Author: jmm-guest Date: 2005-11-20 21:43:16 +0000 (Sun, 20 Nov 2005) New Revision: 2801 Modified: data/CVE/list Log: new issues in phpgroupware, one of which is actually quite old, TODOs should be processed quicker Modified: data/CVE/list ==================================================================--- data/CVE/list 2005-11-20 21:22:41 UTC (rev 2800) +++ data/CVE/list 2005-11-20 21:43:16 UTC (rev 2801) @@ -1,3 +1,5 @@ +CVE-2005-XXXX [Unspecified vulnerabilities in phpgroupware] + - phpgroupware <unfixed> (bug filed; unknown) CVE-2005-XXXX [Insecure tempfiles in libjpeg] - libjpeg6b <unfixed> (bug #340079; low) CVE-2006-0017 @@ -1158,7 +1160,6 @@ - linux-2.6 <not-affected> (fixed upstream in 2.6.6) [sarge] - kernel-source-2.6.8 <not-affected> (fixed upstream in 2.6.6) TODO: check 2.4.27 - NOTE: Was fixed upstream in 2.6.6 CVE-2004-2535 (The person-to-person secure messaging feature in Sticker before 3.1.0 ...) NOT-FOR-US: Sticker CVE-2004-2534 (Fastream NETFile Server 7.1.2 does not properly handle keep-alive ...) @@ -1525,7 +1526,7 @@ CVE-2005-3190 (Buffer overflow in Computer Associates (CA) iGateway 3.0 and 4.0 ...) NOT-FOR-US: iGateway CVE-2005-3189 (Directory traversal vulnerability in Qualcomm WorldMail IMAP Server ...) - TODO: check + NOT-FOR-US: Qualcomm WorldMail IMAP Server CVE-2005-3188 RESERVED CVE-2005-3187 @@ -1711,7 +1712,7 @@ CVE-2005-3117 REJECTED CVE-2005-3116 (Stack-based buffer overflow in a shared library as used by the Volume ...) - TODO: check + NOT-FOR-US: VERITAS Backup CVE-2005-3115 (mpeg-tools before 1.5b-r2 creates multiple temporary files insecurely, ...) NOT-FOR-US: mpeg-tools CVE-2005-3114 (Buffer overflow in the ActiveX control for NateOn Messenger ...) @@ -2069,7 +2070,6 @@ NOT-FOR-US: CuteNews CVE-2005-3008 (Tofu 0.2 allows remote attackers to execute arbitrary Python code via ...) NOT-FOR-US: Tofu - TODO: Please double-check, there''s a twisted, soya and other stuff, it''s all a wild mix CVE-2005-3007 (Opera before 8.50 allows remote attackers to spoof the content type of ...) NOT-FOR-US: Opera CVE-2005-3006 (The mail client in Opera before 8.50 opens attached files from the ...) @@ -2237,16 +2237,15 @@ CVE-2005-2941 RESERVED CVE-2005-2940 (Untrusted Windows search path vulnerability in Microsoft Antispyware ...) - TODO: check + NOT-FOR-US: Microsoft Antispyware CVE-2005-2939 (Untrusted Windows search path vulnerability in VMWare Workstation ...) - TODO: check + NOT-FOR-US: VMWare CVE-2005-2938 (Untrusted Windows search path vulnerability in iTunesHelper.exe in ...) - TODO: check + NOT-FOR-US: iTunes CVE-2005-2937 REJECTED - NOT-FOR-US: Kaspersky CVE-2005-2936 (Untrusted Windows search path vulnerability in RealNetworks RealPlayer ...) - TODO: check + NOT-FOR-US: Real Player CVE-2005-2935 (AntiSpywareMain.exe in Microsoft AntiSpyware does not quote the C ...) NOT-FOR-US: Microsoft AntiSpyware CVE-2005-2934 @@ -2593,7 +2592,8 @@ CVE-2005-2782 (PHP remote file inclusion vulnerability in al_initialize.php for ...) NOT-FOR-US: AutoLinks Pro CVE-2005-2781 (The Avatar upload feature in FUD Forum before 2.7.0 does not properly ...) - TODO: check, whether egroupware-fudforum and phpgroupware-fudforum are affected + - phpgroupware <unfixed> (bug filed; medium) + TODO: check, whether egroupware-fudforum is affected CVE-2005-2780 (Cross-site scripting (XSS) vulnerability in Land Down Under (LDU) ...) NOT-FOR-US: Land Down Under CVE-2005-2779 (The iTAN Online-Banking Security System allows remote attackers to ...)