thr3ads.net - Secure testing commits - [Secure-testing-commits] r3895

If this information is useful, please help other people find it:
Share via:
Stefan Fritsch
2006-Apr-30 15:42 UTC
[Secure-testing-commits] r3895 - data/CVE

Author: stef-guest
Date: 2006-04-30 15:41:36 +0000 (Sun, 30 Apr 2006)
New Revision: 3895

Modified:
   data/CVE/list
Log:
new clamav issue
some NFUs

Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-04-29 16:25:08 UTC (rev 3894)
+++ data/CVE/list	2006-04-30 15:41:36 UTC (rev 3895)
@@ -59,8 +59,9 @@
 CVE-2006-1990 (Integer overflow in the wordwrap function in string.c in PHP
4.4.2 and ...)
 	- php4 <unfixed> (bug #365311; medium)
 	- php5 <unfixed> (bug #365312; medium)
-CVE-2006-1989
+CVE-2006-1989 [freshclam: lack of proper check for the size of header data]
 	RESERVED
+	- clamav 0.88.2-1
 CVE-2006-1988 (The WebTextRenderer(WebInternal) _CG_drawRun:style:geometry:
function ...)
 	NOT-FOR-US: Apple Safari
 	NOTE: PoC exploit does not work with konqueror 4:3.5.2-2
@@ -193,31 +194,31 @@
 CVE-2006-1931 (The HTTP/XMLRPC server in Ruby before 1.8.2 uses blocking
sockets, ...)
 	TODO: check
 CVE-2006-1930 (Multiple SQL injection vulnerabilities in userscript.php in
Green ...)
-	TODO: check
+	NOT-FOR-US: Green Minute
 CVE-2006-1929 (PHP remote file inclusion vulnerability in include/common.php in
...)
-	TODO: check
+	NOT-FOR-US: I-Rater Platinum
 CVE-2006-1928 (Cisco IOS XR, when configured for Multi Protocol Label Switching
...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2006-1927 (Cisco IOS XR, when configured for Multi Protocol Label Switching
...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2006-1926 (SQL injection vulnerability in showtopic.php in ThWboard 2.84
beta 3 ...)
-	TODO: check
+	NOT-FOR-US: ThWboard
 CVE-2006-1925 (Directory traversal vulnerability in the editnews module ...)
-	TODO: check
+	NOT-FOR-US: CuteNews
 CVE-2006-1924 (SQL injection vulnerability in functions/db_api.php in LinPHA
1.1.1 ...)
-	TODO: check
+	NOT-FOR-US: LinPHA
 CVE-2006-1923 (Multiple cross-site scripting (XSS) vulnerabilities in LinPHA
before ...)
-	TODO: check
+	NOT-FOR-US: LinPHA
 CVE-2006-1922 (PHP remote file inclusion vulnerability in (1) about.php or (2)
...)
-	TODO: check
+	NOT-FOR-US: TotalCalendar
 CVE-2006-1921 (nettools.php in PHP Net Tools 2.7.1 allows remote attackers to
execute ...)
-	TODO: check
+	NOT-FOR-US: PHP Net Tools 
 CVE-2006-1920 (SQL injection vulnerability in index.php in PMTool 1.2.2 allows
remote ...)
-	TODO: check
+	NOT-FOR-US: PMTool
 CVE-2006-1919 (PHP remote file inclusion vulnerability in index.php in Internet
...)
-	TODO: check
+	NOT-FOR-US: Internet Photoshow 
 CVE-2006-1918 (Multiple cross-site scripting (XSS) vulnerabilities in Papoo
2.1.5 ...)
-	TODO: check
+	NOT-FOR-US: Papoo
 CVE-2006-1917 (SQL injection vulnerability in member.php in Blackorpheus ...)
 	TODO: check
 CVE-2006-1916 (Multiple cross-site scripting (XSS) vulnerabilities in
profile.php in ...)
@@ -736,6 +737,7 @@
 CVE-2006-1721 (digestmd5.c in the CMU Cyrus Simple Authentication and Security
Layer ...)
 	{DSA-1042-1}
 	- cyrus-sasl2 2.1.19.dfsg1-0.2 (bug #361937; low)
+	- cyrus-sasl2-mit <not-affected> (does not install digest-md5)
 CVE-2006-1720 (Cross-site scripting (XSS) vulnerability in search.php in
SaphpLesson ...)
 	NOT-FOR-US: SaphpLesson
 CVE-2006-1719 (Internet Explorer 6 allows remote attackers to cause a denial of
...)
Secure testing commits - Apr 2006 - r3895 - data/CVE

[Secure-testing-commits] r3895 - data/CVE
