Author: jmm-guest
Date: 2006-04-13 07:35:31 +0000 (Thu, 13 Apr 2006)
New Revision: 3792
Modified:
data/CVE/list
Log:
new mailman issue
remove openvpn tmp entry
note issue a non-issue
clamav-getfiles issue doesn''t affect sarge
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-04-13 06:29:38 UTC (rev 3791)
+++ data/CVE/list 2006-04-13 07:35:31 UTC (rev 3792)
@@ -1,3 +1,8 @@
+CVE-2006-1712 [Mailman XSS]
+ - mailman <unfixed>
+ [sarge] - mailman <not-affected> (Only affects Mailman 2.17)
+CVE-2006-1711 [plone data manipulation]
+ - zope-cmfplone 2.1.2-2
CVE-2006-1709 (Cross-site scripting (XSS) vulnerability in shop_main.cgi in
...)
TODO: check
CVE-2006-1708 (SQL injection vulnerability in member.php in Clansys 1.1 allows
remote ...)
@@ -266,8 +271,6 @@
TODO: check
CVE-2002-2210 (The installation of OpenOffice 1.0.1 allows local users to
overwrite ...)
TODO: check
-CVE-2006-XXXX [openvpn missing setenv sanitising]
- - openvpn 2.0.6-1 (bug #360559; medium)
CVE-2006-1614 (Integer overflow in the cli_scanpe function in the PE header
parser ...)
{DSA-1024-1}
- clamav 0.88.1-1
@@ -7075,7 +7078,9 @@
{DSA-891-1}
- gpsdrive 2.09-2sarge1 (bug #337495; medium)
CVE-2005-XXXX [Insecure temp files in note]
- - note 1.3.1-3 (bug #337492; low)
+ - note 1.3.1-3 (bug #337492; unimportant)
+ NOTE: Second issue not shipped in binary, only example, first issue not
sufficiently
+ NOTE: predictable for a real world attack
CVE-2005-3500 (The tnef_attachment function in tnef.c for Clam AntiVirus
(ClamAV) ...)
{DSA-887-1 DTSA-21-1}
- clamav 0.87.1-1 (medium)
@@ -10357,7 +10362,7 @@
- fftw3 3.0.1-12 (low; bug #321566)
CVE-2005-XXXX [clamav-getfile: Insecure use of temporary files]
- clamav-getfiles 0.5-1 (bug #321446; medium)
- NOTE: Sarge is affected
+ [sarge] - clamav-getfiles <not-affected> (Sarge version uses mktemp)
CVE-2005-3254 (The CGIwrap program before 3.9 on Debian GNU/Linux uses an
incorrect ...)
{DTSA-6-1}
- cgiwrap 3.9-3.1 (bug #316881; low)