Author: stef-guest Date: 2006-04-30 17:51:49 +0000 (Sun, 30 Apr 2006) New Revision: 3896 Modified: data/CVE/list Log: ruby issue not fixed in sarge Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-04-30 15:41:36 UTC (rev 3895) +++ data/CVE/list 2006-04-30 17:51:49 UTC (rev 3896) @@ -192,7 +192,10 @@ CVE-2006-1932 (Off-by-one error in the OID printing routine in Ethereal 0.10.x up to ...) - ethereal <unfixed> (bug #364758; medium) CVE-2006-1931 (The HTTP/XMLRPC server in Ruby before 1.8.2 uses blocking sockets, ...) - TODO: check + NOTE: the redhat bugzilla entry says this is fixed in 1.8.3 + NOTE: the fix is definitely not in 1.8.2-7sarge2 + - ruby1.8 1.8.3 + [sarge] - ruby1.8 <unfixed> (bug filed) CVE-2006-1930 (Multiple SQL injection vulnerabilities in userscript.php in Green ...) NOT-FOR-US: Green Minute CVE-2006-1929 (PHP remote file inclusion vulnerability in include/common.php in ...) @@ -220,15 +223,15 @@ CVE-2006-1918 (Multiple cross-site scripting (XSS) vulnerabilities in Papoo 2.1.5 ...) NOT-FOR-US: Papoo CVE-2006-1917 (SQL injection vulnerability in member.php in Blackorpheus ...) - TODO: check + NOT-FOR-US: Blackorpheus ClanMemberSkript CVE-2006-1916 (Multiple cross-site scripting (XSS) vulnerabilities in profile.php in ...) - TODO: check + NOT-FOR-US: DbbS CVE-2006-1915 (SQL injection vulnerability in topics.php in DbbS 2.0-alpha and ...) - TODO: check + NOT-FOR-US: DbbS CVE-2006-1914 (DbbS 2.0-alpha and earlier allows remote attackers to obtain sensitive ...) - TODO: check + NOT-FOR-US: DbbS CVE-2006-1913 (Cross-site scripting (XSS) vulnerability in jax_guestbook.php in Jax ...) - TODO: check + NOT-FOR-US: Jax Guestbook CVE-2006-1912 (MyBB (MyBulletinBoard) 1.1.0 does not set the constant KILL_GLOBAL ...) TODO: check CVE-2006-1911 (Cross-site scripting (XSS) vulnerability in MyBB (MyBulletinBoard) 1.1 ...)