Author: stef-guest
Date: 2006-12-04 20:49:15 +0100 (Mon, 04 Dec 2006)
New Revision: 5059
Modified:
data/CVE/list
Log:
- new ruby issue fixed
- new squirrelmail not-really-an-issue fixed
- gnupg2 fixed
- dhcp fixed
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-12-04 08:14:14 UTC (rev 5058)
+++ data/CVE/list 2006-12-04 19:49:15 UTC (rev 5059)
@@ -1,3 +1,8 @@
+CVE-2006-XXXX [squirrelmail XSS on MSIE <=5]
+ - squirrelmail 2:1.4.9a-1 (unimportant)
+CVE-2006-XXXX [DoS in ruby cgi.rb]
+ - ruby1.8 1.8.5-4 (low)
+ TODO: check other ruby versions
CVE-2006-6273 (sp_index.php in Simple PHP Gallery 1.1 allows remote attackers
to ...)
TODO: check
CVE-2006-6272 (Cross-site scripting (XSS) vulnerability in sp_index.php in
Simple PHP ...)
@@ -299,7 +304,7 @@
NOTE: NOT-FOR-US (Apple Mac OS X)
CVE-2006-6169 (Heap-based buffer overflow in the ask_outfile_name function in
...)
- gnupg 1.4.5-3 (medium)
- - gnupg2 <unfixed> (medium; bug #400777)
+ - gnupg2 2.0.0-5.1 (medium; bug #400777)
CVE-2006-XXXX [several security issues in phpmyadmin]
- phpmyadmin 4:2.9.1.1-1 (bug #399329)
NOTE: PMASA-2006-7, PMASA-2006-8, PMASA-2006-9
@@ -427,7 +432,7 @@
CVE-2006-6072 (SQL injection vulnerability in bpg/publications_list.asp in ...)
NOT-FOR-US: BPG-InfoTech Easy Publisher
CVE-2006-6071 (TWiki 4.0.5 and earlier, when running under Apache 1.3 using
...)
- - twiki 1:4.0.5-2 (bug #401303)
+ - twiki 1:4.0.5-2 (bug #401303; low)
CVE-2006-6070 (SQL injection vulnerability in
module/account/register/register.asp in ...)
NOT-FOR-US: ASP Nuke
CVE-2006-6069 (index.php in mAlbum 0.3 and earlier allows remote attackers to
obtain ...)
@@ -6980,7 +6985,7 @@
- cfs 1.4.1-17
CVE-2006-3122 (The supersede_lease function in memory.c in ISC DHCP (dhcpd)
server ...)
{DSA-1143-1}
- - dhcp <unfixed> (bug #380273)
+ - dhcp 2.0pl5-19.5 (bug #380273)
CVE-2006-3121 (The peel_netstring function in cl_netstring.c in the heartbeat
...)
{DSA-1151-1}
- heartbeat-2 2.0.6-2