Author: alec-guest
Date: 2006-05-19 13:55:35 +0000 (Fri, 19 May 2006)
New Revision: 3978
Modified:
data/CVE/list
Log:
* found fixed versions of hamlib and mozilla-thunderbird
* opened bug for twiki
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-05-19 09:28:16 UTC (rev 3977)
+++ data/CVE/list 2006-05-19 13:55:35 UTC (rev 3978)
@@ -2361,7 +2361,7 @@
- tcpquota <unfixed> (bug #358369; low)
[sarge] - tcpquota <no-dsa> (Only exploitable with strange AFS cell
name)
CVE-2006-XXXX [hamlib3-perl rpath set to user home]
- - hamlib <unfixed> (bug #358166; low)
+ - hamlib 1.2.5-3 (bug #358166; low)
[sarge] - hamlib <no-dsa> (Only exploitable with strange user name)
CVE-2006-1550 (Multiple buffer overflows in the xfig import code
(xfig-import.c) in ...)
{DSA-1025-1}
@@ -2593,7 +2593,7 @@
CVE-2006-1388 (Unspecified vulnerability in Microsoft Internet Explorer 6.0
allows ...)
NOT-FOR-US: Internet Explorer
CVE-2006-1387 (TWiki 4.0, 4.0.1, and 20010901 through 20040904 allows remote
...)
- - twiki <unfixed>
+ - twiki <unfixed> (bug #367973)
TODO: see if fw''s patch secures this in Debian
CVE-2006-1386 (The (1) rdiff and (2) preview scripts in TWiki 4.0 and 4.0.1
ignore ...)
- twiki <not-affected> (only affects 4.0.0 - 4.1.0, version in Debian
too young)
@@ -5303,7 +5303,7 @@
CVE-2006-0237 (Cross-site scripting (XSS) vulnerability in index.php in GTP
iCommerce ...)
NOT-FOR-US: GTP iCommerce
CVE-2006-0236 (GUI display truncation vulnerability in Mozilla Thunderbird
1.0.2, ...)
- - mozilla-thunderbird <unfixed> (bug #349242; bug #363777; medium)
+ - mozilla-thunderbird 1.5.0.2-1 (bug #349242; bug #363777; medium)
CVE-2006-0235 (SQL injection vulnerability in WhiteAlbum 2.5 allows remote
attackers ...)
NOT-FOR-US: WhiteAlbum
CVE-2006-0234 (SQL injection vulnerability in index.php in microBlog 2.0 RC-10
allows ...)