thr3ads.net - Secure testing commits - [Secure-testing-commits] r3557

If this information is useful, please help other people find it:
Share via:

Moritz Muehlenhoff

2006-Mar-05 12:16 UTC

[Secure-testing-commits] r3557 - data/CVE

Author: jmm-guest
Date: 2006-03-05 12:15:52 +0000 (Sun, 05 Mar 2006)
New Revision: 3557

Modified:
   data/CVE/list
Log:
new minor rssh issue
bugzilla CVEfied


Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-03-05 12:05:57 UTC (rev 3556)
+++ data/CVE/list	2006-03-05 12:15:52 UTC (rev 3557)
@@ -1,3 +1,6 @@
+CVE-2006-XXXX [minor bypass of rssh sanitising]
+	- rssh <unfixed> (bug #346322; low)
+	[sarge] - rssh <not-affected> (Problem has been introduced in 2.3.0)
 CVE-2006-XXXX [buffer overflow in netcat example]
 	- netcat 1.10-30 (bug #352369; unimportant)
 	NOTE: Only an example, not in the binary package
@@ -50,11 +53,17 @@
 CVE-2006-0917 (Melange Chat Server (aka M-Chat), when accessed via a web
browser, ...)
 	TODO: check
 CVE-2006-0916 (Bugzilla 2.19.3 through 2.20 does not properly handle
&quot;//&quot; sequences ...)
-	TODO: check
+	- bugzilla <unfixed> (bug #354457)
+	[woody] - bugzilla <not-affected> (Only 2.17 and above are affected)
+	[sarge] - bugzilla <not-affected> (Only 2.17 and above are affected)
 CVE-2006-0915 (Bugzilla 2.16.10 does not properly handle certain characters in
the ...)
-	TODO: check
+	- bugzilla <unfixed> (bug #354457)
+	[woody] - bugzilla <not-affected> (Only 2.17 and above are affected)
+	[sarge] - bugzilla <not-affected> (Only 2.17 and above are affected)
 CVE-2006-0914 (Bugzilla 2.16.10, 2.17 through 2.18.4, and 2.20 do not properly
handle ...)
-	TODO: check
+	- bugzilla <unfixed> (bug #354457)
+	[woody] - bugzilla <not-affected> (Only 2.17 and above are affected)
+	[sarge] - bugzilla <not-affected> (Only 2.17 and above are affected)
 CVE-2006-0913 (SQL injection vulnerability in whineatnews.pl in Bugzilla 2.17
through ...)
 	TODO: check
 CVE-2006-0912 (Oreka before 0.5 allows remote attackers to cause a denial of
service ...)
@@ -269,10 +278,6 @@
 	TODO: check
 CVE-2004-2654 (The clientAbortBody function in client_side.c in Squid Web Proxy
Cache ...)
 	TODO: check
-CVE-2006-XXXX [three issues in bugzilla]
-	- bugzilla <unfixed> (bug #354457)
-	[woody] - bugzilla <not-affected> (Only 2.17 and above are affected)
-	[sarge] - bugzilla <not-affected> (Only 2.17 and above are affected)
 CVE-2006-XXXX [cherrypy2 information disclosure]
 	- cherrypy2 2.1.1-1 (bug #353542)
 CVE-2006-0811 (Cross-site scripting (XSS) vulnerability in reguser.php in Skate
Board ...)

Secure testing commits - Mar 2006 - r3557 - data/CVE

[Secure-testing-commits] r3557 - data/CVE