Author: jmm-guest
Date: 2006-02-05 19:03:49 +0000 (Sun, 05 Feb 2006)
New Revision: 3429
Modified:
data/CVE/list
Log:
updates on CVE-2005-2096
new firefox issue
kfreebsd issue
some NFUs
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-02-05 13:29:08 UTC (rev 3428)
+++ data/CVE/list 2006-02-05 19:03:49 UTC (rev 3429)
@@ -81,11 +81,13 @@
CVE-2006-0497 (Multiple SQL injection vulnerabilities in PHP GEN before 1.4
allow ...)
TODO: check
CVE-2006-0496 (Cross-site scripting (XSS) vulnerability in Mozilla 1.7.12 and
...)
- TODO: check
+ - firefox <unfixed> (bug #349339)
+ - mozilla-firefox <unfixed> (bug #349339)
+ - mozilla <unfixed>
CVE-2006-0495 (Cross-site scripting (XSS) vulnerability in the Add Thread to
...)
TODO: check
CVE-2006-0494 (Directory traversal vulnerability in MyBB (aka MyBulletinBoard)
1.02 ...)
- TODO: check
+ NOT-FOR-US: MyBB
CVE-2006-0493 (Cross-site scripting (XSS) vulnerability in MG2 (formerly known
as ...)
TODO: check
CVE-2006-0492 (Multiple SQL injection vulnerabilities in Calendarix allow
remote ...)
@@ -101,13 +103,13 @@
CVE-2006-0487 (Multiple unspecified vulnerabilities in Tumbleweed MailGate
Email ...)
TODO: check
CVE-2006-0486 (Certain Cisco IOS releases in 12.2S based trains with
maintenance ...)
- TODO: check
+ NOT-FOR-US: IOS
CVE-2006-0485 (The TCL shell in Cisco IOS 12.2(14)S before 12.2(14)S16,
12.2(18)S ...)
- TODO: check
+ NOT-FOR-US: IOS
CVE-2006-0484 (Directory traversal vulnerability in Vis.pl, as part of the FACE
...)
TODO: check
CVE-2006-0483 (Cisco VPN 3000 series concentrators running software 4.7.0
through ...)
- TODO: check
+ NOT-FOR-US: Cisco VPN 3000
CVE-2006-0482 (Linux kernel 2.6.15.1 and earlier, when running on SPARC ...)
- linux-2.6 2.6.15-4
CVE-2006-0481 (Heap-based buffer overflow in the alpha strip capability in
libpng ...)
@@ -295,7 +297,7 @@
CVE-2005-4668 (The embedded HSQLDB in ParosProxy before 3.2.7, when running
with JDK ...)
NOT-FOR-US: ParoxProxy
CVE-2006-0433 (Selective Acknowledgement (SACK) in FreeBSD 5.3 and 5.4 does not
...)
- TODO: check
+ - kfreebsd-5 5.4-13
CVE-2006-0432 (Unspecified vulnerability in BEA WebLogic Server and WebLogic
Express ...)
NOT-FOR-US: BEA WebLogic
CVE-2006-0431 (Unspecified vulnerability in BEA WebLogic Server and WebLogic
Express ...)
@@ -9198,10 +9200,13 @@
{DSA-936-1 DSA-780-1 DTSA-28-1}
- kdegraphics 4:3.4.2-1 (bug #322458; low)
- xpdf 3.00-15 (bug #322462; low)
- - tetex-bin <not-affected> (pdftex doesn''t include or use the
vulnerable code)
+ [woody] - tetex-bin <not-affected> (pdftex doesn''t include or
use the vulnerable code)
+ - tetex-bin <unfixed>
+ TODO: Check, when sid was fixed for this
- gpdf <unfixed> (bug #334454; low)
- NOTE: only affects cupsys source package, not used in binary
- - cupsys 1.1.23-13 (bug #324464; unimportant)
+ NOTE: Cups switched to xpdf-utils
+ - cupsys 1.1.22-7
+ [woody] - cupsys <not-affected> (Vulnerable code not present)
- poppler 0.4.0-1 (low)
- libextractor 0.5.8-1 (medium)
CVE-2005-2096 (zlib 1.2 and later versions allows remote attackers to cause a
denial ...)