Author: stef-guest Date: 2006-10-14 15:01:16 +0000 (Sat, 14 Oct 2006) New Revision: 4848 Modified: data/CVE/list Log: bugnum, NFUs, unimportant ADOdb issue Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-10-14 14:32:24 UTC (rev 4847) +++ data/CVE/list 2006-10-14 15:01:16 UTC (rev 4848) @@ -125,15 +125,15 @@ CVE-2006-5171 RESERVED CVE-2006-5170 (pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core 3 and ...) - - libpam-ldap <unfixed> (bug filed; medium) + - libpam-ldap <unfixed> (bug #392984; medium) CVE-2006-5169 (Cross-site scripting (XSS) vulnerability in John Himmelman (aka ...) NOT-FOR-US: PowerPortal CVE-2006-5168 (Cross-site scripting (XSS) vulnerability in the search functionality ...) NOT-FOR-US: Pebble CVE-2005-4813 (Unspecified vulnerability in Report Application Server ...) - TODO: check + NOT-FOR-US: Business Objects Crystal Reports CVE-2003-1306 (Microsoft URLScan 2.5, with the RemoveServerHeader option enabled, ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2006-XXXX [zabbix format string vulnerabilities] - zabbix 1:1.1.2-4 (bug #391388) CVE-2006-XXXX [zabbix buffer overflows] @@ -535,7 +535,14 @@ CVE-2006-4977 (Multiple unrestricted file upload vulnerabilities in (1) ...) NOT-FOR-US: PhpQuiz CVE-2006-4976 (The Date Library in John Lim ADOdb Library for PHP allows remote ...) - TODO: check + libphp-adodb <unfixed> (unimportant) + gallery2 <unfixed> (unimportant) + phppgadmin <unfixed> (unimportant) + egroupware <unfixed> (unimportant) + phpwiki <unfixed> (unimportant) + moodle <unfixed> (unimportant) + NOTE: full path is known in Debian anyway + CVE-2006-4975 (Yahoo! Messenger for WAP permits saving messages that contain ...) NOT-FOR-US: Yahoo! Messenger CVE-2006-4974 (Buffer overflow in Ipswitch WS_FTP Limited Edition (LE) 5.08 allows ...) @@ -3515,7 +3522,9 @@ CVE-2006-3676 (admin/gallery_admin.php in planetGallery before 14.07.2006 allows remote ...) NOT-FOR-US: planetGallery CVE-2006-3675 (Password Safe 2.11, 2.16 and 3.0BETA1 does not respect the ...) - TODO: check + NOT-FOR-US: Password Safe + NOTE: mypasswordsafe and pwsafe might use code from Password Safe, + NOTE: but the problematic functionality is not present CVE-2006-3674 (nNetObject.cpp in Armagetron Advanced 2.8.2 and earlier allows remote ...) - armagetron <unfixed> (bug #379062; low) [sarge] - armagetron <no-dsa> (Minor game DoS)