Secure testing commits - Nov 2006 - r5013 - data/CVE

Author: stef-guest
Date: 2006-11-27 21:47:54 +0100 (Mon, 27 Nov 2006)
New Revision: 5013

Modified:
   data/CVE/list
Log:
- CVE-2006-5823, CVE-2006-6128: new linux issues
- CVE-2006-6122: new tin issue already fixed
- CVE-2006-5869: new pstotext issue already fixed
- some NFUs


Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-11-27 20:15:17 UTC (rev 5012)
+++ data/CVE/list	2006-11-27 20:47:54 UTC (rev 5013)
@@ -1,5 +1,5 @@
 CVE-2006-XXXX [tikiwiki script insertion vulnerability]
-	- tikiwiki 1.9.7+dfsg-1
+	- tikiwiki 1.9.7+dfsg-1 (low)
 CVE-2006-XXXX [several security issues in phpmyadmin]
 	- phpmyadmin 4:2.9.1.1-1 (bug #399329)
 	NOTE: PMASA-2006-7, PMASA-2006-8, PMASA-2006-9
@@ -10,43 +10,43 @@
 CVE-2006-XXXX [arbitrary code execution in metaInfo.php in torrentflux]
 	- torrentflux <unfixed> (bug #400582; medium)
 CVE-2006-6129 (Integer overflow in the fatfile_getarch2 in Apple Mac OS X
allows ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2006-6128 (The ReiserFS functionality in Linux kernel 2.6.18, and possibly
other ...)
-	TODO: check
+	- linux-2.6 <unfixed> (low)
 CVE-2006-6127 (Apple Mac OS X kernel allows local users to cause a denial of
service ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2006-6126 (Apple Mac OS X allows local users to cause a denial of service
(memory ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2006-6125 (Heap-based buffer overflow in the wireless driver (WG311ND5.SYS)
...)
-	TODO: check
+	NOT-FOR-US: NetGear
 CVE-2006-6124 (Cross-site scripting (XSS) vulnerability in SeleniumServer Web
Server ...)
-	TODO: check
+	NOT-FOR-US: SeleniumServer Web Server
 CVE-2006-6123 (Coppermine Photo Gallery (CPG) 1.4.8 stable, with
register_globals ...)
-	TODO: check
+	NOT-FOR-US: Coppermine Photo Gallery (CPG)
 CVE-2006-6122 (Multiple buffer overflows in TIN before 1.8.2 have unspecified
impact ...)
-	TODO: check
+	- tin 1:1.8.2-1
 CVE-2006-6121 (Acer Notebook LunchApp.APlunch ActiveX control allows remote
attackers ...)
-	TODO: check
+	NOT-FOR-US: Acer
 CVE-2006-6120
 	RESERVED
 CVE-2006-6119 (mmgallery 1.55 allows remote attackers to obtain sensitive
information ...)
-	TODO: check
+	NOT-FOR-US: mmgallery
 CVE-2006-6118 (Cross-site scripting (XSS) vulnerability in thumbs.php in
mmgallery ...)
-	TODO: check
+	NOT-FOR-US: mmgallery
 CVE-2006-6117 (SQL injection vulnerability in index1.asp in fipsGallery 1.5 and
...)
-	TODO: check
+	NOT-FOR-US: fipsGallery
 CVE-2006-6116 (SQL injection vulnerability in default2.asp in fipsForum 2.6 and
...)
-	TODO: check
+	NOT-FOR-US: fipsForum
 CVE-2006-6115 (SQL injection vulnerability in index.asp in fipsCMS 4.5 and
earlier ...)
-	TODO: check
+	NOT-FOR-US: fipsCMS
 CVE-2006-6114 (Buffer overflow in NWSPOOL.DLL in Novell Client 4.91 Post-SP3
for ...)
-	TODO: check
+	NOT-FOR-US: Novell
 CVE-2006-6113
 	RESERVED
 CVE-2006-6112
 	RESERVED
 CVE-2006-6111 (Multiple SQL injection vulnerabilities in Alan Ward A-Cart Pro
2.0 ...)
-	TODO: check
+	NOT-FOR-US: Alan Ward A-Cart Pro
 CVE-2006-6110 (Multiple SQL injection vulnerabilities in an unspecified
BPG-InfoTech ...)
 	TODO: check
 CVE-2006-6109 (Multiple SQL injection vulnerabilities in CandyPress Store
3.5.2.14 ...)
@@ -548,7 +548,7 @@
 CVE-2006-5870
 	RESERVED
 CVE-2006-5869 (pstotext before 1.9 allows user-assisted attackers to execute
...)
-	TODO: check
+	- pstotext 1.9-4
 CVE-2006-5868 (Multiple buffer overflows in Imagemagick 6.0 before 6.0.6.2, and
6.2 ...)
 	{DSA-1213}
 	- imagemagick 7:6.2.4.5.dfsg1-0.11
@@ -640,7 +640,7 @@
 CVE-2006-5824 (Integer overflow in the ffs_rdextattr function in FreeBSD 6.1
allows ...)
 	TODO: check
 CVE-2006-5823 (The zlib_inflate function in Linux kernel 2.6.x allows local
users to ...)
-	TODO: check
+	- linux-2.6 <unfixed>
 CVE-2006-5822
 	RESERVED
 CVE-2006-5821 (Heap-based buffer overflow in the IMA_SECURE_DecryptData1
function in ...)