Secure testing commits - May 2006 - r3984 - data/CVE

Author: alec-guest
Date: 2006-05-19 18:23:58 +0000 (Fri, 19 May 2006)
New Revision: 3984

Modified:
   data/CVE/list
Log:
* two new phpMyAdmin CVEs
* many NFUs


Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-05-19 16:08:02 UTC (rev 3983)
+++ data/CVE/list	2006-05-19 18:23:58 UTC (rev 3984)
@@ -57,30 +57,30 @@
 CVE-2006-2427 (freshclam in (1) Clam Antivirus (ClamAV) 0.88 and (2) ClamXav
1.0.3h ...)
 	- clamav <not-affected> (clamav-freshclam doesn''t ship
freshclam setuid or setgid)
 CVE-2006-2426 (Sun Java Runtime Environment (JRE) 1.5.0_6 and earlier, JDK
1.5.0_6 ...)
-	TODO: check
+	NOT-FOR-US: in non-free
 CVE-2006-2425 (Multiple cross-site scripting (XSS) vulnerabilities in PRV.php
in ...)
-	TODO: check
+	NOT-FOR-US: phpRemoteView
 CVE-2006-2424 (PHP remote file inclusion vulnerability in ezUserManager 1.6 and
...)
-	TODO: check
+	NOT-FOR-US: ezUserManager
 CVE-2006-2423 (Cross-site scripting (XSS) vulnerability in ftplogin/index.php
in ...)
-	TODO: check
+	NOT-FOR-US: Confixx
 CVE-2006-2422 (phpCOIN 1.2.3 and earlier stores messages based upon e-mail
addresses, ...)
-	TODO: check
+	NOT-FOR-US: phpCOIN
 CVE-2006-2421 (Stack-based buffer overflow in Pragma FortressSSH 4.0.7.20
allows ...)
-	TODO: check
+	NOT-FOR-US: Pragma
 CVE-2006-2420 (Bugzilla 2.20rc1 through 2.20 and 2.21.1, when using RSS 1.0,
allows ...)
 	NOTE: "this issue normally would not be included in CVE, it is being
identified since the Bugzilla developers have addressed it."
 	- bugzilla <unfixed> (unimportant)
 CVE-2006-2419 (Cross-site scripting (XSS) vulnerability in index.php in
Directory ...)
-	TODO: check
+	NOT-FOR-US: Directory Listing Script
 CVE-2006-2418 (Cross-site scripting (XSS) vulnerabilities in certain versions
of ...)
-	TODO: check
+	- phpmyadmin <unfixed> (medium)
 CVE-2006-2417 (Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.x
before ...)
-	TODO: check
+	- phpmyadmin <unfixed> (medium)
 CVE-2006-2416 (SQL injection vulnerability in class2.php in e107 0.7.2 and
earlier ...)
-	TODO: check
+	NOT-FOR-US: e107
 CVE-2006-2415 (Multiple cross-site scripting (XSS) vulnerabilities in FlexChat
2.0 ...)
-	TODO: check
+	NOT-FOR-US: FlexChat
 CVE-2006-2414 (Directory traversal vulnerability in Dovecot 1.0 beta and 1.0
allows ...)
 	TODO: check
 CVE-2006-2413 (GNUnet before SVN revision 2781 allows remote attackers to cause
a ...)