Author: jmm-guest
Date: 2006-08-01 20:34:36 +0000 (Tue, 01 Aug 2006)
New Revision: 4484
Modified:
data/CVE/list
Log:
potential webalizer issues
track livehttpheaders by source package name
no-dsa for spread
racoon duplicate
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-08-01 20:32:16 UTC (rev 4483)
+++ data/CVE/list 2006-08-01 20:34:36 UTC (rev 4484)
@@ -1,3 +1,6 @@
+CVE-2006-XXXX [Webalizer buffer overflows]
+ - webalizer <unfixed> (unknown)
+ NOTE: 11_various_buffer_overflows should be reviewed for exploitability
CVE-2006-3837 (delcookie.php in Professional Home Page Tools Guestbook changes
the ...)
NOT-FOR-US: Professional Home Page Tools Guestbook
CVE-2006-3836 (Directory traversal vulnerability in index.php in UNIDOmedia
Chameleon ...)
@@ -304,7 +307,8 @@
NOTE: couldn''t reproduce without livehttpheaders
NOTE: PoC: http://www.sfritsch.de/~stf/CVE-2006-3731.html
NOTE: might still be a firefox issue
- - mozilla-livehttpheaders <unfixed> (bug #379050; low)
+ - livehttpheaders <unfixed> (bug #379050; low)
+ [sarge] - livehttpheaders <not-affected> (Unreproducible on Sarge)
[sarge] - mozilla-livehttpheaders <not-affected>
CVE-2006-3730 (Microsoft Internet Explorer 6 on Windows XP SP2 allows remote
...)
NOT-FOR-US: MSIE
@@ -1590,6 +1594,7 @@
RESERVED
CVE-2006-3118 (spread uses a temporary file with a static filename based on the
port ...)
- spread <unfixed> (bug #375617; low)
+ [sarge] - spread <no-dsa> (Minimal security implications)
CVE-2006-3117 (Heap-based buffer overflow in OpenOffice.org (aka StarOffice)
1.1.x up ...)
{DSA-1104}
- openoffice.org 2.0.3-1
@@ -5110,8 +5115,7 @@
CVE-2006-1647 (An unspecified "logical programming mistake"
in SMART SynchronEyes ...)
NOT-FOR-US: SMART SynchronEyes
CVE-2006-1646 (The Internet Key Exchange version 1 (IKEv1) implementation ...)
- NOTE: duplicate of CVE-2005-3732
- - ipsec-tools 1:0.6.3-1 (bug #340584; low)
+ NOT-FOR-US: This is a slightly different racoon version, the Linux fork in
Debian was already addressed in CVE-2005-3732
CVE-2006-1645 (Cross-site scripting (XSS) vulnerability in Anton Vlasov and
Rostislav ...)
NOT-FOR-US: ReloadCMS
CVE-2006-1644 (login.php in Interact 2.1.1 generates different responses
depending on ...)