Author: fw Date: 2006-06-05 12:40:08 +0000 (Mon, 05 Jun 2006) New Revision: 4147 Modified: data/CVE/list Log: NFUs CVE-2006-2802: xine-lib CVE was assigned CVE-2006-2789: evolution alread fixed Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-06-05 12:18:59 UTC (rev 4146) +++ data/CVE/list 2006-06-05 12:40:08 UTC (rev 4147) @@ -3,39 +3,41 @@ CVE-2006-XXXX [PHP injection vulnerability in dokuwiki via curly braces] - dokuwiki <unfixed> (medium) CVE-2006-2805 (SQL injection vulnerability in VBulletin 3.0.10 allows remote ...) - TODO: check + NOT-FOR-US: vBulletin CVE-2006-2804 (Cross-site scripting (XSS) vulnerability in index.cfm in Goss iCM 7.0 ...) - TODO: check + NOT-FOR-US: Goss iCM CVE-2006-2803 (Multiple cross-site scripting (XSS) vulnerabilities in PHP ManualMaker ...) - TODO: check + NOT-FOR-US: PHP ManualMaker CVE-2006-2802 (Buffer overflow in the HTTP Plugin (xineplug_inp_http.so) for xine-lib ...) - TODO: check + - xine-lib <unfixed> (bug #369876; medium) CVE-2006-2801 (Multiple SQL injection vulnerabilities in Unak CMS 1.5 RC2 and earlier ...) - TODO: check + NOT-FOR-US: Unak CMS CVE-2006-2800 (Multiple cross-site scripting (XSS) vulnerabilities in Unak CMS 1.5 ...) - TODO: check + NOT-FOR-US: Unak CMS CVE-2006-2799 (Cross-site scripting (XSS) vulnerability in content_footer.php in ...) - TODO: check + NOT-FOR-US: toendaCMS CVE-2006-2798 (Multiple cross-site scripting (XSS) vulnerabilities in ...) - TODO: check + NOT-FOR-US: phpCommunityCalendar CVE-2006-2797 (Multiple SQL injection vulnerabilities in phpCommunityCalendar 4.0.3 ...) - TODO: check + NOT-FOR-US: phpCommunityCalendar CVE-2006-2796 (Cross-site scripting (XSS) vulnerability in gallery.php in Captivate ...) - TODO: check + NOT-FOR-US: Captivate gallery.php CVE-2006-2795 (Multiple cross-site scripting (XSS) vulnerabilities in XiTi Tracking ...) - TODO: check + NOT-FOR-US: XiTi Tracking Script CVE-2006-2794 (Hesabim.asp in ASPSitem 2.0 and earlier allows remote attackers to ...) - TODO: check + NOT-FOR-US: ASPSitem CVE-2006-2793 (SQL injection vulnerability in Anket.asp in ASPSitem 2.0 and earlier ...) - TODO: check + NOT-FOR-US: ASPSitem CVE-2006-2792 (SQL injection vulnerability in misc.php in Woltlab Burning Board (WBB) ...) - TODO: check + NOT-FOR-US: wbboard CVE-2006-2791 (Directory traversal vulnerability in index.php in iBoutique.MALL and ...) - TODO: check + NOT-FOR-US: iBoutique.MALL CVE-2006-2790 (A package component in Sun Storage Automated Diagnostic Environment ...) - TODO: check + NOT-FOR-US: Sun StorADE CVE-2006-2789 (Evolution 2.2.x and 2.3.x in GNOME 2.7 and 2.8, when "load images if ...) - TODO: check + - evolution 2.4.0-1 (low) + NOTE: Verified that the patch has been applied in 2.4.0-1, + NOTE: may have been fixed earlier. CVE-2006-2788 (Double-free vulnerability in the getRawDER function for nsIX509Cert in ...) TODO: check CVE-2006-2787 (EvalInSandbox in Mozilla Firefox and Thunderbird before 1.5.0.4 allows ...) @@ -322,8 +324,6 @@ TODO: check CVE-2006-2644 (AWStats 6.5, and possibly other versions, allows remote authenticated ...) TODO: check -CVE-2006-XXXX [libxine buffer overflow in the HTTP header parser] - - xine-lib <unfixed> (bug #369876; medium) CVE-2006-XXXX [libxine1 overflow via a specially-crafted AVI file] - xine-lib <unfixed> (bug #369876; medium) CVE-2006-XXXX [specialy crafted WAV turns mkvmerge into a malloc bomb]