Author: stef-guest
Date: 2006-10-14 20:01:36 +0000 (Sat, 14 Oct 2006)
New Revision: 4852
Modified:
data/CVE/list
Log:
- CVE-2006-2658: new mono-xsp issue already fixed
- bugnums, NFUs
- CVE-2006-4980 is fixed in python2.5
- CVE-2006-4030: gallery2 not-affected
- CVE-2006-3602 is actually CVE-2005-4600
- CVE-2005-4600: moodle already fixed
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-10-14 18:15:34 UTC (rev 4851)
+++ data/CVE/list 2006-10-14 20:01:36 UTC (rev 4852)
@@ -528,8 +528,8 @@
NOT-FOR-US: Symantec
CVE-2006-4980 (Buffer overflow in the repr function in Python 2.3 through 2.6
before ...)
- python2.4 2.4.3-9
- - python2.3 <unfixed>
- TODO: check other pythons
+ - python2.3 <unfixed> (bug #393053)
+ - python2.5 2.5-1
CVE-2006-4979 (Direct static code injection vulnerability in
cfgphpquiz/install.php ...)
NOT-FOR-US: PhpQuiz
CVE-2006-4978 (Multiple SQL injection vulnerabilities in Walter Beschmout
PhpQuiz 1.2 ...)
@@ -2306,7 +2306,7 @@
- gallery2 2.1.2-1
CVE-2006-XXXX [insecure filehandling in mysql_upgrade]
- mysql-dfsg-5.0 5.0.24-1
- TODO: check 4.x
+ Note: mysql_upgrade not in 4.x
CVE-2006-4194 (** DISPUTED ** ...)
NOT-FOR-US: Cisco
CVE-2006-4193 (Microsoft Internet Explorer 6.0 SP1 and possibly other versions
allows ...)
@@ -2659,7 +2659,7 @@
CVE-2006-4030 (Unspecified vulnerability in the stats module in Gallery
1.5.1-RC2 and ...)
{DSA-1148-1}
- gallery 1.5.3-1
- TODO: check gallery2
+ - gallery2 <not-affected> (vulnerable code not present)
CVE-2006-4029 (Stack-based buffer overflow in sipd.dll in AGEphone 1.24 and
1.38.1 ...)
NOT-FOR-US: AGEphone
CVE-2006-4028 (Multiple unspecified vulnerabilities in WordPress before 2.0.4
have ...)
@@ -3679,7 +3679,8 @@
NOT-FOR-US: Softbiz Banner Exchange Script (aka Banner Exchange Network
Script)
CVE-2006-3606 (Unspecified vulnerability in Sun Solaris X Inter Client Exchange
...)
NOTE: Debian has a libice - is it the same one?
- TODO: check
+ NOTE: Not enough information...
+ TODO: maybe check again later
CVE-2006-3605 (Microsoft Internet Explorer 6 allows remote attackers to cause a
...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3604 (Directory traversal vulnerability in FlexWATCH Network Camera
3.0 and ...)
@@ -3687,8 +3688,8 @@
CVE-2006-3603 (Cross-site scripting (XSS) vulnerability in index.php in
FlexWATCH ...)
NOT-FOR-US: FlexWATCH Network Camera
CVE-2006-3602 (Directory traversal vulnerability in ...)
- TODO: check wordpress, moodle
- - knowledgeroot <not-affected> (fixed before first upload; see bug
#381912)
+ NOTE: this is CVE-2005-4600
+ NOT-FOR-US: Farsinews
CVE-2006-3601 (** UNVERIFIABLE ** ...)
NOT-FOR-US: DotNetNuke
CVE-2006-3600 (Multiple stack-based buffer overflows in the LookupTRM::lookup
...)
@@ -5807,8 +5808,7 @@
NOTE: application error
- php5 5.1.6-1 (low)
CVE-2006-2658 (Directory traversal vulnerability in the xsp component in
mod_mono in ...)
- NOTE: maybe this is the same as apache mod_mono?
- TODO: check
+ - xsp 1.1.15-1
CVE-2006-2657
REJECTED
CVE-2006-2655 (The build process for ypserv in FreeBSD 5.3 up to 6.1
accidentally ...)
@@ -6418,7 +6418,7 @@
CVE-2006-2388 (Microsoft Office Excel 2000 through 2004 allows user-assisted
...)
NOT-FOR-US: Microsoft
CVE-2006-2387 (Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003,
2004 ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-2386
RESERVED
CVE-2006-2385 (Unspecified vulnerability in Microsoft Internet Explorer 5.01
SP4 and ...)
@@ -12299,8 +12299,10 @@
CVE-2005-4602 (SQL injection vulnerability in inc/function_upload.php in MyBB
before ...)
NOT-FOR-US: MyBB
CVE-2005-4600 (tiny_mce_gzip.php in TinyMCE Compressor PHP before 1.06 allows
remote ...)
- TODO: check wordpress, moodle
+ TODO: check wordpress
+ NOTE: pinged maintainer
- knowledgeroot <not-affected> (fixed before first upload; see bug
#381912)
+ - moodle <not-affected> (has newer version)
CVE-2005-4599 (Cross-site scripting (XSS) vulnerability in tiny_mce_gzip.php in
...)
TODO: check wordpress, moodle
- knowledgeroot <not-affected> (fixed before first upload; see bug
#381912)