Secure testing commits - May 2006 - r3998 - data/CVE

Author: alec-guest
Date: 2006-05-20 12:08:51 +0000 (Sat, 20 May 2006)
New Revision: 3998

Modified:
   data/CVE/list
Log:
* Many NFUs
* Critical Nagios remote vulnerability; Secunia says that Debian''s
maintainer
  found it, but I''m going to file bugs to keep track of things.


Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-05-20 09:34:12 UTC (rev 3997)
+++ data/CVE/list	2006-05-20 12:08:51 UTC (rev 3998)
@@ -1,23 +1,24 @@
 CVE-2006-2492 (Buffer overflow in Microsoft Word XP and Word 2003 allows ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2006-2491 (Cross-site scripting (XSS) vulnerability in (1) index.php and
(2) ...)
-	TODO: check
+	NOT-FOR-US: BoastMachine
 CVE-2006-2490 (Multiple cross-site scripting (XSS) vulnerabilities in Mobotix
IP ...)
-	TODO: check
+	NOT-FOR-US: Mobotix
 CVE-2006-2489 (Integer overflow in CGI scripts in Nagios 1.x before 1.4.1 and
2.x ...)
-	TODO: check
+	- nagios <unfixed> (high)
+	- nagios2 <unfixed> (high)
 CVE-2006-2488 (Multiple cross-site scripting (XSS) vulnerabilities in Spymac
WebOS ...)
-	TODO: check
+	NOT-FOR-US: Spymac 
 CVE-2006-2487 (Multiple PHP remote file inclusion vulnerabilities in ScozNews
1.2.1 ...)
-	TODO: check
+	NOT-FOR-US: ScozNews
 CVE-2006-2486 (SQL injection vulnerability in find.php in YapBB 1.2 Beta2 and
earlier ...)
-	TODO: check
+	NOT-FOR-US: YapBB
 CVE-2006-2485 (PHP remote file inclusion vulnerability in
includes/class_template.php ...)
-	TODO: check
+	NOT-FOR-US: Quezza
 CVE-2006-2484 (Cross-site scripting (XSS) vulnerability in index.html in
IceWarp ...)
-	TODO: check
+	NOT-FOR-US: IceWarp
 CVE-2006-2483 (PHP remote file inclusion vulnerability in cart_content.php in
...)
-	TODO: check
+	NOT-FOR-US: Squirrelcart
 CVE-2006-2482
 	RESERVED
 CVE-2006-2481