Author: micah Date: 2006-02-19 19:09:29 +0000 (Sun, 19 Feb 2006) New Revision: 3510 Modified: data/CVE/list Log: Some NFUs and two libpam-mysql issues Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-02-19 18:47:30 UTC (rev 3509) +++ data/CVE/list 2006-02-19 19:09:29 UTC (rev 3510) @@ -113,7 +113,8 @@ CVE-2006-0682 (Multiple cross-site scripting (XSS) vulnerabilities in bbcodes system ...) NOT-FOR-US: e107 CVE-2006-0681 (Format string vulnerability in powerd.c in Power Daemon (powerd) 2.0.2 ...) - TODO: check + NOT-FOR-US: powerd + NOTE: powerd supposedly normally comes with sysvinit, but not in debian CVE-2006-0680 (Unspecified vulnerability in WebGUI before 6.8.6-gamma allows remote ...) NOT-FOR-US: WebGUI CVE-2006-0679 @@ -218,7 +219,7 @@ CVE-2005-4714 (Format string vulnerability in the vmps_log function in OpenVMPS (VLAN ...) NOT-FOR-US: OpenVMPS CVE-2005-4713 (Unspecified vulnerability in the SQL logging facility in PAM-MySQL ...) - TODO: check + - libpam-mysql <unfixed> (bug #353589; high) CVE-2005-4712 (CRLF injection vulnerability in process_signup.php in PHP Handicapper ...) NOT-FOR-US: Handicapper CVE-2006-XXXX [imagemagick''s display(1) deletes arbitrary files] @@ -1780,7 +1781,7 @@ CVE-2006-0057 (Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers ...) NOT-FOR-US: Windows CVE-2006-0056 (Double-free vulnerability in the authentication and authentication ...) - TODO: check + - libpam-mysql <unfixed> (bug #353589; high) CVE-2006-0055 (The ispell_op function in ee on FreeBSD 4.10 to 6.0 uses predictable ...) - ee <unfixed> (bug #348322) NOTE: Sarge and Woody are affected