Secure testing commits - May 2006 - r3946 - data/CVE

Author: stef-guest
Date: 2006-05-12 16:04:35 +0000 (Fri, 12 May 2006)
New Revision: 3946

Modified:
   data/CVE/list
Log:
new quagga issue; some NFUs

Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-05-12 15:26:09 UTC (rev 3945)
+++ data/CVE/list	2006-05-12 16:04:35 UTC (rev 3946)
@@ -1,47 +1,47 @@
 CVE-2006-2297 (Heap-based buffer overflow in Microsoft Infotech Storage System
...)
-	TODO: check
+	NOT-FOR-US: Microsoft Infotech Storage System
 CVE-2006-2296 (SQL injection vulnerability in search_result.asp in
EDirectoryPro 2.0 ...)
-	TODO: check
+	NOT-FOR-US: EDirectoryPro
 CVE-2006-2295 (Directory traversal vulnerability in Dynamic Galerie 1.0 allows
remote ...)
-	TODO: check
+	NOT-FOR-US: Dynamic Galerie
 CVE-2006-2294 (Cross-site scripting (XSS) vulnerability in Dynamic Galerie 1.0
allows ...)
-	TODO: check
+	NOT-FOR-US: Dynamic Galerie
 CVE-2006-2293 (SQL injection vulnerability in all_calendars.asp in
MultiCalendars 3.0 ...)
-	TODO: check
+	NOT-FOR-US: MultiCalendars
 CVE-2006-2292 (Multiple SQL injection vulnerabilities in IA-Calendar allow
remote ...)
-	TODO: check
+	NOT-FOR-US: IA-Calendar
 CVE-2006-2291 (Cross-site scripting (XSS) vulnerability in calendar_new.asp in
...)
-	TODO: check
+	NOT-FOR-US: IA-Calendar
 CVE-2006-2290 (Multiple cross-site scripting (XSS) vulnerabilities in
kommentar.php ...)
-	TODO: check
+	NOT-FOR-US: 2005-Comments-Script
 CVE-2006-2289 (Buffer overflow in avahi-core in Avahi before 0.6.10 allows
local ...)
 	- avahi 0.6.10-1 (medium)
 CVE-2006-2288 (Avahi before 0.6.10 allows local users to cause a denial of
service ...)
 	- avahi 0.6.10-1 (low)
 CVE-2006-2287 (Multiple cross-site scripting (XSS) vulnerabilities in Vision
Source ...)
-	TODO: check
+	NOT-FOR-US: Vision Source
 CVE-2006-2286 (Multiple PHP remote file inclusion vulnerabilities in ...)
-	TODO: check
+	NOT-FOR-US: Dokeos
 CVE-2006-2285 (PHP remote file inclusion vulnerability in authldap.php in
Dokeos ...)
-	TODO: check
+	NOT-FOR-US: Dokeos
 CVE-2006-2284 (Multiple PHP remote file inclusion vulnerabilities in Claroline
1.7.5 ...)
-	TODO: check
+	NOT-FOR-US: Claroline
 CVE-2006-2283 (Multiple PHP remote file inclusion vulnerabilities in SpiffyJr
phpRaid ...)
-	TODO: check
+	NOT-FOR-US: phpRaid
 CVE-2006-2282 (Cross-site scripting (XSS) vulnerability in X7 Chat 2.0.2 and
earlier ...)
-	TODO: check
+	NOT-FOR-US: X7 Chat
 CVE-2006-2281 (X-Scripts X-Poll 2.30 allows remote attackers to execute
arbitrary PHP ...)
-	TODO: check
+	NOT-FOR-US: X-Scripts X-Poll
 CVE-2006-2280 (Directory traversal vulnerability in website.php in openEngine
1.8 ...)
-	TODO: check
+	NOT-FOR-US: openEngine
 CVE-2006-2279 (Multiple SQL injection vulnerabilities in SaphpLesson 3.0 allow
remote ...)
-	TODO: check
+	NOT-FOR-US: SaphpLesson
 CVE-2006-2278 (SaphpLesson 3.0 does not initialize array variables, which
allows ...)
-	TODO: check
+	NOT-FOR-US: SaphpLesson
 CVE-2006-2277 (Multiple Apple Mac OS X 10.4 applications might allow ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2006-2276 (bgpd in Quagga 0.98 and 0.99 before 20060504 allows local users
to ...)
-	TODO: check
+	- quagga <unfixed> (bug filed; low)
 CVE-2006-2275 (Linux SCTP (lksctp) before 2.6.17 allows remote attackers to
cause a ...)
 	TODO: check
 CVE-2006-2274 (Linux SCTP (lksctp) before 2.6.17 allows remote attackers to
cause a ...)