Author: stef-guest
Date: 2006-10-24 19:14:42 +0000 (Tue, 24 Oct 2006)
New Revision: 4877
Modified:
data/CVE/list
Log:
- libpam-ldap fixed
- {graphics,image}magick issue CVEified and fixed
- CVE-2006-5379: nvidia binary driver issue fixed
- CVE-2006-1910: not NFU but already fixed serendipity issue
- new low impact serendipity XSS issue fixed
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-10-24 15:57:41 UTC (rev 4876)
+++ data/CVE/list 2006-10-24 19:14:42 UTC (rev 4877)
@@ -1,3 +1,5 @@
+CVE-2006-XXXX [serendipity XSS for registered authors]
+ - serendipity 1.0.2-1 (low)
CVE-2006-5460 (** DISPUTED ** ...)
TODO: check
CVE-2006-5459 (Multiple PHP remote file inclusion vulnerabilities in
Download-Engine ...)
@@ -7,7 +9,8 @@
CVE-2006-5457 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
TODO: check
CVE-2006-5456 (Multiple buffer overflows in GraphicsMagick before 1.1.7 and
...)
- TODO: check
+ - graphicsmagick 1.1.7-9 (medium)
+ - imagemagick 7:6.2.4.5.dfsg1-0.11 (bug #393025)
CVE-2006-5455 (Cross-site request forgery (CSRF) vulnerability in
editversions.cgi in ...)
TODO: check
CVE-2006-5454 (Bugzilla 2.18.x before 2.18.6, 2.20.x before 2.20.3, 2.22.x
before ...)
@@ -166,7 +169,7 @@
CVE-2006-5380 (** DISPUTED ** ...)
NOT-FOR-US: Contenido CMS
CVE-2006-5379 (The accelerated rendering functionality of NVIDIA Binary
Graphics ...)
- TODO: check
+ - nvidia-graphics-drivers 1.0.8776-1 (bug #393573)
CVE-2006-5378 (Unspecified vulnerability in JD Edwards HTML Server in JD
Edwards ...)
NOT-FOR-US: EnterpriseOne
CVE-2006-5377 (Unspecified vulnerability in PeopleSoft component in Oracle
PeopleSoft ...)
@@ -596,7 +599,7 @@
CVE-2006-5171
RESERVED
CVE-2006-5170 (pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core
3 and ...)
- - libpam-ldap <unfixed> (bug #392984; medium)
+ - libpam-ldap 180-1.2 (bug #392984; medium)
CVE-2006-5169 (Cross-site scripting (XSS) vulnerability in John Himmelman (aka
...)
NOT-FOR-US: PowerPortal
CVE-2006-5168 (Cross-site scripting (XSS) vulnerability in the search
functionality ...)
@@ -802,10 +805,6 @@
NOT-FOR-US: PHP Invoice
CVE-2006-5073 (Unspecified vulnerability in Sun Solaris 8, 9 and 10 allows
remote ...)
NOT-FOR-US: Solaris
-CVE-2006-XXXX [graphicsmagic buffer overflows]
- - graphicsmagick 1.1.7-9 (medium)
- - imagemagick <unfixed> (bug #393025)
- TODO: check for CVE-ids
CVE-2006-5072 (The System.CodeDom.Compiler classes in Novell Mono create
temporary ...)
- mono 1.1.17.1-5
CVE-2006-5071 (Multiple cross-site scripting (XSS) vulnerabilities in eyeOS
before ...)
@@ -8027,7 +8026,7 @@
CVE-2006-1911 (Cross-site scripting (XSS) vulnerability in MyBB
(MyBulletinBoard) 1.1 ...)
NOT-FOR-US: MyBB
CVE-2006-1910 (config.php in S9Y Serendipity 1.0 beta 2 allows remote attackers
to ...)
- NOT-FOR-US: Serendipity
+ - serendipity 1.0-1
CVE-2006-1909 (Directory traversal vulnerability in index.php in Coppermine
1.4.4 ...)
NOT-FOR-US: Coppermine
CVE-2006-1908 (Cross-site scripting vulnerability in addevent.php in myEvent
1.x ...)