Author: jmm-guest Date: 2006-02-05 20:59:16 +0000 (Sun, 05 Feb 2006) New Revision: 3430 Modified: data/CVE/list Log: new png und git issues gaim-enc CVEfied itp for pmwiki issue bugnums Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-02-05 19:03:49 UTC (rev 3429) +++ data/CVE/list 2006-02-05 20:59:16 UTC (rev 3430) @@ -113,15 +113,17 @@ CVE-2006-0482 (Linux kernel 2.6.15.1 and earlier, when running on SPARC ...) - linux-2.6 2.6.15-4 CVE-2006-0481 (Heap-based buffer overflow in the alpha strip capability in libpng ...) - TODO: check + - libpng 1.2.8rel-3 + [sarge] - libpng3 1.2.8rel-1 + NOTE: Woody yet unclear CVE-2006-0480 (Cross-site scripting (XSS) vulnerability in the Articles module in ...) TODO: check CVE-2006-0479 (pmwiki.php in PmWiki 2.1 beta 20, with register_globals enabled, ...) - TODO: check + - pmwiki <itp> (bug #330117) CVE-2006-0478 (CRE Loaded 6.15 allows remote attackers to perform privileged actions, ...) TODO: check CVE-2006-0477 (Buffer overflow in git-checkout-index in GIT before 1.1.5 allows ...) - TODO: check + - git-core 1.1.5-1 (bug #350274) CVE-2006-0476 (Buffer overflow in Nullsoft Winamp 5.12 allows remote attackers to ...) TODO: check CVE-2006-0475 (PHP-Ping 1.3 does not properly validate ping counts, which allows ...) @@ -169,7 +171,7 @@ CVE-2005-4694 (Unspecified vulnerability in the www_add method in Asset.pm in Plain ...) TODO: check CVE-2005-4693 (Gaim-Encryption 2.38-1 on Debian Linux allows remote attackers to ...) - TODO: check + - gaim-encryption <unfixed> (bug #337127) CVE-2005-4692 (Unspecified vulnerability in mroovca stats (mroovcastats) before ...) TODO: check CVE-2005-4691 (imake in NetBSD before 2.0.3, NetBSD-current before 12 September 2005, ...) @@ -3284,8 +3286,6 @@ CVE-2003-XXXX [Insecure tempfile in x-face-el] - x-face-el 1.3.6.23-1 NOTE: DSA-340 -CVE-2005-XXXX [potential dos against gaim-encryption] - - gaim-encryption <unfixed> (bug #337127) CVE-2005-3781 (Unspecified vulnerability in in.named in Solaris 9 allows attackers to ...) NOT-FOR-US: Solaris CVE-2005-3780 (Multiple buffer overflows in IPUpdate 1.1 might allow attackers to ...) @@ -4662,7 +4662,7 @@ - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11) TODO: check 2.4 CVE-2005-3357 (mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost ...) - - apache2 2.0.55-4 + - apache2 2.0.55-4 (bug #351246) CVE-2005-3356 (The mq_open system call in Linux kernel 2.6.9, in certain situations, ...) - linux-2.6 2.6.15-4 CVE-2005-3355 (Directory traversal vulnerability in GNU Gnump3d before 2.9.8 has ...) @@ -4679,7 +4679,7 @@ - php5 5.1.1-1 (bug #336654; medium) CVE-2005-3352 (Cross-site scripting (XSS) vulnerability in the mod_imap module of ...) - apache 1.3.34-2 (bug #343466; low) - - apache2 2.0.55-4 (bug #343467; low) + - apache2 2.0.55-4 (bug #343467; bug #349793; low) NOTE: Version(s): prior to 1.3.35-dev, 2.0.56-dev are affected NOTE: Means oldstable and stable are affected CVE-2005-3351 (SpamAssassin 3.0.4 allows attackers to bypass spam detection via an ...)