Author: jmm-guest Date: 2006-04-07 10:51:25 +0000 (Fri, 07 Apr 2006) New Revision: 3772 Modified: data/CVE/list Log: new mantis issues new thunderbird issues Well, all not very new, but noone cared to check them in time older xscreensaver issues already fixed in sarge NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-04-07 09:21:17 UTC (rev 3771) +++ data/CVE/list 2006-04-07 10:51:25 UTC (rev 3772) @@ -1500,11 +1500,11 @@ CVE-2006-0992 RESERVED CVE-2006-0991 (Buffer overflow in the NetBackup Sharepoint Services server daemon ...) - TODO: check + NOT-FOR-US: Veritas NetBackup CVE-2006-0990 (Stack-based buffer overflow in the NetBackup Catalog daemon (bpdbm) in ...) - TODO: check + NOT-FOR-US: Veritas NetBackup CVE-2006-0989 (Stack-based buffer overflow in the volume manager daemon (vmd) in ...) - TODO: check + NOT-FOR-US: Veritas NetBackup CVE-2006-0988 (The default configuration of the DNS Server service on Windows Server ...) NOT-FOR-US: MS Windows issue CVE-2006-0987 (The default configuration of ISC BIND, when configured as a caching ...) @@ -1729,11 +1729,13 @@ CVE-2006-0885 (Cross-site scripting (XSS) vulnerability in show_news.php in CuteNews ...) NOT-FOR-US: CuteNews CVE-2006-0884 (The WYSIWYG rendering engine in Mozilla Thunderbird 1.0.7 and earlier ...) - TODO: check + - mozilla-thunderbird <unfixed> CVE-2003-1295 (Unspecified vulnerability in xscreensaver 4.12, and possibly other ...) - TODO: check + - xscreensaver 4.21-1 + NOTE: Might be fixed earlier, but I''ve verified that the SuSE patch is included + NOTE: in the Sarge version --jmm CVE-2003-1294 (Xscreensaver before 4.15 creates temporary files insecurely in (1) ...) - TODO: check + - xscreensaver 4.15-1 CVE-2006-0883 (OpenSSH on FreeBSD 5.3 and 5.4, when used with OpenPAM, does not ...) - openssh 3.8.1p1-4 [woody] - openssh <not-affected> @@ -1823,17 +1825,17 @@ CVE-2006-0842 (Cross-site scripting (XSS) vulnerability in Calacode @Mail 4.3 allows ...) TODO: check CVE-2006-0841 (Multiple cross-site scripting (XSS) vulnerabilities in Mantis 1.00rc4 ...) - TODO: check + - mantis <unfixed> CVE-2006-0840 (manage_user_page.php in Mantis 1.00rc4 and earlier does not properly ...) - TODO: check + - mantis <unfixed> CVE-2006-0839 (The frag3 preprocessor in Sourcefire Snort 2.4.3 does not properly ...) TODO: check CVE-2006-0838 (IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 stores cleartext ...) - TODO: check + NOT-FOR-US: Tivoli CVE-2006-0837 (IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 has world-readable ...) - TODO: check + NOT-FOR-US: Tivoli CVE-2006-0836 (Mozilla Thunderbird 1.5 allows user-complicit attackers to cause an ...) - TODO: check + - mozilla-thunderbird <unfixed> CVE-2006-0835 (SQL injection vulnerability in dropbase.php in MitriDAT Web Calendar ...) TODO: check CVE-2006-0834 (Uniden UIP1868P VoIP Telephone and Router has a default password of ...) @@ -1845,7 +1847,7 @@ CVE-2006-0831 (PHP remote file include vulnerability in index.php in Tasarim Rehberi ...) TODO: check CVE-2006-0830 (The scripting engine in Internet Explorer allows remote attackers to ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2006-0829 (Cross-site scripting vulnerability in E-Blah Platinum 9.7 allows ...) TODO: check CVE-2006-0828 (Unspecified vulnerability in ESS/ Network Controller and MicroServer ...)