Author: stef-guest
Date: 2006-04-30 18:53:24 +0000 (Sun, 30 Apr 2006)
New Revision: 3897
Modified:
data/CVE/list
Log:
ruby bugnum
thunderbird fix
some NFUs
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-04-30 17:51:49 UTC (rev 3896)
+++ data/CVE/list 2006-04-30 18:53:24 UTC (rev 3897)
@@ -195,7 +195,7 @@
NOTE: the redhat bugzilla entry says this is fixed in 1.8.3
NOTE: the fix is definitely not in 1.8.2-7sarge2
- ruby1.8 1.8.3
- [sarge] - ruby1.8 <unfixed> (bug filed)
+ [sarge] - ruby1.8 <unfixed> (bug #365520)
CVE-2006-1930 (Multiple SQL injection vulnerabilities in userscript.php in
Green ...)
NOT-FOR-US: Green Minute
CVE-2006-1929 (PHP remote file inclusion vulnerability in include/common.php in
...)
@@ -233,23 +233,24 @@
CVE-2006-1913 (Cross-site scripting (XSS) vulnerability in jax_guestbook.php in
Jax ...)
NOT-FOR-US: Jax Guestbook
CVE-2006-1912 (MyBB (MyBulletinBoard) 1.1.0 does not set the constant
KILL_GLOBAL ...)
- TODO: check
+ NOT-FOR-US: MyBB
CVE-2006-1911 (Cross-site scripting (XSS) vulnerability in MyBB
(MyBulletinBoard) 1.1 ...)
- TODO: check
+ NOT-FOR-US: MyBB
CVE-2006-1910 (config.php in S9Y Serendipity 1.0 beta 2 allows remote attackers
to ...)
- TODO: check
+ NOT-FOR-US: Serendipity
CVE-2006-1909 (Directory traversal vulnerability in index.php in Coppermine
1.4.4 ...)
- TODO: check
+ NOT-FOR-US: Coppermine
CVE-2006-1908 (Cross-site scripting vulnerability in addevent.php in myEvent
1.x ...)
- TODO: check
+ NOT-FOR-US: myEvent
CVE-2006-1907 (Multiple SQL injection vulnerabilities in myEvent 1.x allow
remote ...)
- TODO: check
+ NOT-FOR-US: myEvent
CVE-2005-4787 (** DISPUTED ** ...)
- TODO: check
+ NOT-FOR-US: Turnkey Web Tools SunShop Shopping Cart
CVE-2004-2657 (** DISPUTED ** ...)
- TODO: check
+ - mozilla-firefox <not-affected>
+ - firefox <not-affected>
CVE-1999-1588 (Buffer overflow in nlps_server in Sun Solaris x86 2.4, 2.5, and
2.5.1 ...)
- TODO: check
+ NOT-FOR-US: Sun Solaris
CVE-2006-XXXX [wiki macro XSS vulnerability]
- trac 0.9.5-1
CVE-2006-1906 (Cross-site scripting (XSS) vulnerability in index.php in
jjgan852 ...)
@@ -601,7 +602,7 @@
- firefox <unfixed> (medium)
- mozilla-firefox <unfixed> (medium)
- mozilla <unfixed> (medium)
- - thunderbird <unfixed> (low)
+ - thunderbird 1.5.0.2-1 (low)
- mozilla-thunderbird <unfixed> (low)
NOTE: The Mozilla Foundation labels this as "critical", but
it''s not
NOTE: clear if this bug is exploitable.
@@ -610,35 +611,35 @@
- firefox <unfixed> (medium)
- mozilla-firefox <unfixed> (medium)
- mozilla <unfixed> (medium)
- - thunderbird <unfixed> (low)
+ - thunderbird 1.5.0.2-1 (low)
- mozilla-thunderbird <unfixed> (low)
CVE-2006-1740 (Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla
Suite ...)
{DSA-1046-1 DSA-1044-1}
- firefox <unfixed> (low)
- mozilla-firefox <unfixed> (low)
- mozilla <unfixed> (low)
- - thunderbird <unfixed> (low)
+ - thunderbird 1.5.0.2-1 (low)
- mozilla-thunderbird <unfixed> (low)
CVE-2006-1739 (The CSS border-rendering code in Mozilla Firefox and Thunderbird
1.x ...)
{DSA-1046-1 DSA-1044-1}
- firefox <unfixed> (medium)
- mozilla-firefox <unfixed> (medium)
- mozilla <unfixed> (medium)
- - thunderbird <unfixed> (low)
+ - thunderbird 1.5.0.2-1 (low)
- mozilla-thunderbird <unfixed> (low)
CVE-2006-1738 (Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x
...)
{DSA-1046-1 DSA-1044-1}
- firefox <unfixed> (medium)
- mozilla-firefox <unfixed> (medium)
- mozilla <unfixed> (medium)
- - thunderbird <unfixed> (low)
+ - thunderbird 1.5.0.2-1 (low)
- mozilla-thunderbird <unfixed> (low)
CVE-2006-1737 (Integer overflow in Mozilla Firefox and Thunderbird 1.x before
1.5 and ...)
{DSA-1046-1 DSA-1044-1}
- firefox <unfixed> (medium)
- mozilla-firefox <unfixed> (medium)
- mozilla <unfixed> (medium)
- - thunderbird <unfixed> (low)
+ - thunderbird 1.5.0.2-1 (low)
- mozilla-thunderbird <unfixed> (low)
CVE-2006-1736 (Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla
Suite ...)
{DSA-1046-1 DSA-1044-1}
@@ -650,42 +651,42 @@
- firefox <unfixed> (high)
- mozilla-firefox <unfixed> (high)
- mozilla <unfixed> (high)
- - thunderbird <unfixed> (medium)
+ - thunderbird 1.5.0.2-1 (medium)
- mozilla-thunderbird <unfixed> (medium)
CVE-2006-1734 (Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before
1.0.8, ...)
{DSA-1046-1 DSA-1044-1}
- firefox <unfixed> (high)
- mozilla-firefox <unfixed> (high)
- mozilla <unfixed> (high)
- - thunderbird <unfixed> (medium)
+ - thunderbird 1.5.0.2-1 (medium)
- mozilla-thunderbird <unfixed> (medium)
CVE-2006-1733 (Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before
1.0.8, ...)
{DSA-1046-1 DSA-1044-1}
- firefox <unfixed> (high)
- mozilla-firefox <unfixed> (high)
- mozilla <unfixed> (high)
- - thunderbird <unfixed> (medium)
+ - thunderbird 1.5.0.2-1 (medium)
- mozilla-thunderbird <unfixed> (medium)
CVE-2006-1732 (Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x
...)
{DSA-1044-1}
- firefox <unfixed> (medium)
- mozilla-firefox <unfixed> (medium)
- mozilla <unfixed> (medium)
- - thunderbird <unfixed> (low)
+ - thunderbird 1.5.0.2-1 (low)
- mozilla-thunderbird <unfixed> (low)
CVE-2006-1731 (Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before
1.0.8, ...)
{DSA-1046-1 DSA-1044-1}
- firefox <unfixed> (medium)
- mozilla-firefox <unfixed> (medium)
- mozilla <unfixed> (medium)
- - thunderbird <unfixed> (low)
+ - thunderbird 1.5.0.2-1 (low)
- mozilla-thunderbird <unfixed> (low)
CVE-2006-1730 (Integer overflow in Mozilla Firefox and Thunderbird 1.x before
1.5.0.2 ...)
{DSA-1046-1 DSA-1044-1}
- firefox 1.5.dfsg+1.5.0.2-1 (high)
- mozilla-firefox <unfixed> (high)
- mozilla <unfixed> (high)
- - thunderbird <unfixed> (medium)
+ - thunderbird 1.5.0.2-1 (medium)
- mozilla-thunderbird <unfixed> (medium)
NOTE: MFSA2006-22 says that it is not clear whether Thunderbird is
NOTE: exploitable in the default configuration.
@@ -700,20 +701,20 @@
- firefox 1.5.dfsg+1.5.0.2-1 (high)
- mozilla-firefox <unfixed> (high)
- mozilla <unfixed> (high)
- - thunderbird <unfixed> (medium)
+ - thunderbird 1.5.0.2-1 (medium)
- mozilla-thunderbird <unfixed> (medium)
CVE-2006-1727 (Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x
...)
{DSA-1046-1 DSA-1044-1}
- firefox 1.5.dfsg+1.5.0.2-1 (medium)
- mozilla-firefox <unfixed> (medium)
- mozilla <unfixed> (medium)
- - thunderbird <unfixed> (medium)
+ - thunderbird 1.5.0.2-1 (medium)
- mozilla-thunderbird <unfixed> (medium)
NOTE: If print preview (and this bug) can be triggered from JavaScript,
NOTE: the urgency should probably be raised.
CVE-2006-1726 (Unspecified vulnerability in Firefox and Thunderbird 1.5 before
...)
- firefox 1.5.dfsg+1.5.0.2-1 (high)
- - thunderbird <unfixed> (medium)
+ - thunderbird 1.5.0.2-1 (medium)
NOTE: New bug in Firefox 1.5.
CVE-2006-1725 (Mozilla Firefox 1.5 before 1.5.0.2 and SeaMonkey before 1.0.1
causes ...)
- firefox 1.5.dfsg+1.5.0.2-1 (low)
@@ -722,7 +723,7 @@
{DSA-1046-1 DSA-1044-1}
- firefox 1.5.dfsg+1.5.0.2-1 (medium)
- mozilla <unfixed> (medium)
- - thunderbird <unfixed> (low)
+ - thunderbird 1.5.0.2-1 (low)
- mozilla-thunderbird <unfixed> (low)
NOTE: MFSA2006-20 says exploitability has not been confirmed.
NOTE: Thunderbird is potentially affected as well, but not in the
@@ -732,7 +733,7 @@
- firefox <unfixed> (medium)
- mozilla-firefox <unfixed> (medium)
- mozilla <unfixed> (medium)
- - thunderbird <unfixed> (low)
+ - thunderbird 1.5.0.2-1 (low)
- mozilla-thunderbird <unfixed> (low)
NOTE: This is probably: https://bugzilla.mozilla.org/show_bug.cgi?id=320459
CVE-2006-1722 (Cross-site scripting (XSS) vulnerability in suche.htm in ShopXS
4.0 ...)
@@ -1236,7 +1237,7 @@
{DSA-1046-1}
- firefox <unfixed> (medium)
- mozilla-firefox <not-affected> (pre-1.5 version not vulnerable)
- - thunderbird <unfixed> (low)
+ - thunderbird 1.5.0.2-1 (low)
- mozilla-thunderbird <not-affected> (pre-1.5 version not vulnerable)
NOTE: MFSA2006-20 says exploitability has not been confirmed.
NOTE: Thunderbird is potentially affected as well, but not in the
@@ -1245,7 +1246,7 @@
{DSA-1046-1}
- firefox <unfixed> (medium)
- mozilla-firefox <not-affected> (pre-1.5 version not vulnerable)
- - thunderbird <unfixed> (low)
+ - thunderbird 1.5.0.2-1 (low)
- mozilla-thunderbird <not-affected> (pre-1.5 version not vulnerable)
NOTE: MFSA2006-20 says exploitability has not been confirmed.
NOTE: Thunderbird is potentially affected as well, but not in the
@@ -1254,7 +1255,7 @@
{DSA-1046-1}
- firefox <unfixed> (medium)
- mozilla-firefox <not-affected> (pre-1.5 version not vulnerable)
- - thunderbird <unfixed> (low)
+ - thunderbird 1.5.0.2-1 (low)
- mozilla-thunderbird <not-affected> (pre-1.5 version not vulnerable)
NOTE: MFSA2006-20 says exploitability has not been confirmed.
NOTE: Thunderbird is potentially affected as well, but not in the
@@ -2356,7 +2357,7 @@
- monopd <unfixed> (bug #355797)
CVE-2006-1045 (The HTML rendering engine in Mozilla Thunderbird 1.5, when
"Block ...)
{DSA-1046-1}
- - mozilla-thunderbird <unfixed> (low)
+ - thunderbird 1.5.0.2-1
- firefox 1.5.dfsg+1.5.0.2-1
CVE-2006-1044 (Multiple buffer overflows in LISTSERV 14.3 and 14.4, including
...)
NOT-FOR-US: LISTSERV
@@ -2698,6 +2699,7 @@
CVE-2006-0884 (The WYSIWYG rendering engine in Mozilla Thunderbird 1.0.7 and
earlier ...)
{DSA-1046-1}
- mozilla-thunderbird <unfixed>
+ - thunderbird 1.5.0.2-1
- firefox 1.5.dfsg+1.5.0.2-1
CVE-2003-1295 (Unspecified vulnerability in xscreensaver 4.12, and possibly
other ...)
- xscreensaver 4.21-1
@@ -2989,14 +2991,14 @@
- firefox <unfixed> (low)
- mozilla-firefox <unfixed> (low)
- mozilla <unfixed> (low)
- - thunderbird <unfixed> (low)
+ - thunderbird 1.5.0.2-1 (low)
- mozilla-thunderbird <unfixed> (low)
CVE-2006-0748 (Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x
before ...)
{DSA-1046-1 DSA-1044-1}
- firefox 1.5.dfsg+1.5.0.2-1 (high)
- mozilla-firefox <unfixed> (high)
- mozilla <unfixed> (high)
- - thunderbird <unfixed> (high)
+ - thunderbird 1.5.0.2-1 (high)
- mozilla-thunderbird <unfixed> (high)
CVE-2006-0747
RESERVED
@@ -4135,30 +4137,36 @@
- mozilla <not-affected> (E4X not implemented in Mozilla 1.7)
- firefox 1.5.dfsg+1.5.0.1-1 (bug #351442)
- mozilla-thunderbird <unfixed>
+ - thunderbird 1.5.0.2-1
CVE-2006-0298 (The XML parser in Mozilla Firefox before 1.5.0.1 and SeaMonkey
before ...)
- mozilla-firefox <not-affected> (Only Firefox 1.5 is affected)
- mozilla <not-affected> (Mozilla 1.7 is not affected)
- firefox 1.5.dfsg+1.5.0.1-1 (bug #351442)
- mozilla-thunderbird <unfixed>
+ - thunderbird 1.5.0.2-1
CVE-2006-0297 (Multiple integer overflows in Mozilla Firefox 1.5, Thunderbird
1.5 if ...)
- mozilla-firefox <not-affected> (Only Firefox 1.5 is affected)
- mozilla <not-affected> (Mozilla 1.7 is not affected)
- firefox 1.5.dfsg+1.5.0.1-1 (bug #351442)
- mozilla-thunderbird <unfixed>
+ - thunderbird 1.5.0.2-1
CVE-2006-0296 (The XULDocument.persist function in Mozilla, Firefox before
1.5.0.1, ...)
- mozilla-firefox <not-affected> (Only Firefox 1.5 is affected)
- firefox 1.5.dfsg+1.5.0.1-1 (bug #351442)
- mozilla-thunderbird <unfixed>
- mozilla <not-affected> (Mozilla 1.7 is not affected)
+ - thunderbird 1.5.0.2-1
CVE-2006-0295 (Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in
mail, ...)
- firefox 1.5.dfsg+1.5.0.1-1 (bug #351442)
- mozilla-firefox <unfixed> (bug #351442)
- mozilla-thunderbird <unfixed>
+ - thunderbird 1.5.0.2-1
CVE-2006-0294 (Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running
Javascript ...)
- firefox 1.5.dfsg+1.5.0.1-1 (bug #351442)
- mozilla-firefox <not-affected> (Only Firefox 1.5 is affected)
- mozilla <not-affected> (Mozilla 1.7 is not affected)
- mozilla-thunderbird <unfixed>
+ - thunderbird 1.5.0.2-1
CVE-2006-0293 (The function allocation code (js_NewFunction in jsfun.c) in
Firefox ...)
{DSA-1046-1}
- firefox 1.5.dfsg+1.5.0.1-1 (bug #351442)
@@ -4169,6 +4177,7 @@
- firefox 1.5.dfsg+1.5.0.1-1 (bug #351442)
- mozilla-firefox <unfixed> (bug #351442)
- mozilla-thunderbird <unfixed>
+ - thunderbird 1.5.0.2-1
CVE-2006-0291 (Multiple unspecified vulnerabilities in Oracle Database Server
...)
NOT-FOR-US: Oracle
CVE-2006-0290 (Unspecified vulnerability in Oracle Database Server 9.2.0.7,
...)
@@ -15873,6 +15882,7 @@
{DSA-1046-1}
- mozilla-thunderbird 1.0.6-1 (bug #306893; low)
- firefox 1.5.dfsg+1.5.0.2-1
+ - thunderbird 1.5.0.2-1
CVE-2005-XXXX [Directory traversal in unzoo]
- unzoo 4.4-4
CVE-2005-XXXX [Logging bypassing through SIGHUP in syslog-ng]