Secure testing commits - Mar 2006 - r3685 - data/CVE

Author: jmm-guest
Date: 2006-03-24 14:08:20 +0000 (Fri, 24 Mar 2006)
New Revision: 3685

Modified:
   data/CVE/list
Log:
new wordpress issue (fixed)
new minor zoo issue (unfixed, probably won''t get fixed in stable)
NFUs


Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-03-24 13:45:39 UTC (rev 3684)
+++ data/CVE/list	2006-03-24 14:08:20 UTC (rev 3685)
@@ -197,42 +197,41 @@
 	- libcgi-session-perl 4.07-1
 CVE-2006-1279 (CGI::Session 4.03-1 allows local users to overwrite arbitrary
files ...)
 	- libcgi-session-perl 4.07-1
-begin claimed by jmm
 CVE-2006-1278 (SQL injection vulnerability in @1 File Store 2006.03.07 allows
remote ...)
-	TODO: check
+	NOT-FOR-US: @1 File Store
 CVE-2006-1277 (Cross-site scripting (XSS) vulnerability in signup.php in @1
File ...)
-	TODO: check
+	NOT-FOR-US: @1 File Store
 CVE-2006-1276 (admin.php in Himpfen Consulting Company PHP SimpleNEWS 1.0.0
allows ...)
-	TODO: check
+	NOT-FOR-US: PHP SimpleNEWS
 CVE-2006-1275 (GGZ Gaming Zone 0.0.12 allows remote attackers to cause a denial
of ...)
-	TODO: check
+	NOT-FOR-US: GGZ Gaming Zone
 CVE-2006-1274 (Classic Planer in AntiVir PersonalEdition Classic 7 does not
drop ...)
-	TODO: check
+	NOT-FOR-US: Antivir
 CVE-2006-1273 (** DISPUTED ** ...)
-	TODO: check
+	NOT-FOR-US: Reportedly problem with a firefox addon
 CVE-2006-1272 (Multiple cross-site scripting (XSS) vulnerabilities in
member.php in ...)
-	TODO: check
+	NOT-FOR-US: MyBB
 CVE-2006-1271 (SQL injection vulnerability in index.php in OxyNews allows
remote ...)
-	TODO: check
+	NOT-FOR-US: OxyNews
 CVE-2006-1270 (Multiple cross-site scripting (XSS) vulnerabilities in zones.php
in ...)
-	TODO: check
+	NOT-FOR-US: Inprotect
 CVE-2006-1269 (Buffer overflow in the parse function in parse.c in zoo 2.10
might ...)
-	TODO: check
+	- zoo <unfixed> (low)
 CVE-2006-1268 (The Internet Key Exchange implementation in Funkwerk X2300 7.2.1
...)
-	TODO: check
+	NOT-FOR-US: Funkwerk X2300
 CVE-2006-1267 (Invision Power Board 2.1.4 allows remote attackers to hijack
sessions ...)
-	TODO: check
+	NOT-FOR-US: Invision Power Board
 CVE-2006-1266 (Cross-site scripting (XSS) vulnerability in Service_Requests.asp
in ...)
-	TODO: check
+	NOT-FOR-US: VPMi Enterprise  
 CVE-2006-1265 (SQL injection vulnerability in discussion.class.php in xhawk.net
...)
-	TODO: check
+	NOT-FOR-US: xhawk.net discussion
 CVE-2006-1264 (Cross-site scripting (XSS) vulnerability in xhawk.net discussion
2.0 ...)
-	TODO: check
+	NOT-FOR-US: xhawk.net discussion
 CVE-2006-1263 (Multiple cross-site scripting (XSS) vulnerabilities in WordPress
...)
-	TODO: check
+	- wordpress 2.0.2-1
 CVE-2006-1262 (Multiple SQL injection vulnerabilities in ASPPortal 3.00 have
unknown ...)
-	TODO: check
-end claimed by jmm
+	NOT-FOR-US: ASPPortal
+begin claimed by jmm
 CVE-2006-1261 (Multiple cross-site scripting (XSS) vulnerabilities in ASPPortal
3.00 ...)
 	TODO: check
 CVE-2006-1260 (Horde Application Framework 3.0.9 allows remote attackers to
read ...)
@@ -253,6 +252,7 @@
 	TODO: check
 CVE-2006-1252 (Eval injection vulnerability in cal.php in Light Weight Calendar
(LWC) ...)
 	TODO: check
+end claimed by jmm
 CVE-2006-1251 (greylistclean.cron in sa-exim 4.2 allows remote attackers to
delete ...)
 	- sa-exim 4.2.1-1 (bug #345071; bug #356301)
 CVE-2006-1250 (Unspecified vulnerability in the Webmail module in Winmail
before 4.3 ...)