Author: joeyh
Date: 2006-06-03 21:14:27 +0000 (Sat, 03 Jun 2006)
New Revision: 4131
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-06-03 20:40:54 UTC (rev 4130)
+++ data/CVE/list 2006-06-03 21:14:27 UTC (rev 4131)
@@ -246,6 +246,7 @@
CVE-2006-2543 (Xtreme Topsites 1.1 allows remote attackers to trigger MySQL
errors ...)
NOT-FOR-US: Xtreme Topsites
CVE-2006-2542 (xmcdconfig in Debian GNU/Linux 2.6-17.1 creates /var/lib/cddb
and ...)
+ {DSA-1086-1}
TODO: check sarge and woody
- xmcd 2.6-17.2 (bug #366816; medium)
CVE-2006-2541 (SQL injection vulnerability in settings.asp in Zixforum 1.12
allows ...)
@@ -731,6 +732,7 @@
CVE-2006-2315 (PHP remote file inclusion vulnerability in session.inc.php in
...)
NOT-FOR-US: ISPConfig
CVE-2006-2314 (PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before
...)
+ {DSA-1087-1}
- postgresql 7.5.4 (medium; bug #368645)
- postgresql-7.4 1:7.4.13-1 (medium)
- postgresql-8.0 <removed> (medium)
@@ -743,6 +745,7 @@
NOTE: package which does not contain actual code. That''s why
NOTE: it''s marked as fixed here. (Previous versions are vulnerable.)
CVE-2006-2313 (PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before
...)
+ {DSA-1087-1}
- postgresql 7.5.4 (high; bug #368645)
- postgresql-7.4 1:7.4.13-1 (high)
- postgresql-8.0 <removed> (high)
@@ -2552,7 +2555,7 @@
CVE-2006-1578 (Multiple SQL injection vulnerabilities in Keystone Digital
Library ...)
NOT-FOR-US: Keystone Digital Library Suite
CVE-2006-1577 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- [woody] - mantis <not-affected> (Vulnerable code not present)
+ [woody] - mantis <not-affected> (Vulnerable code not present)
- mantis <unfixed> (bug #361138)
CVE-2006-1576 (Direct static code injection vulnerability in QLnews 1.2 allows
remote ...)
NOT-FOR-US: QLnews
@@ -2759,6 +2762,7 @@
- mysql <unfixed> (bug #365939; low)
CVE-2006-1515 [typespeed buffer overflow]
RESERVED
+ {DSA-1084-1}
- typespeed 0.4.4-10
CVE-2006-1514 (Multiple buffer overflows in the abcmidi-yaps translator in
abcmidi ...)
{DSA-1043-1}
@@ -3038,6 +3042,7 @@
CVE-2005-4745 (SQL injection vulnerability in the rlm_sqlcounter module in
FreeRADIUS ...)
- freeradius 1.0.5-1
CVE-2005-4744 (Off-by-one error in the sql_error function in sql_unixodbc.c in
...)
+ {DSA-1089-1}
- freeradius 1.0.5-1
CVE-1999-1587 (/usr/ucb/ps in Sun Microsystems Solaris 8 and 9, and certain
earlier ...)
NOT-FOR-US: Solaris
@@ -3134,6 +3139,7 @@
CVE-2006-1355 (avast! Antivirus 4.6.763 and earlier sets
"BUILTIN\Everyone" ...)
NOT-FOR-US: avast AV
CVE-2006-1354 (Unspecified vulnerability in FreeRADIUS 1.0.0 up to 1.1.0 allows
...)
+ {DSA-1089-1}
- freeradius 1.1.0-1.2 (bug #359042; high)
CVE-2006-1353 (Multiple SQL injection vulnerabilities in ASPPortal 3.1.1 and
earlier ...)
NOT-FOR-US: ASPPortal
@@ -8114,7 +8120,7 @@
CVE-2005-3864 (SQL injection vulnerability in index.php in SourceWell 1.1.2 and
...)
NOT-FOR-US: SourceWell
CVE-2005-3863 (Stack-based buffer overflow in kkstrtext.h in ktools library 0.3
and ...)
- {DSA-1083-1 DTSA-23-1}
+ {DSA-1088-1 DSA-1083-1 DTSA-23-1}
- centericq 4.21.0-6 (bug #340959; medium)
- orpheus <unfixed> (bug #368402; medium)
- motor 2:3.4.0-6 (bug #368400; medium)
@@ -10530,7 +10536,7 @@
- module-assistant 0.9.10
TODO: Check, whether this version really fixes the issue, it''s not
mentioned in the changelog
CVE-2005-3120 (Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6
and ...)
- {DSA-876-1 DSA-874-1}
+ {DSA-1085-1 DSA-876-1 DSA-874-1}
- lynx 2.8.5-2sarge1 (bug #335033; high)
- lynx-cur 2.8.6-16 (bug #334423; high)
- lynx-ssl <removed>