Author: alec-guest Date: 2006-05-20 14:07:45 +0000 (Sat, 20 May 2006) New Revision: 4003 Modified: data/CVE/list Log: * dia bug number * libopenobex already fixed (sweet!) * NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-05-20 13:20:47 UTC (rev 4002) +++ data/CVE/list 2006-05-20 14:07:45 UTC (rev 4003) @@ -24,8 +24,7 @@ CVE-2006-2481 RESERVED CVE-2006-2480 (Format string vulnerability in Dia 0.94 allows user-complicit ...) - NOTE: will file a bug when I finish testing the patch - alec - - dia <unfixed> (low) + - dia <unfixed> (bug #368202; low) CVE-2006-2479 (The Update functionality in Bitrix Site Manager 4.1.x does not verify ...) NOT-FOR-US: Bitrix CVE-2006-2478 (Bitrix Site Manager 4.1.x allows remote attackers to redirect users to ...) @@ -55,8 +54,7 @@ CVE-2006-2466 (BEA WebLogic Server 8.1 up to SP4 and 7.0 up to SP6 allows remote ...) NOT-FOR-US: BEA CVE-2006-2465 (Buffer overflow in MP3Info 0.8.4 allows attackers to execute arbitrary ...) - NOTE: will file bug soon, poking around for a fix - alec - - mp3info <unfixed> (low) + - mp3info <unfixed> (bug filed; low) CVE-2006-2464 (stopWebLogic.sh in BEA WebLogic Server 8.1 before Service Pack 4 and ...) NOT-FOR-US: BEA CVE-2006-2463 (view_album.php in SelectaPix 1.31 and earlier allows remote attackers ...) @@ -248,15 +246,15 @@ - vnc4 4.1.1+X4.3.0-10 (high) [sarge] - vnc4 <not-affected> (vuln not in 4.0) CVE-2006-2368 (Cross-site scripting (XSS) vulnerability in index.php in Clansys (aka ...) - TODO: check + NOT-FOR-US: Clansys CVE-2006-2367 (Cross-site scripting (XSS) vulnerability in index.php in Clansys (aka ...) - TODO: check + NOT-FOR-US: Clansys CVE-2006-2366 (ircp_io.c in libopenobex for ircp 1.2, when ircp is run with the -r ...) - TODO: check + - libopenobex 1.2-3 (bug #366484) CVE-2006-2365 (Cross-site scripting (XSS) vulnerability in a_login.php in Vizra ...) - TODO: check + NOT-FOR-US: Vizra CVE-2006-2364 (Cross-site scripting (XSS) vulnerability in the validation feature in ...) - TODO: check + NOT-FOR-US: Macromedia CVE-2006-2363 (SQL injection vulnerability in the weblinks option (weblinks.html.php) ...) TODO: check CVE-2006-2362 (Buffer overflow in getsym in tekhex.c in libbfd in Free Software ...)