Secure testing commits - Mar 2006 - r3649 - data/CVE

Author: jmm-guest
Date: 2006-03-20 15:22:55 +0000 (Mon, 20 Mar 2006)
New Revision: 3649

Modified:
   data/CVE/list
Log:
new x.org local root


Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-03-20 13:35:29 UTC (rev 3648)
+++ data/CVE/list	2006-03-20 15:22:55 UTC (rev 3649)
@@ -35,9 +35,9 @@
 CVE-2006-1281 (Cross-site scripting (XSS) in member.php in MyBulletinBoard
(MyBB) ...)
 	TODO: check
 CVE-2006-1280 (CGI::Session 4.03-1 does not set proper permissions on temporary
files ...)
-	TODO: check
+	- libcgi-session-perl 4.07-1
 CVE-2006-1279 (CGI::Session 4.03-1 allows local users to overwrite arbitrary
files ...)
-	TODO: check
+	- libcgi-session-perl 4.07-1
 CVE-2006-1278 (SQL injection vulnerability in @1 File Store 2006.03.07 allows
remote ...)
 	TODO: check
 CVE-2006-1277 (Cross-site scripting (XSS) vulnerability in signup.php in @1
File ...)
@@ -93,7 +93,7 @@
 CVE-2006-1252 (Eval injection vulnerability in cal.php in Light Weight Calendar
(LWC) ...)
 	TODO: check
 CVE-2006-1251 (greylistclean.cron in sa-exim 4.2 allows remote attackers to
delete ...)
-	TODO: check
+	- sa-exim <unfixed> (bug #345071)
 CVE-2006-1250 (Unspecified vulnerability in the Webmail module in Winmail
before 4.3 ...)
 	TODO: check
 CVE-2006-1249 (** UNVERIFIABLE, PRERELEASE ** ...)
@@ -136,8 +136,6 @@
 	TODO: check
 CVE-2005-XXXX [xsupplicant information leak]
 	- xsupplicant 1.0.1-5 (bug #317703; low)
-CVE-2006-XXXX [Multiple issues in libcgi-session-perl]
-	- libcgi-session-perl 4.07-1
 CVE-2006-1244 (Unspecified vulnerability in certain versions of xpdf after
3.00, as ...)
 	- xpdf <not-affected> (All issues previously fixed)
 	NOTE: Discussion has shown that the revamp patch doesn''t fix new
vulnerabilities
@@ -1213,8 +1211,10 @@
 	{DSA-1008-1}
 	- kdegraphics 3.5.0-3
 	NOTE: Only affected the 3.3.2 KDE backport
-CVE-2006-0745
+CVE-2006-0745 [local root exploit in x.org]
 	RESERVED
+	- xorg-x11 <unfixed>
+	- xfree86 <not-affected>
 CVE-2006-0744
 	RESERVED
 CVE-2006-0743 (Format string vulnerability in LocalSyslogAppender in Apache
log4net ...)