Author: alec-guest Date: 2006-05-19 15:59:43 +0000 (Fri, 19 May 2006) New Revision: 3982 Modified: data/CVE/list Log: * fix libextractor typo * put kphone back in under the new CVE (taken out in r3972) * clamav isn''t affected by CVE-2006-2427 * bugzilla is unfixed for CVE-2006-2420 but the issue is minor Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-05-19 15:30:21 UTC (rev 3981) +++ data/CVE/list 2006-05-19 15:59:43 UTC (rev 3982) @@ -1,5 +1,5 @@ CVE-2006-2458 (Multiple heap-based buffer overflows in Libextractor 0.5.13 and ...) - libextractor 0.5.14-1 + - libextractor 0.5.14-1 CVE-2006-2457 RESERVED CVE-2006-2456 @@ -29,7 +29,7 @@ CVE-2006-2444 RESERVED CVE-2006-2442 (kphone 4.2 creates .qt/kphonerc with world-readable permissions, which ...) - TODO: check + - kphone 1:4.2-3 (bug #337830; medium) CVE-2006-2439 RESERVED CVE-2006-2438 (Directory traversal vulnerability in the viewfile servlet in the ...) @@ -55,7 +55,7 @@ CVE-2006-2428 (add.asp in DUware DUbanner 3.1 allows remote attackers to execute ...) NOT-FOR-US: Duware CVE-2006-2427 (freshclam in (1) Clam Antivirus (ClamAV) 0.88 and (2) ClamXav 1.0.3h ...) - TODO: check + clamav <not-affected> (clamav-freshclam doesn''t ship freshclam setuid or setgid) CVE-2006-2426 (Sun Java Runtime Environment (JRE) 1.5.0_6 and earlier, JDK 1.5.0_6 ...) TODO: check CVE-2006-2425 (Multiple cross-site scripting (XSS) vulnerabilities in PRV.php in ...) @@ -69,7 +69,8 @@ CVE-2006-2421 (Stack-based buffer overflow in Pragma FortressSSH 4.0.7.20 allows ...) TODO: check CVE-2006-2420 (Bugzilla 2.20rc1 through 2.20 and 2.21.1, when using RSS 1.0, allows ...) - TODO: check + NOTE: "this issue normally would not be included in CVE, it is being identified since the Bugzilla developers have addressed it." + bugzilla <unfixed> (low) CVE-2006-2419 (Cross-site scripting (XSS) vulnerability in index.php in Directory ...) TODO: check CVE-2006-2418 (Cross-site scripting (XSS) vulnerabilities in certain versions of ...)