Secure testing commits - Jul 2006 - r4365 - data/CVE

Author: alec-guest
Date: 2006-07-11 00:58:40 +0000 (Tue, 11 Jul 2006)
New Revision: 4365

Modified:
   data/CVE/list
Log:
* CVE-2006-3419, CVE-2006-3418, CVE-2006-3417, CVE-2006-3416, CVE-2006-3415,
  CVE-2006-3414, CVE-2006-3413, CVE-2006-3412, CVE-2006-3411, CVE-2006-3410,
  CVE-2006-3409, CVE-2006-3408, CVE-2006-3407 (tor): fixed
* CVE-2006-3401 (quake3): itp
* CVE-2006-3390, CVE-2006-3389 (wordpress): open, unimportant
* CVE-2006-3388 (phpmyadmin): open, low


Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-07-10 22:15:39 UTC (rev 4364)
+++ data/CVE/list	2006-07-11 00:58:40 UTC (rev 4365)
@@ -79,31 +79,31 @@
 CVE-2006-3420 (Cross-site request forgery (CSRF) vulnerability in editpost.php
in ...)
 	TODO: check
 CVE-2006-3419 (Tor before 0.1.1.20 uses OpenSSL pseudo-random bytes ...)
-	TODO: check
+	- tor 0.1.1.20-1
 CVE-2006-3418 (Tor before 0.1.1.20 does not validate that a server
descriptor''s ...)
-	TODO: check
+	- tor 0.1.1.20-1
 CVE-2006-3417 (Tor client before 0.1.1.20 prefers entry points based on is_fast
or ...)
-	TODO: check
+	- tor 0.1.1.20-1
 CVE-2006-3416 (** DISPUTED ** ...)
-	TODO: check
+	- tor 0.1.1.20-1
 CVE-2006-3415 (Tor before 0.1.1.20 uses improper logic to validate the
"OR" ...)
-	TODO: check
+	- tor 0.1.1.20-1
 CVE-2006-3414 (Tor before 0.1.1.20 supports server descriptors that contain
hostnames ...)
-	TODO: check
+	- tor 0.1.1.20-1
 CVE-2006-3413 (The privoxy configuration file in Tor before 0.1.1.20, when run
on ...)
-	TODO: check
+	- tor 0.1.1.20-1
 CVE-2006-3412 (Tor before 0.1.1.20 does not sufficiently obey certain firewall
...)
-	TODO: check
+	- tor 0.1.1.20-1
 CVE-2006-3411 (TLS handshakes in Tor before 0.1.1.20 generate public-private
keys ...)
-	TODO: check
+	- tor 0.1.1.20-1
 CVE-2006-3410 (Tor before 0.1.1.20 creates "internal
circuits" primarily consisting ...)
-	TODO: check
+	- tor 0.1.1.20-1
 CVE-2006-3409 (Integer overflow in Tor before 0.1.1.20 allows remote attackers
to ...)
-	TODO: check
+	- tor 0.1.1.20-1
 CVE-2006-3408 (Unspecified vulnerability in the directory server (dirserver) in
Tor ...)
-	TODO: check
+	- tor 0.1.1.20-1
 CVE-2006-3407 (Tor before 0.1.1.20 allows remote attackers to spoof log entries
or ...)
-	TODO: check
+	- tor 0.1.1.20-1
 CVE-2006-3406 (Directory traversal vulnerability in qtofm.php in QTOFileManager
1.0 ...)
 	TODO: check
 CVE-2006-3405 (Cross-site scripting (XSS) vulnerability in qtofm.php in ...)
@@ -113,7 +113,7 @@
 CVE-2006-3402 (SQL injection vulnerability in VirtuaStore 2.0 allows remote
attackers ...)
 	TODO: check
 CVE-2006-3401 (Stack-based buffer overflow in Quake 3 Engine as used by Quake
3: ...)
-	TODO: check
+	- quake3 <itp> (bug #337937)
 CVE-2006-3400 (Stack-based buffer overflow in the CG_ServerCommand function in
Quake ...)
 	TODO: check
 CVE-2006-3399 (Cross-site scripting (XSS) vulnerability in wiki.php in MoniWiki
...)
@@ -135,11 +135,11 @@
 CVE-2006-3391 (The Execute function in iMBCContents ActiveX Control before
2.0.0.59 ...)
 	TODO: check
 CVE-2006-3390 (WordPress 2.0.3 allows remote attackers to obtain the
installation ...)
-	TODO: check
+	- wordpress <unfixed> (bug filed; unimportant)
 CVE-2006-3389 (index.php in WordPress 2.0.3 allows remote attackers to obtain
...)
-	TODO: check
+	- wordpress <unfixed> (bug filed; unimportant)
 CVE-2006-3388 (Cross-site scripting (XSS) vulnerability in phpMyAdmin before
2.8.2 ...)
-	TODO: check
+	- phpmyadmin <unfixed> (bug filed; low)
 CVE-2006-3387 (Directory traversal vulnerability in sources/post.php in Fusion
News ...)
 	TODO: check
 CVE-2006-3386 (index.php in Vincent Leclercq News 5.2 allows remote attackers
to ...)