Author: jmm-guest Date: 2006-12-13 00:27:34 +0100 (Wed, 13 Dec 2006) New Revision: 5111 Modified: data/CVE/list Log: mutt denyhosts ruby and kfreebsd fixed, ruby CVEfied Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-12-12 08:14:17 UTC (rev 5110) +++ data/CVE/list 2006-12-12 23:27:34 UTC (rev 5111) @@ -358,7 +358,9 @@ CVE-2006-6304 RESERVED CVE-2006-6303 (The read_multipart function in cgi.rb in Ruby before 1.8.5-p2 does not ...) - TODO: check + NOTE: http://www.ruby-lang.org/en/news/2006/12/04/another-dos-vulnerability-in-cgi-library/ + - ruby1.8 1.8.5-4 (low) + TODO: check other ruby versions CVE-2006-6300 (Cross-site scripting (XSS) vulnerability in CuteNews 1.3.6 allows ...) TODO: check CVE-2006-6299 (Integer overflow in Msg.dll in Novell ZENworks 7 Asset Management ...) @@ -416,11 +418,7 @@ CVE-2006-6302 (fail2ban 0.7.4 and earlier does not properly parse sshd logs file, which ...) - fail2ban <not-affected> (looks fixed in 0.6) CVE-2006-6301 (DenyHosts 2.5 does not properly parse sshd logs file, which allows remote ...) - - denyhosts <unfixed> (medium; bug #401795) -CVE-2006-XXXX [DoS in ruby cgi.rb] - NOTE: http://www.ruby-lang.org/en/news/2006/12/04/another-dos-vulnerability-in-cgi-library/ - - ruby1.8 1.8.5-4 (low) - TODO: check other ruby versions + - denyhosts 2.6-1 (medium; bug #401795) CVE-2006-6273 (sp_index.php in Simple PHP Gallery 1.1 allows remote attackers to ...) NOT-FOR-US: Simple PHP Gallery CVE-2006-6272 (Cross-site scripting (XSS) vulnerability in sp_index.php in Simple PHP ...) @@ -984,7 +982,7 @@ CVE-2006-6014 (The NetBSD-current kernel before 20061028 does not properly perform ...) NOT-FOR-US: NetBSD CVE-2006-6013 (Integer signedness error in the fw_ioctl (FW_IOCTL) function in the ...) - - kfreebsd-5 <unfixed> + - kfreebsd-5 5.4-21 [etch] - kfreebsd-5 <no-dsa> (no security support) CVE-2006-6012 (Cross-site scripting (XSS) vulnerability in csm/asp/listings.asp in ...) NOT-FOR-US: Car Site Manager @@ -2537,10 +2535,10 @@ CVE-2006-5299 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) NOT-FOR-US: Gcontact CVE-2006-5298 (The mutt_adv_mktemp function in the Mutt mail client 1.5.12 and ...) - - mutt <unfixed> (bug #396104; low) + - mutt 1.5.13-1.1 (bug #396104; low) [sarge] - mutt <no-dsa> (Minor issue, tmp dirs on NFS cause problems in many scenarios) CVE-2006-5297 (Race condition in the safe_open function in the Mutt mail client ...) - - mutt <unfixed> (bug #396104; low) + - mutt 1.5.13-1.1 (bug #396104; low) [sarge] - mutt <no-dsa> (Minor issue, tmp dirs on NFS cause problems in many scenarios) CVE-2006-5296 (PowerPoint in Microsoft Office 2003 does not properly handle a ...) NOT-FOR-US: Microsoft