thr3ads.net - Secure testing commits - [Secure-testing-commits] r3655

If this information is useful, please help other people find it:
Share via:
Joey Hess
2006-Mar-21 09:15 UTC
[Secure-testing-commits] r3655 - data/CVE

Author: joeyh
Date: 2006-03-21 09:14:27 +0000 (Tue, 21 Mar 2006)
New Revision: 3655

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-03-21 08:57:53 UTC (rev 3654)
+++ data/CVE/list	2006-03-21 09:14:27 UTC (rev 3655)
@@ -1,3 +1,83 @@
+CVE-2006-1341 (SQL injection vulnerability in events.php in Maian Events 1.0
allows ...)
+	TODO: check
+CVE-2006-1340 (CuteNews 1.4.1 and possibly other versions allows remote
attackers to ...)
+	TODO: check
+CVE-2006-1339 (Directory traversal vulnerability in inc/functions.inc.php in
CuteNews ...)
+	TODO: check
+CVE-2006-1338 (Webmail in MailEnable Professional Edition before 1.73 and
Enterprise ...)
+	TODO: check
+CVE-2006-1337 (Unspecified vulnerability in the POP service in MailEnable
Standard ...)
+	TODO: check
+CVE-2006-1336 (Cross-site scripting vulnerability in calendar.php in
ExtCalendar 1.0 ...)
+	TODO: check
+CVE-2006-1335 (gnome screensaver before 2.14, when running on an X server with
...)
+	TODO: check
+CVE-2006-1334 (Multiple SQL injection vulnerabilities in Maian Weblog 2.0 allow
...)
+	TODO: check
+CVE-2006-1333 (Multpile SQL injection vulnerabilities in BetaParticle Blog 6.0
and ...)
+	TODO: check
+CVE-2006-1332 (Noah''s Classifieds 1.3 and earlier allows remote
attackers to obtain ...)
+	TODO: check
+CVE-2006-1331 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
in ...)
+	TODO: check
+CVE-2006-1330 (Multiple SQL injection vulnerabilities in phpWebsite allow
remote ...)
+	TODO: check
+CVE-2006-1329 (The SASL negotiation in Jabber Studio jabberd before 2.0s11
allows ...)
+	TODO: check
+CVE-2006-1328 (SQL injection vulnerability in count.php in Skull-Splitter PHP
...)
+	TODO: check
+CVE-2006-1327 (SQL injection vulnerability in reg.php in SoftBB 0.1 allows
remote ...)
+	TODO: check
+CVE-2006-1326 (Multiple cross-site scripting (XSS) vulnerabilities in Invision
Power ...)
+	TODO: check
+CVE-2006-1325 (Cross-site scripting (XSS) vulnerability in Streber 0.055 allows
...)
+	TODO: check
+CVE-2006-1324 (Cross-site scripting (XSS) vulnerability in
acp/lib/class_db_mysql.php ...)
+	TODO: check
+CVE-2006-1323 (Directory traversal vulnerability in WinHKI 1.6 and earlier
allows ...)
+	TODO: check
+CVE-2006-1322 (Novell Netware NWFTPD 5.06.05 allows remote attackers to cause a
...)
+	TODO: check
+CVE-2006-1318
+	RESERVED
+CVE-2006-1317
+	RESERVED
+CVE-2006-1316
+	RESERVED
+CVE-2006-1315
+	RESERVED
+CVE-2006-1314
+	RESERVED
+CVE-2006-1313
+	RESERVED
+CVE-2006-1312
+	RESERVED
+CVE-2006-1311
+	RESERVED
+CVE-2006-1310
+	RESERVED
+CVE-2006-1309
+	RESERVED
+CVE-2006-1308
+	RESERVED
+CVE-2006-1307
+	RESERVED
+CVE-2006-1306
+	RESERVED
+CVE-2006-1305
+	RESERVED
+CVE-2006-1304
+	RESERVED
+CVE-2006-1303
+	RESERVED
+CVE-2006-1302
+	RESERVED
+CVE-2006-1301
+	RESERVED
+CVE-2006-1300
+	RESERVED
+CVE-2006-1299
+	RESERVED
 CVE-2006-1298 (Format string vulnerability in the Job Engine service
(bengine.exe) in ...)
 	TODO: check
 CVE-2006-1297 (Unspecified vulnerability in Veritas Backup Exec for Windows
Server ...)
@@ -534,8 +614,7 @@
 CVE-2006-1062 (Unspecified vulnerability in lurker.cgi for Lurker 2.0 and
earlier ...)
 	{DSA-999-1}
 	- lurker 2.1-1
-CVE-2006-1061 [curl tftp buffer overflow]
-	RESERVED
+CVE-2006-1061 (Heap-based buffer overflow in cURL and libcURL 7.15.0 through
7.15.2 ...)
 	- curl 7.15.3-1 
 	[woody] - curl <not-affected> (Vulnerable code not present)
 	[sarge] - curl <not-affected> (Vulnerable code not present)
@@ -563,7 +642,7 @@
 	TODO: check
 CVE-2005-4728 (Untrusted search path vulnerability (RPATH) in amaya 9.2.1 on
Debian ...)
 	- amaya 9.4-1 (bug #341424)
-CVE-2006-1319 [runit local privilege escalation]
+CVE-2006-1319 (chpst in runit 1.3.3-1 for Debian GNU/Linux, when compiled on
little ...)
 	- runit <unfixed> (bug #356016; medium)
 	[sarge] - runit <not-affected>
 CVE-2006-1049 (Multiple SQL injection vulnerabilities in Joomla! 1.0.7 and
earlier ...)
@@ -799,13 +878,13 @@
 	TODO: check
 CVE-2006-0938 (Cross-site scripting (XSS) vulnerability in eZ publish 3.7.3 and
...)
 	TODO: check
-CVE-2006-1320 [minor bypass of rssh sanitising]
+CVE-2006-1320 (util.c in rssh 2.3.0 in Debian GNU/Linux does not use braces to
make a ...)
 	- rssh 2.3.0-1.1 (bug #346322; low)
 	[sarge] - rssh <not-affected> (Problem has been introduced in 2.3.0)
 CVE-2006-XXXX [buffer overflow in netcat example]
 	- netcat 1.10-31 (bug #352369; unimportant)
 	NOTE: Only an example, not in the binary package
-CVE-2006-1321 [webcheck XSS]
+CVE-2006-1321 (Cross-site scripting (XSS) vulnerability in webcheck before
1.9.6 ...)
 	- webcheck 1.9.6
 CVE-2006-0937 (U.N.U. Mailgust 1.9 allows remote attackers to obtain sensitive
...)
 	TODO: check
@@ -1212,8 +1291,7 @@
 	{DSA-1008-1}
 	- kdegraphics 3.5.0-3
 	NOTE: Only affected the 3.3.2 KDE backport
-CVE-2006-0745 [local root exploit in x.org]
-	RESERVED
+CVE-2006-0745 (X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and
X11R7.0 ...)
 	- xorg-x11 <unfixed>
 	- xfree86 <not-affected>
 CVE-2006-0744
@@ -1728,7 +1806,7 @@
 	NOT-FOR-US: CA Message Queuing
 	NOTE: CA Message Queuing is embeded in a lot of products, but they all seem
 	NOTE: to be commercial products (see list in referenced URL)
-CVE-2006-0528 (GNOME Evolution allows remote attackers to cause a denial of
service ...)
+CVE-2006-0528 (The cairo library (libcairo), as used in GNOME Evolution and
possibly ...)
 	- evolution 2.2.3-4 (low)
 	[sarge] - evolution <not-affected> (Vulnerability was apparantly
introduced in 2.3.1)
 	[woody] - evolution <not-affected> (Vulnerability was apparantly
introduced in 2.3.1)
@@ -2067,6 +2145,7 @@
 CVE-2006-0419 (BEA WebLogic Server and WebLogic Express 9.0, 8.1 through SP5,
and 7.0 ...)
 	NOT-FOR-US: BEA WebLogic
 CVE-2005-4667 (Buffer overflow in UnZip 5.50 and earlier allows user-complicit
...)
+	{DSA-1012-1}
 	- unzip 5.52-7 (low; bug #349794)
 CVE-2006-0418 (Eval injection vulnerability in 123 Flash Chat Server 5.0 and
5.1 ...)
 	NOT-FOR-US: 123 Flash Chat Server
@@ -3651,9 +3730,11 @@
 	- fetchmail 6.3.1-1 (bug #343836; bug #345944; low)
 CVE-2005-4418 [Default policy in util-vserver prior to 0.30.208 trusted unknown
capabilities]
 	RESERVED
+	{DSA-1011-1}
 	- util-vserver 0.30.208-1
 CVE-2005-4347 [Improper barrier code allows for chroot escape]
 	RESERVED
+	{DSA-1011-1}
 	- util-vserver 0.30.208-1 (bug #329090; medium)
 	- kernel-patch-vserver 2.3 (bug #329087; medium)
 	NOTE: both util-vserver and the kernel-patch-vserver need to be upgraded to
fix this vulnerability
Secure testing commits - Mar 2006 - r3655 - data/CVE

[Secure-testing-commits] r3655 - data/CVE
