Author: stef-guest Date: 2006-05-09 19:25:04 +0000 (Tue, 09 May 2006) New Revision: 3928 Modified: data/CVE/list Log: unimportant openvpn issue hostapd issue in sarge quake3 issue (itp''ed) awstats issue Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-05-09 19:08:08 UTC (rev 3927) +++ data/CVE/list 2006-05-09 19:25:04 UTC (rev 3928) @@ -65,9 +65,9 @@ CVE-2006-2238 RESERVED CVE-2006-2237 (The web interface for AWStats 6.4 and 6.5, when statistics updates are ...) - TODO: check + - awstats <unfixed> (bug #365909; medium) CVE-2006-2236 (Buffer overflow in the Quake 3 Engine, as used by (1) ET 2.60, (2) ...) - TODO: check + - quake3 <itp> (bug #337937) CVE-2006-2235 (CodeMunkyX (aka free-php.net) Simple Poll 1.0, when authentication is ...) TODO: check CVE-2006-2234 (Multiple cross-site scripting (XSS) vulnerabilities in TyroCMS beta ...) @@ -81,7 +81,9 @@ CVE-2006-2230 (Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine ...) TODO: check CVE-2006-2229 (OpenVPN 2.0.7 and earlier, when configured to use the --management ...) - TODO: check + - openvpn <unfixed> (unimportant) + NOTE: One needs to explicitly set the IP to something else than 127.0.0.1 + NOTE: in order to be vulnerable. The man page recommends not to do it. CVE-2006-2228 (Cross-site scripting (XSS) vulnerability in w-Agora (aka Web-Agora) ...) TODO: check CVE-2006-2227 (Cross-site scripting (XSS) vulnerability in misc.php in PunBB 1.2.11 ...) @@ -124,7 +126,8 @@ CVE-2006-2214 (Multiple SQL injection vulnerabilities in 4images 1.7.1 and earlier ...) TODO: check CVE-2006-2213 (Hostapd 0.3.7-2 allows remote attackers to cause a denial of service ...) - TODO: check + - hostapd 0.5.0-1 (bug #365897; high) + [sarge] -hostapd <unfixed> (bug #365897; high) CVE-2006-2212 (Buffer overflow in KarjaSoft Sami FTP Server 2.0.2 and earlier allows ...) TODO: check CVE-2006-2211 (Absolute path traversal vulnerability in index.php in 321soft ...)