Secure testing commits - Sep 2006 - r4669 - data/CVE

Author: stef-guest
Date: 2006-09-03 20:02:38 +0000 (Sun, 03 Sep 2006)
New Revision: 4669

Modified:
   data/CVE/list
Log:
- CVE-2006-4436: new isakmpd issue (medium)
- CVE-2006-4262: new cscope issue (low)
- some NFUs


Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-09-03 19:31:42 UTC (rev 4668)
+++ data/CVE/list	2006-09-03 20:02:38 UTC (rev 4669)
@@ -1,7 +1,7 @@
 CVE-2006-XXXX [tikiwiki security issue in jhot.php]
 	- tikiwiki 1.9.4+dfsg2-3
 CVE-2006-4436 (isakmpd in OpenBSD 3.8, 3.9, and possibly earlier versions,
creates ...)
-	TODO: check
+	- isakmpd <unfixed> (bug filed; medium)
 CVE-2006-4435 (OpenBSD 3.8, 3.9, and possibly earlier versions allows ...)
 	NOT-FOR-US: OpenBSD
 CVE-2006-4434 (Use-after-free vulnerability in Sendmail before 8.13.8 allows
remote ...)
@@ -363,7 +363,7 @@
 CVE-2006-4263 (Multiple PHP remote file inclusion vulnerabilities in the
Product ...)
 	NOT-FOR-US: mambo-phpshop (com_phpshop) for Mambo and Joomla!
 CVE-2006-4262 (Multiple buffer overflows in cscope 15.5 and earlier allow ...)
-	TODO: check
+	- cscope <unfixed> (low; bug filed)
 CVE-2006-4261 (Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to
cause a ...)
 	- xulrunner <unfixed>
 	- firefox <unfixed>
@@ -698,11 +698,11 @@
 CVE-2006-4110 (Apache 2.2.2, when running on Windows, allows remote attackers
to read ...)
 	- apache2 <not-affected> (Affects Apache on Windows only)
 CVE-2006-4109 (Cross-site scripting (XSS) vulnerability in Bibliography ...)
-	TODO: check
+	NOT-FOR-US: Bibliography (biblio.module) for Drupal
 CVE-2006-4108 (SQL injection vulnerability in Bibliography (biblio.module) 4.6
before ...)
-	TODO: check
+	NOT-FOR-US: Bibliography (biblio.module) for Drupal
 CVE-2006-4107 (SQL injection vulnerability in the Job Search module
(job.module) 4.6 ...)
-	TODO: check
+	NOT-FOR-US: Job Search module (job.module) for Drupal
 CVE-2006-4106 (Cross-site scripting (XSS) vulnerability in blursoft blur6ex 0.3
...)
 	NOT-FOR-US: blur6ex
 CVE-2006-4105 (Cross-site scripting (XSS) vulnerability in Fill Threads
Database ...)