Moritz Muehlenhoff
2006-Oct-02 14:32 UTC
[Secure-testing-commits] r4794 - in data: CVE DSA
Author: jmm-guest
Date: 2006-10-01 12:06:33 +0000 (Sun, 01 Oct 2006)
New Revision: 4794
Modified:
data/CVE/list
data/DSA/list
Log:
fix CVE ID for zope
new kernel dos
some NFUs
mark php issue as non-issue
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-10-01 11:21:31 UTC (rev 4793)
+++ data/CVE/list 2006-10-01 12:06:33 UTC (rev 4794)
@@ -40,6 +40,7 @@
TODO: check
CVE-2006-5052 (Unspecified vulnerability in portable OpenSSH before 4.4, when
running ...)
TODO: check
+ NOTE: This may be a dupe of CVE-2006-4925
CVE-2006-5051 (Signal handler race condition in OpenSSH before 4.4 allows
remote ...)
- openssh <unfixed> (unimportant)
- openssh-krb5 <unfixed> (high)
@@ -298,7 +299,7 @@
CVE-2005-4812 (The SISCO OSI stack for Windows, as used by MMS-EASE 7.10 and
earlier, ...)
TODO: check
CVE-2005-4811 (The hugepage code (hugetlb.c) in Linux kernel 2.6, possibly
2.6.12 and ...)
- TODO: check
+ - linux-2.6 2.6.14
CVE-2006-4925 [openssh GSSAPI information leak)
RESERVED
- openssh <unfixed> (low)
@@ -353,18 +354,17 @@
CVE-2006-4902
RESERVED
CVE-2006-4901 (Computer Associates (CA) eTrust Security Command Center 1.0 and
r8 up ...)
- TODO: check
+ NOT-FOR-US: CA eTrust
CVE-2006-4900 (Directory traversal vulnerability in Computer Associates (CA)
eTrust ...)
- TODO: check
+ NOT-FOR-US: CA eTrust
CVE-2006-4899 (The ePPIServlet script in Computer Associates (CA) eTrust
Security ...)
- TODO: check
+ NOT-FOR-US: CA eTrust
CVE-2006-4898 (PHP remote file inclusion vulnerability in
include/phpxd/phpXD.php in ...)
NOT-FOR-US: guanxiCRM
CVE-2006-4897 (CMtextS 1.0 and earlier stores users_logins/admin.txt under the
web ...)
NOT-FOR-US: CMtextS
CVE-2006-4896
REJECTED
- NOTE: Duplicate of CVE-2006-4785
CVE-2006-4895 (IDevSpot NexieAffiliate 1.9 and earlier allows remote attackers
to ...)
NOT-FOR-US: IDevSpot NexieAffiliate
CVE-2006-4894 (Cross-site scripting (XSS) vulnerability in
forms/lostpassword.php in ...)
@@ -784,7 +784,7 @@
CVE-2006-4695
RESERVED
CVE-2006-4694 (Unspecified vulnerability in PowerPoint in Microsoft Office
2000, ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-4693
RESERVED
CVE-2006-4692
@@ -804,7 +804,7 @@
CVE-2006-4685
RESERVED
CVE-2006-4684 (The docutils module in Zope (Zope2) 2.7.0 through 2.7.9 and
2.8.0 ...)
- TODO: check
+ - zope2.7 <removed>
CVE-2006-4683 (IBM Director before 5.10 allows remote attackers to obtain
sensitive ...)
NOT-FOR-US: IBM Director
CVE-2006-4682 (Multiple unspecified vulnerabilities in IBM Director before 5.10
allow ...)
@@ -846,7 +846,7 @@
CVE-2006-4664 (PHP remote file inclusion vulnerability in ...)
NOT-FOR-US: Premod Shadow
CVE-2006-4663 (** DISPUTED ** ...)
- TODO: check
+ NOT-FOR-US: User problem
CVE-2006-4662 (Heap-based buffer overflow in the MCRegEx__Search function in
AOL ICQ ...)
NOT-FOR-US: AOL ICQ
CVE-2006-4661 (AOL ICQ Toolbar 1.3 for Internet Explorer (toolbaru.dll) does
not ...)
@@ -2332,8 +2332,9 @@
CVE-2006-4021 (The cryptographic module in ScatterChat 1.0.x allows attackers
to ...)
NOT-FOR-US: ScatterChat
CVE-2006-4020 (scanf.c in PHP 5.1.4 and earlier, and 4.4.3 and earlier, allows
...)
- - php5 5.1.6-1 (medium; bug #382256)
- - php4 4:4.4.4-1 (medium; bug #382261)
+ - php5 5.1.6-1 (unimportant; bug #382256)
+ - php4 4:4.4.4-1 (unimportant; bug #382261)
+ NOTE: Only exploitable by malicious, local user
CVE-2006-4019 (Dynamic variable evaluation vulnerability in compose.php in ...)
{DSA-1154}
- squirrelmail 2:1.4.8-1
Modified: data/DSA/list
==================================================================---
data/DSA/list 2006-10-01 11:21:31 UTC (rev 4793)
+++ data/DSA/list 2006-10-01 12:06:33 UTC (rev 4794)
@@ -26,7 +26,7 @@
{CVE-2006-4242}
[sarge] - usermin 1.110-3.1
[13 Sep 2006] DSA-1176-1 zope2.7
- {CVE-2006-4436}
+ {CVE-2006-4684}
[sarge] - zope2.7 2.7.5-2sarge2
[13 Sep 2006] DSA-1175-1 isakmpd
{CVE-2006-4436}