVN20051028-3 (bug #340105; unimportant)