Author: stef-guest Date: 2006-10-14 14:32:24 +0000 (Sat, 14 Oct 2006) New Revision: 4847 Modified: data/CVE/list Log: CVE-2006-5170: new libpam-ldap issue Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-10-14 13:28:25 UTC (rev 4846) +++ data/CVE/list 2006-10-14 14:32:24 UTC (rev 4847) @@ -106,8 +106,8 @@ CVE-2006-5179 (Intoto iGateway VPN and iGateway SSL-VPN allow context-dependent ...) NOT-FOR-US: Intoto iGateway CVE-2006-5178 (Race condition in the symlink function in PHP 5.1.6 and earlier allows ...) - - php5 <unfixed> (low) - - php4 <unfixed> (low) + - php5 <unfixed> (bug #391281; low) + - php4 <unfixed> (bug #391282; low) [sarge] - php4 <no-dsa> (openbasedir not supported) CVE-2006-5177 (The NTLM authentication in MailEnable Professional 2.0 and Enterprise ...) NOT-FOR-US: MailEnable Professional @@ -125,7 +125,7 @@ CVE-2006-5171 RESERVED CVE-2006-5170 (pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core 3 and ...) - TODO: check + - libpam-ldap <unfixed> (bug filed; medium) CVE-2006-5169 (Cross-site scripting (XSS) vulnerability in John Himmelman (aka ...) NOT-FOR-US: PowerPortal CVE-2006-5168 (Cross-site scripting (XSS) vulnerability in the search functionality ...) @@ -551,7 +551,8 @@ CVE-2006-4969 (Multiple PHP remote file inclusion vulnerabilities in WAHM E-Commerce ...) NOT-FOR-US: Pie Cart Pro CVE-2006-4968 (PHP remote file inclusion vulnerability in ...) - TODO: check + NOT-FOR-US: PNphpBB + NOTE: code in phpBB is different and not affected CVE-2006-4967 (Multiple cross-site scripting (XSS) vulnerabilities in NextAge Cart ...) NOT-FOR-US: NextAge Cart CVE-2006-4966 (PHP remote file inclusion vulnerability in inc/ifunctions.php in ...)