Author: jmm-guest
Date: 2006-12-09 00:37:24 +0100 (Sat, 09 Dec 2006)
New Revision: 5091
Modified:
data/CVE/list
Log:
new severe madwifi issue (thank god we''re not Ubuntu having such crap
in the default kernel)
new 2.6.19-only kernel issue
new issues in fail2ban and denyhosts
new evince issue
bugnums
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-12-08 20:14:15 UTC (rev 5090)
+++ data/CVE/list 2006-12-08 23:37:24 UTC (rev 5091)
@@ -69,9 +69,11 @@
CVE-2006-6334
RESERVED
CVE-2006-6333 (The tr_rx function in ibmtr.c for Linux kernel 2.6.19 assigns
the ...)
- TODO: check
-CVE-2006-6332
+ - linux-2.6 <unfixed>
+ [etch] - linux-2.6 <not-affected> (Only affects 2.6.19, introduced after
2.6.18)
+CVE-2006-6332 [madwifi code injection]
RESERVED
+ - madwifi 1:0.9.2+r1842.20061207-1 (high)
CVE-2006-6331 (metaInfo.php in TorrentFlux 2.2, when
$cfg["enable_file_priority"] is ...)
TODO: check
CVE-2006-6330 (index.php for TorrentFlux 2.2 allows remote registered users to
...)
@@ -185,9 +187,9 @@
CVE-2006-6274 (SQL injection vulnerability in articles.asp in Expinion.net
iNews (1) ...)
TODO: check
CVE-2006-6302 (fail2ban 0.7.4 and earlier does not properly parse sshd logs
file, which ...)
- - fail2ban <unfixed> (medium; bug filed)
+ - fail2ban <unfixed> (medium; bug #401793)
CVE-2006-6301 (DenyHosts 2.5 does not properly parse sshd logs file, which
allows remote ...)
- - denyhosts <unfixed> (medium; bug filed)
+ - denyhosts <unfixed> (medium; bug #401795)
CVE-2006-5873 [l2tpns Heartbeat Packets Buffer Overflow Vulnerability]
RESERVED
NOTE: http://secunia.com/advisories/23230/
@@ -404,10 +406,10 @@
CVE-2006-6176 (Cross-site scripting (XSS) vulnerability in admin.php in Blogn
before ...)
NOT-FOR-US: Blogn
CVE-2006-6175 (Directory traversal vulnerability in lib/FBView.php in Horde
Kronolith ...)
- - kronolith2 2.1.4-1 (bug #400899)
+ - kronolith2 2.1.4-1 (bug #400899; bug #401061)
TODO: check kronolith 1.x
CVE-2006-6174 (Cross-site scripting (XSS) vulnerability in tDiary before 2.0.3
and ...)
- - tdiary 2.1.4-5 (bug #400447)
+ - tdiary 2.1.4-5 (bug #400447; bug #400650)
CVE-2006-6173 (Buffer overflow in the shared_region_make_private_np function in
...)
NOT-FOR-US: Mac OS X
CVE-2006-6172 (Buffer overflow in the asmrp_eval function for Real Media input
plugin ...)
@@ -800,7 +802,7 @@
CVE-2006-5990 (VMWare VirtualCenter client 2.x before 2.0.1 Patch 1 (Build
33643) and ...)
NOT-FOR-US: VMWare
CVE-2006-5989 (Off-by-one error in the der_get_oid function in mod_auth_kerb
5.0 ...)
- - libapache-mod-auth-kerb 5.3-1 (low)
+ - libapache-mod-auth-kerb 5.3-1 (low; bug #400589)
CVE-2006-5988 (Unspecified vulnerability in Windows 2000 Advanced Server SP4
running ...)
NOT-FOR-US: Windows
CVE-2006-5987 (SQL injection vulnerability in default.asp in ASPintranet,
possibly ...)
@@ -905,7 +907,7 @@
CVE-2006-5942 (Cross-site scripting (XSS) vulnerability in ...)
NOT-FOR-US: Less Inventory Manager
CVE-2006-5941 (snmpd in (1) the SUNWsmagt package in Solaris 10 before 20061122
and ...)
- NOT-FOR-US: Solaris
+ NOT-FOR-US: Solaris, see #400557
CVE-2006-5940 (Unspecified vulnerability in Grisoft AVG Anti-Virus before
7.1.407 has ...)
NOT-FOR-US: Grisoft AVG Anti-Virus
CVE-2006-5939 (Grisoft AVG Anti-Virus before 7.1.407 allows remote attackers to
cause ...)
@@ -940,7 +942,7 @@
{DSA-1228-1 DSA-1226-1}
- links 0.99+1.00pre12-1.1 (medium; bug #399188)
- elinks 0.11.1-1.2 (medium; bug #399187)
- - links2 2.1pre25-2
+ - links2 2.1pre25-2 (medium; bug #400718)
CVE-2006-5924 (Cross-site scripting (XSS) vulnerability in index.php in
Efficient IP ...)
NOT-FOR-US: Efficient IP iPmanager (IPm)
CVE-2006-5923 (PHP remote file inclusion vulnerability in index.php in Chris
Mac ...)
@@ -1163,6 +1165,7 @@
CVE-2006-5864 (Stack-based buffer overflow in the ps_gettext function in ps.c
for GNU ...)
{DSA-1214}
- gv 1:3.6.2-2 (medium; bug #398292)
+ - evince 0.4.0-3 (medium; bug #400904)
CVE-2006-5818 (Multiple buffer overflows in tunekrnl in IBM Lotus Domino 6.x
before ...)
NOT-FOR-US: Lotus Domino
CVE-2006-5817 (prl_dhcpd in Parallels Desktop for Mac Build 1940 uses insecure
...)
@@ -2687,7 +2690,7 @@
NOTE: Only path disclosure
CVE-2006-5116 (Multiple cross-site request forgery (CSRF) vulnerabilities in
...)
{DSA-1207-1}
- - phpmyadmin 4:2.9.0.2-0.1 (bug #391090; low)
+ - phpmyadmin 4:2.9.0.2-0.1 (bug #391090; bug #400553; low)
[sarge] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2006-5115 (Directory traversal vulnerability in kgcall.php in KGB 1.87
allows ...)
NOT-FOR-US: KGB
@@ -4638,7 +4641,7 @@
- man-db 2.4.3-5
CVE-2006-4249 [plone group creation privilege escalation]
RESERVED
- - zope-cmfplone <unfixed>
+ - zope-cmfplone <unfixed> (bug #401796)
[sarge] - zope-cmfplone <not-affected> (Vulnerable code not present)
CVE-2006-4248 (thttpd on Debian GNU/Linux, and possibly other distributions,
allows ...)
{DSA-1205-1}