thr3ads.net - Secure testing commits - [Secure-testing-commits] r4253

If this information is useful, please help other people find it:
Share via:

Alec Berryman

2006-Jun-17 06:18 UTC

[Secure-testing-commits] r4253 - data/CVE

Author: alec-guest
Date: 2006-06-17 06:07:39 +0000 (Sat, 17 Jun 2006)
New Revision: 4253

Modified:
   data/CVE/list
Log:
* CVE-2006-2230 (xine-ui): found fixed version
* CVE-2006-1991 (php4): found fixed version
* CVE-2005-3330 (wordpress): bug closed last year, maintainer says the
                             component isn''t vulnerable, marking
unaffected


Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-06-16 22:30:51 UTC (rev 4252)
+++ data/CVE/list	2006-06-17 06:07:39 UTC (rev 4253)
@@ -1879,7 +1879,7 @@
 	NOT-FOR-US: Big Webmaster Guestbook Script
 CVE-2006-2230 (Multiple format string vulnerabilities in xiTK (xitk/main.c) in
xine ...)
 	{DSA-1093-1}
-	- xine-ui <unfixed> (medium; bug #363370)
+	- xine-ui 0.99.4-1 (medium; bug #363370)
 CVE-2006-2229 (OpenVPN 2.0.7 and earlier, when configured to use the
--management ...)
 	- openvpn <unfixed> (unimportant)
 	NOTE: One needs to explicitly set the IP to something else than 127.0.0.1
@@ -2421,7 +2421,7 @@
 CVE-2006-1992 (mshtml.dll 6.00.2900.2873, as used in Microsoft Internet
Explorer, ...)
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2006-1991 (The substr_compare function in string.c in PHP 4.4.2 and 5.1.2
allows ...)
-	- php4 <unfixed> (bug #365311; medium)
+	- php4 4:4.4.2-1.1 (bug #365311; medium)
 	- php5 5.1.4-0.1 (bug #365312; medium)
 CVE-2006-1990 (Integer overflow in the wordwrap function in string.c in PHP
4.4.2 and ...)
 	- php4 4:4.4.2-1.1 (bug #365311; medium)
@@ -10824,9 +10824,8 @@
 CVE-2005-3331 (viewpatch in mgdiff 1.0 allows local users to overwrite
arbitrary ...)
 	- mgdiff 1.0-28 (bug #335188; unimportant)
 CVE-2005-3330 (The _httpsrequest function in Snoopy 1.2, as used in products
such as ...)
-	- wordpress <unfixed> (bug #335817; unimportant)
-	NOTE: The vulnerability is only exposed if the administrator edits
-	NOTE: non-configuration PHP files and adds https:// URLs.
+	- wordpress <not-affected> (bug #335817; unimportant)
+	NOTE: Upstream claims the modified Snoopy class is secure
 CVE-2005-3329 (Cross-site scripting (XSS) vulnerability in RSA Authentication
Agent ...)
 	NOT-FOR-US: RSA Authentication Agent
 CVE-2005-3328 (PHP remote file inclusion vulnerability in common.php in PunBB
1.1.2 ...)

Secure testing commits - Jun 2006 - r4253 - data/CVE

[Secure-testing-commits] r4253 - data/CVE