Author: joeyh
Date: 2006-04-08 21:14:25 +0000 (Sat, 08 Apr 2006)
New Revision: 3778
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-04-08 18:30:08 UTC (rev 3777)
+++ data/CVE/list 2006-04-08 21:14:25 UTC (rev 3778)
@@ -1899,6 +1899,7 @@
CVE-2006-0807 (Stack-based buffer overflow in NJStar Chinese and Japanese Word
...)
NOT-FOR-US: NJStar
CVE-2006-0806 (Multiple cross-site scripting (XSS) vulnerabilities in ADOdb
4.71 ...)
+ {DSA-1031-1 DSA-1030-1 DSA-1029-1}
- libphp-adodb 4.72-0.1 (bug #358872; medium)
- moodle <unfixed> (bug #360396; medium)
CVE-2006-0805 (The CAPTCHA functionality in php-Nuke 6.0 through 7.9 uses fixed
...)
@@ -2896,6 +2897,7 @@
CVE-2006-0411 (claro_init_local.inc.php in Claroline 1.7.2 uses guessable
session ...)
NOT-FOR-US: Claroline
CVE-2006-0410 (SQL injection vulnerability in ADOdb before 4.71, when using
...)
+ {DSA-1031-1 DSA-1030-1 DSA-1029-1}
- libphp-adodb 4.72-0.1 (bug #349985; medium)
- moodle <unfixed> (bug #360395; medium)
CVE-2006-0409 (Cross-site scripting (XSS) vulnerability in index.php in
Pixelpost ...)
@@ -3545,7 +3547,7 @@
CVE-2006-0152 (Cross-site scripting (XSS) in search_result.php in phpChamber
1.2 and ...)
NOT-FOR-US: phpChamber
CVE-2006-0151 (sudo 1.6.8 and other versions does not clear the PYTHONINSPECT
...)
- {DSA-946-1}
+ {DSA-946-2}
- sudo 1.6.8p12-1 (medium)
NOTE: The whole black list approach is flawed, for the DSA we''ll
switch to
NOTE: a white list approach of known to be safe env vars.
@@ -3557,8 +3559,10 @@
CVE-2006-0148 (NetSarang Xlpd 2.1 allows remote attackers to cause a denial of
...)
NOT-FOR-US: NetSarang Xlpd
CVE-2006-0147 (Dynamic code evaluation vulnerability in tests/tmssql.php test
script ...)
+ {DSA-1031-1 DSA-1030-1 DSA-1029-1}
- libphp-adodb 4.72-0.1 (medium; bug #349985)
CVE-2006-0146 (The server.php test script in ADOdb for PHP before 4.70, as used
in ...)
+ {DSA-1031-1 DSA-1030-1 DSA-1029-1}
- libphp-adodb 4.72-0.1 (medium; bug #349985)
CVE-2006-0145 (The kernfs_xread function in kernfs in NetBSD 1.6 through 2.1,
and ...)
NOT-FOR-US: NetBSD
@@ -3899,6 +3903,7 @@
- graphicsmagick 1.1.7-1
CVE-2006-0053 [libimager-perl DoS]
RESERVED
+ {DSA-1028-1}
- libimager-perl 5.0-1 (bug #359661)
CVE-2006-0052 (The attachment scrubber (Scrubber.py) in Mailman 2.1.5 and
earlier, ...)
{DSA-1027-1}
@@ -4869,7 +4874,7 @@
CVE-2005-4159 (** DISPUTED ** ...)
NOT-FOR-US: Simple Machines Forum
CVE-2005-4158 (Sudo before 1.6.8 p12, when the Perl taint flag is off, does not
clear ...)
- {DSA-946-1}
+ {DSA-946-2}
- sudo 1.6.8p12-1 (bug #342948; medium)
CVE-2005-4157 (Unspecified vulnerability in Kerio WinRoute Firewall before
6.1.3 ...)
NOT-FOR-US: Kerio Firewall