Secure testing commits - Jan 2006 - r3386 - data/CVE

Author: jmm-guest
Date: 2006-01-29 20:14:28 +0000 (Sun, 29 Jan 2006)
New Revision: 3386

Modified:
   data/CVE/list
Log:
lots of NFUs
new unzip issue


Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-01-28 17:46:02 UTC (rev 3385)
+++ data/CVE/list	2006-01-29 20:14:28 UTC (rev 3386)
@@ -1,47 +1,48 @@
-begin claimed by jmm
 CVE-2006-0433
 	RESERVED
 CVE-2006-0432 (Unspecified vulnerability in BEA WebLogic Server and WebLogic
Express ...)
-	TODO: check
+	NOT-FOR-US: BEA WebLogic
 CVE-2006-0431 (Unspecified vulnerability in BEA WebLogic Server and WebLogic
Express ...)
-	TODO: check
+	NOT-FOR-US: BEA WebLogic
 CVE-2006-0430 (Certain configurations of BEA WebLogic Server and WebLogic
Express ...)
-	TODO: check
+	NOT-FOR-US: BEA WebLogic
 CVE-2006-0429 (BEA WebLogic Server and WebLogic Express 9.0 causes new security
...)
-	TODO: check
+	NOT-FOR-US: BEA WebLogic
 CVE-2006-0428 (Unspecified vulnerability in BEA WebLogic Portal 8.1 SP3 through
SP5, ...)
-	TODO: check
+	NOT-FOR-US: BEA WebLogic
 CVE-2006-0427 (Unspecified vulnerability in BEA WebLogic Server and WebLogic
Express ...)
-	TODO: check
+	NOT-FOR-US: BEA WebLogic
 CVE-2006-0426 (BEA WebLogic Server and WebLogic Express 8.1 through SP4, when
...)
-	TODO: check
+	NOT-FOR-US: BEA WebLogic
 CVE-2006-0425 (BEA WebLogic Portal 8.1 through SP4 allows remote attackers to
obtain ...)
-	TODO: check
+	NOT-FOR-US: BEA WebLogic
 CVE-2006-0424 (BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0
through ...)
-	TODO: check
+	NOT-FOR-US: BEA WebLogic
 CVE-2006-0423 (BEA WebLogic Portal 8.1 through SP3 stores the password for the
RDBMS ...)
-	TODO: check
+	NOT-FOR-US: BEA WebLogic
 CVE-2006-0422 (Multiple unspecified vulnerabilities in BEA WebLogic Server and
...)
-	TODO: check
+	NOT-FOR-US: BEA WebLogic
 CVE-2006-0421 (By design, BEA WebLogic Server and WebLogic Express 7.0 and 6.1,
when ...)
-	TODO: check
+	NOT-FOR-US: BEA WebLogic
 CVE-2006-0420 (BEA WebLogic Server and WebLogic Express 8.1 through SP4 and 7.0
...)
-	TODO: check
+	NOT-FOR-US: BEA WebLogic
 CVE-2006-0419 (BEA WebLogic Server and WebLogic Express 9.0, 8.1 through SP5,
and 7.0 ...)
-	TODO: check
+	NOT-FOR-US: BEA WebLogic
 CVE-2005-4667 (Buffer overflow in UnZip 5.50 and earlier allows local users to
...)
-	TODO: check
+	- unzip <unfixed> (medium; bug #349794)
+	NOTE: The scope of this issue is currently unclear, medium for now, but might
be
+	NOTE: less severe
 CVE-2006-0418 (Eval injection vulnerability in 123 Flash Chat Server 5.0 and
5.1 ...)
-	TODO: check
+	NOT-FOR-US: 123 Flash Chat Server
 CVE-2006-0417 (SQL injection vulnerability in login.php in miniBloggie 1.0 and
...)
-	TODO: check
+	NOT-FOR-US: miniBloggie
 CVE-2006-0416 (SleeperChat 0.3f an earlier allows remote attackers to bypass
...)
-	TODO: check
+	NOT-FOR-US: SleeperChat
 CVE-2006-0415 (Cross-site scripting (XSS) vulnerability in index.php in
SleeperChat ...)
-	TODO: check
-end claimed by jmm
+	NOT-FOR-US: SleeperChat
 CVE-2006-0414 (Tor 0.1.1.10-alpha and earlier allows remote attackers to
identify ...)
 	- tor <unfixed> (bug #349283)
+begin claimed by jmm
 CVE-2006-0413 (Multiple SQL injection vulnerabilities in index.php in NewsPHP
allow ...)
 	TODO: check
 CVE-2006-0412 (SQL injection vulnerability in CyberShop allows remote attackers
to ...)
@@ -132,6 +133,7 @@
 	TODO: check
 CVE-2006-0369 (** DISPUTED ** ...)
 	TODO: check
+end claimed by jmm
 CVE-2006-0368 (Cisco CallManager 3.2 and earlier, 3.3 before 3.3(5)SR1, 4.0
before ...)
 	NOT-FOR-US: Cisco CallManager
 CVE-2006-0367 (Unspecified vulnerability in Cisco CallManager 3.2 and earlier,
3.3 ...)