Author: jmm-guest
Date: 2006-10-18 19:11:44 +0000 (Wed, 18 Oct 2006)
New Revision: 4859
Modified:
data/CVE/list
Log:
dokiwiki fixed
removed CVEfied dokuwiki issues
plone fixed
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-10-18 09:14:22 UTC (rev 4858)
+++ data/CVE/list 2006-10-18 19:11:44 UTC (rev 4859)
@@ -303,8 +303,9 @@
CVE-2006-5295 (Unspecified vulnerability in ClamAV before 0.88.5 allows remote
...)
- clamav 0.88.5-1 (high; bug #393445)
CVE-2006-5229 (OpenSSH portable 4.1 on SUSE Linux, and possibly other platforms
and ...)
- TODO: check
- NOTE: Not reproducible with standard etch setup
+ NOTE: This issues depends on the stack of selected authentication modules,
while
+ NOTE: some are resilient against such timing attacks, some aren''t
+ NOTE: This is inside responsibility of an admin
CVE-2006-5228 (Multiple SQL injection vulnerabilities in the Google Gadget
login.php ...)
NOT-FOR-US: ackerTodo
CVE-2006-5227 (Cross-site scripting (XSS) vulnerability in admin.php in
TorrentFlux ...)
@@ -583,9 +584,9 @@
CVE-2006-5100 (PHP remote file inclusion vulnerability in parse/parser.php in
...)
NOT-FOR-US: WEB//NEWS (aka webnews)
CVE-2006-5099 (lib/exec/fetch.php in DokuWiki before 2006-03-09e, when ...)
- - dokuwiki <unfixed> (bug #391291; medium)
+ - dokuwiki 0.0.20060309-5.2 (bug #391291; medium)
CVE-2006-5098 (lib/exec/fetch.php in DokuWiki before 2006-03-09e allows remote
...)
- - dokuwiki <unfixed> (bug #391291; medium)
+ - dokuwiki 0.0.20060309-5.2 (bug #391291; medium)
CVE-2006-5097 (** DISPUTED ** ...)
NOT-FOR-US: net2ftp
CVE-2006-5096 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
in ...)
@@ -831,9 +832,10 @@
CVE-2006-4981 (Symantec Sygate NAC allows physically proximate attackers to
bypass ...)
NOT-FOR-US: Symantec
CVE-2006-4980 (Buffer overflow in the repr function in Python 2.3 through 2.6
before ...)
- - python2.4 2.4.3-9
+ - python2.5 2.5-1 (bug #391589)
+ - python2.4 2.4.3-9 (bug #391589)
- python2.3 <unfixed> (bug #393053)
- - python2.5 2.5-1
+ - python2.2 <not-affected> (Compiled without UCS-4 support)
CVE-2006-4979 (Direct static code injection vulnerability in
cfgphpquiz/install.php ...)
NOT-FOR-US: PhpQuiz
CVE-2006-4978 (Multiple SQL injection vulnerabilities in Walter Beschmout
PhpQuiz 1.2 ...)
@@ -1185,7 +1187,7 @@
TODO: check
CVE-2006-4812 (Integer overflow in PHP 5 up to 5.1.6 and 4 before 4.3.0 allows
remote ...)
- php4 <not-affected>
- - php5 <unfixed>
+ - php5 <unfixed> (bug #391586)
CVE-2006-4811
RESERVED
CVE-2006-4810
@@ -2480,7 +2482,7 @@
RESERVED
CVE-2006-4247 (Unspecified vulnerability in the Password Reset Tool before
0.4.1 on ...)
[sarge] - zope-cmfplone <not-affected> (Vulnerable code not present)
- - zope-cmfplone <unfixed>
+ - zope-cmfplone 2.5.1-1
CVE-2006-4246 (Usermin before 1.220 (20060629) allows remote attackers to read
...)
{DSA-1177-1}
- usermin <removed> (bug #374609)
@@ -2563,7 +2565,9 @@
CVE-2006-4209 (PHP remote file inclusion vulnerability in install3.php in
WEBInsta ...)
NOT-FOR-US: WEBInsta Mailing List Manager
CVE-2006-4208 (Directory traversal vulnerability in wp-db-backup.php in Skippy
...)
- - wordpress <unfixed> (low; bug #384800)
+ - wordpress <unfixed> (unimportant; bug #384800)
+ NOTE: Only exploitable by admin users, someone with the privilege to backup
+ NOTE: your data must be trustworthy
CVE-2006-4207 (Multiple PHP remote file inclusion vulnerabilities in Bob Jewell
...)
NOT-FOR-US: Discloser
CVE-2006-4206 (Cross-site scripting (XSS) vulnerability in calendar.asp in ...)
@@ -5411,7 +5415,9 @@
CVE-2006-2942 (TWiki 4.0.0, 4.0.1, and 4.0.2 allows remote attackers to gain
Twiki ...)
- twiki <not-affected> (Debian''s version is old and does not
include affected file)
CVE-2006-2941 (Mailman before 2.1.9rc1 allows remote attackers to cause a
denial of ...)
- - mailman 1:2.1.8-3
+ - mailman <not-affected>
+ NOTE: Mailman uses the system version of the affected Python lib
+ TODO: Check affected Python versions
CVE-2006-2940 (OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier
versions ...)
{DSA-1195-1 DSA-1185-2}
- openssl 0.9.8c-2 (bug #389940)
@@ -5727,10 +5733,6 @@
CVE-2006-2842 (** DISPUTED ** ...)
- squirrelmail 2:1.4.7-1 (unimportant; bug #373731)
NOTE: Only exploitable with register_globals enabled
-CVE-2006-XXXX [XSS vulnerability in dokuwikis''s "Fullname"
and "E-Mail" fields]
- - dokuwiki <unfixed> (medium)
-CVE-2006-XXXX [PHP injection vulnerability in dokuwiki via curly braces]
- - dokuwiki <unfixed> (medium)
CVE-2006-XXXX [webalizer: symlink vulnerability]
- webalizer 2.01.10-29 (bug #359745)
CVE-2006-2805 (SQL injection vulnerability in VBulletin 3.0.10 allows remote
...)
@@ -10175,10 +10177,10 @@
CVE-2006-0988 (The default configuration of the DNS Server service on Windows
Server ...)
NOT-FOR-US: MS Windows issue
CVE-2006-0987 (The default configuration of ISC BIND, when configured as a
caching ...)
- - bind <unfixed> (bug #355787; low)
- [sarge] - bind <no-dsa> (Affected sites can configure AllowRecursion)
- - bind9 <unfixed> (bug #356266; low)
- [sarge] - bind9 <no-dsa> (Affected sites can configure AllowRecursion)
+ - bind <unfixed> (bug #355787; unimportant)
+ - bind9 <unfixed> (bug #356266; unimportant)
+ NOTE: This is within the responsibilities of a local admin, especially when
+ NOTE: operating a DNS server, affected sites can configure AllowRecursion
CVE-2006-0986 (WordPress 2.0.1 and earlier allows remote attackers to obtain
...)
- wordpress 2.0.2-1 (bug #355055; unimportant)
CVE-2006-0985 (Multiple cross-site scripting (XSS) vulnerabilities in the
"post ...)
@@ -12918,8 +12920,6 @@
CVE-2005-4534 (The shadow database feature (syncshadowdb) in Bugzilla 2.9
through ...)
- bugzilla 2.18 (bug #329387; low)
NOTE: The vulnerable script has been removed in the 2.18 upstream release
- [woody] - bugzilla <unfixed> (low)
- [sarge] - bugzilla <unfixed> (low)
CVE-2005-XXXX [Insecure tempfile in libjpeg6b''s exifautotran]
- libjpeg6b 6b-11 (bug #340079; low)
[woody] - libjpeg6b <not-affected> (Does not include exifautotran)