Author: jmm-guest Date: 2006-04-23 14:21:01 +0000 (Sun, 23 Apr 2006) New Revision: 3862 Modified: data/CVE/list Log: new typo3 issue no-dsa Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-04-23 14:15:36 UTC (rev 3861) +++ data/CVE/list 2006-04-23 14:21:01 UTC (rev 3862) @@ -1,3 +1,5 @@ +CVE-2006-XXXX [typo3 mailforms can be abused to send spam] + - typo3-src <unfixed> (bug #364350) CVE-2006-XXXX [moinmoin XSS] - moin 1.5.3-1 CVE-2006-1976 (Cross-site scripting (XSS) vulnerability in addRequest.php in Prayer ...) @@ -801,6 +803,7 @@ - util-vserver 0.30.210-1 (bug #360438; unimportant) CVE-2006-1655 (Unspecified vulnerability in mpg123 0.59r allows user-complicit ...) - mpg123 <unfixed> (bug #361863; unknown) + [sarge] - mpg123 <no-dsa> (Non-free software) CVE-2006-1654 (Directory traversal vulnerability in the HP Color LaserJet 2500 ...) NOT-FOR-US: HP Colour LaserJet 2500 and 4600 Toolbox CVE-2006-1653 (PHP remote file inclusion vulnerability in loadkernel.php in ...) @@ -1072,10 +1075,13 @@ NOT-FOR-US: BEA WebLogic CVE-2006-1548 (Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction ...) - libstruts1.2-java <unfixed> (bug #360551) + [sarge] - libstruts1.2-java <no-dsa> (Only in contrib, relies on proprietary Java) CVE-2006-1547 (ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 ...) - libstruts1.2-java <unfixed> (bug #360551) + [sarge] - libstruts1.2-java <no-dsa> (Only in contrib, relies on proprietary Java) CVE-2006-1546 (Apache Software Foundation (ASF) Struts before 1.2.9 allows remote ...) - libstruts1.2-java <unfixed> (bug #360551) + [sarge] - libstruts1.2-java <no-dsa> (Only in contrib, relies on proprietary Java) CVE-2006-1545 (Direct static code injection vulnerability in admin/config.php in ...) NOT-FOR-US: VNews CVE-2006-1544 (Multiple cross-site scripting (XSS) vulnerabilities in news.php in ...) @@ -3912,7 +3918,7 @@ CVE-2006-0328 (Format string vulnerability in Tftpd32 2.81 allows remote attackers to ...) NOT-FOR-US: Tftpd32, different from the tftpd in Debian CVE-2006-0327 (TYPO3 3.7.1 allows remote attackers to obtain sensitive information ...) - - typo3-src <unfixed> (unimportant) + - typo3-src <unfixed> (bug #364351; unimportant) NOTE: Only path disclosure CVE-2006-0326 RESERVED @@ -4138,7 +4144,7 @@ CVE-2006-0237 (Cross-site scripting (XSS) vulnerability in index.php in GTP iCommerce ...) NOT-FOR-US: GTP iCommerce CVE-2006-0236 (GUI display truncation vulnerability in Mozilla Thunderbird 1.0.2, ...) - - mozilla-thunderbird <unfixed> (bug #349242; medium) + - mozilla-thunderbird <unfixed> (bug #349242; bug #363777; medium) CVE-2006-0235 (SQL injection vulnerability in WhiteAlbum 2.5 allows remote attackers ...) NOT-FOR-US: WhiteAlbum CVE-2006-0234 (SQL injection vulnerability in index.php in microBlog 2.0 RC-10 allows ...) @@ -6780,6 +6786,7 @@ NOT-FOR-US: APBoard CVE-2005-3745 (Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and ...) - libstruts1.2-java 1.2.8-1 (bug #340583; medium) + [sarge] - libstruts1.2-java <no-dsa> (Only in contrib, relies on proprietary Java) CVE-2005-3744 (SQL injection vulnerability in index.php in phpComasy 0.7.5 and ...) NOT-FOR-US: phpComasy CVE-2005-3743 (SQL injection vulnerability in results.php in SimplePoll allows remote ...) @@ -10884,8 +10891,7 @@ - kernel-source-2.4.27 <not-affected> CVE-2005-XXXX [Buffer overflow in Description parsing] - bidwatcher <removed> (bug #319489; low) - NOTE: Sarge and Woody affected - NOTE: Package is totally broken due to Ebay changes, so risk is low + [sarge] - bidwatcher <no-dsa> (Totally broken due to Ebay changes, no users, no exploits) CVE-2005-XXXX [Does not do escaping in mysql version - both a worrying flaw and stops adduser working] - dbmail <unfixed> (bug #303991; medium) CVE-2005-XXXX [downloads.ini writable by group users, world-readable] @@ -16713,7 +16719,7 @@ NOT-FOR-US: Windows CVE-2005-1105 (Directory traversal vulnerability in the MimeBodyPart.getFileName ...) - libgnumail-java <unfixed> (bug #304712; low) - [sarge] - libgnumail <no-dsa> (Only user in Sarge is ant, which isn''t affected) + [sarge] - libgnumail-java <no-dsa> (Only user in Sarge is ant, which isn''t affected) CVE-2005-1104 (Multiple cross-site scripting (XSS) vulnerabilities in Centra 7 ...) NOT-FOR-US: Centra CVE-2005-1103 (Sygate Security Agent (SSA) in Sygate Secure Enterprise 3.5 through ...)