Author: jmm-guest Date: 2006-03-17 10:55:24 +0000 (Fri, 17 Mar 2006) New Revision: 3635 Modified: data/CVE/list Log: potential new kernel issue NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-03-17 10:31:56 UTC (rev 3634) +++ data/CVE/list 2006-03-17 10:55:24 UTC (rev 3635) @@ -3,33 +3,36 @@ CVE-2006-XXXX [Multiple issues in libcgi-session-perl] - libcgi-session-perl 4.07-1 CVE-2006-1244 (Unspecified vulnerability in certain versions of xpdf after 3.00, as ...) - TODO: check + - xpdf <not-affected> (All issues previously fixed) + NOTE: Discussion has shown that the revamp patch doesn''t fix new vulnerabilities CVE-2006-1243 (Directory traversal vulnerability in install05.php in Simple PHP Blog ...) - TODO: check + NOT-FOR-US: Simple PHP Blog CVE-2006-1242 (Certain Linux 2.4 and 2.6 kernels increment the IP ID field after ...) - TODO: check + - linux-2.6 <unfixed> + NOTE: Possibly junk CVE-2006-1241 (Firebird 1.5.2.4731 installs (1) fb_lock_mgr, (2) gds_drop, and (3) ...) - firebird2 <not-affected> (Not setuid in Debian) CVE-2006-1240 (Buffer overflow in inet_server.cpp in (1) fb_inet_server and (2) ...) - firebird2 <not-affected> (Not setuid in Debian) CVE-2006-1239 (Cross-site scripting (XSS) vulnerability in issue/createissue.aspx in ...) - TODO: check + NOT-FOR-US: Gemini CVE-2006-1238 (SQL injection vulnerability in DSLogin 1.0, with magic_quotes_gpc ...) - TODO: check + NOT-FOR-US: DSLogin CVE-2006-1237 (Multiple SQL injection vulnerabilities in DSNewsletter 1.0, with ...) - TODO: check + NOT-FOR-US: DSNewsletter CVE-2005-4731 (The Next action in PEAR HTML_QuickForm_Controller 1.0.4 includes the ...) - TODO: check + NOT-FOR-US: PEAR HTML_QuickForm_Controller CVE-2000-1239 (The HTTP interface of Tivoli Lightweight Client Framework (LCF) in IBM ...) - TODO: check + NOT-FOR-US: Tivoli CVE-2006-1236 (Buffer overflow in the SetUp function in socket/request.c in CrossFire ...) - crossfire 1.9.0-2 (medium) CVE-2006-1235 (Directory traversal vulnerability in admin/deleteuser.php in HitHost ...) - TODO: check + NOT-FOR-US: HitHost CVE-2006-1234 (SQL injection vulnerability in index.php in DSCounter 1.2, with ...) - TODO: check + NOT-FOR-US: DSCounter CVE-2006-1233 (Multiple cross-site scripting (XSS) vulnerabilities in WMNews allow ...) - TODO: check + NOT-FOR-US: WMNews +begin claimed by jmm CVE-2006-1232 (Multiple SQL injection vulnerabilities in DSDownload 1.0, with ...) TODO: check CVE-2006-1231 (CAPI4HylaFAX 1.3, when compiled with GENERATE_DEBUGSFFDATAFILE set, ...) @@ -80,6 +83,7 @@ TODO: check CVE-2006-1210 (The web interface for IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 ...) TODO: check +end claimed by jmm CVE-2006-1209 (PHP Advanced Transfer Manager 1.00 through 1.30 stores sensitive ...) TODO: check CVE-2006-1208 (Sergey Korostel PHP Upload Center allows remote attackers to execute ...) @@ -1923,8 +1927,7 @@ CVE-2006-0419 (BEA WebLogic Server and WebLogic Express 9.0, 8.1 through SP5, and 7.0 ...) NOT-FOR-US: BEA WebLogic CVE-2005-4667 (Buffer overflow in UnZip 5.50 and earlier allows user-complicit ...) - - unzip 5.52-7 (unimportant; bug #349794) - NOTE: Overflow can only be triggered, not setuid + - unzip 5.52-7 (low; bug #349794) CVE-2006-0418 (Eval injection vulnerability in 123 Flash Chat Server 5.0 and 5.1 ...) NOT-FOR-US: 123 Flash Chat Server CVE-2006-0417 (SQL injection vulnerability in login.php in miniBloggie 1.0 and ...)