thr3ads.net - Secure testing commits - [Secure-testing-commits] r5114

If this information is useful, please help other people find it:
Share via:
Moritz Muehlenhoff
2006-Dec-13 19:16 UTC
[Secure-testing-commits] r5114 - data/CVE

Author: jmm-guest
Date: 2006-12-13 19:16:07 +0100 (Wed, 13 Dec 2006)
New Revision: 5114

Modified:
   data/CVE/list
Log:
one new unimportant kdegraphics issue
xine-lib fixed
enemies-of-carlotta fixed
many NMUs (please work on open TODOs, now is the right time!)


Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-12-13 08:14:22 UTC (rev 5113)
+++ data/CVE/list	2006-12-13 18:16:07 UTC (rev 5114)
@@ -1,7 +1,7 @@
 CVE-2006-6495 (Stack-based buffer overflow in ld.so.1 in Sun Solaris 8, 9, and
10 ...)
-	TODO: check
+	NOT-FOR-US: Solaris
 CVE-2006-6494 (Directory traversal vulnerability in ld.so.1 in Sun Solaris 8,
9, and ...)
-	TODO: check
+	NOT-FOR-US: Solaris
 CVE-2006-6493 (Buffer overflow in the krbv4_ldap_auth function vin ...)
 	TODO: check
 CVE-2006-6492
@@ -21,19 +21,19 @@
 CVE-2006-6485 (Multiple cross-site scripting (XSS) vulnerabilities in ShopSite
8.1 ...)
 	TODO: check
 CVE-2006-6484 (The IMAP service for MailEnable Professional and Enterprise
Edition ...)
-	TODO: check
+	NOT-FOR-US: MailEnable
 CVE-2006-6483 (Adobe ColdFusion MX7 does not properly filter HTML tags when
...)
-	TODO: check
+	NOT-FOR-US: ColdFusion
 CVE-2006-6482 (Adobe ColdFusion MX7 allows remote attackers to obtain sensitive
...)
-	TODO: check
+	NOT-FOR-US: ColdFusion
 CVE-2006-6481 (Clam AntiVirus (ClamAV) 0.88.6 allows remote attackers to cause
a ...)
-	TODO: check
+	- clamav 0.88.7-1 (low)
 CVE-2006-6480 (admin/admin_membre/fiche_membre.php in AnnonceScriptHP 2.0
allows ...)
-	TODO: check
+	NOT-FOR-US: AnnonceScriptHP
 CVE-2006-6479 (Multiple cross-site scripting (XSS) vulnerabilities in
AnnonceScriptHP ...)
-	TODO: check
+	NOT-FOR-US: AnnonceScriptHP
 CVE-2006-6478 (Multiple SQL injection vulnerabilities in AnnonceScriptHP 2.0
allow ...)
-	TODO: check
+	NOT-FOR-US: AnnonceScriptHP
 CVE-2006-6477
 	RESERVED
 CVE-2006-6476
@@ -143,7 +143,7 @@
 CVE-2006-6424
 	RESERVED
 CVE-2006-6423 (Stack-based buffer overflow in the IMAP service for MailEnable
...)
-	TODO: check
+	NOT-FOR-US: MailEnable
 CVE-2006-6422 (Agileco AgileBill 1.4.x and AgileVoice 1.4.x do not properly
handle ...)
 	TODO: check
 CVE-2006-6421 (Cross-site scripting (XSS) vulnerability in the private message
box ...)
@@ -253,40 +253,39 @@
 CVE-2000-1242 (The HTTP service in American Power Conversion (APC) PowerChute
uses a ...)
 	TODO: check
 CVE-2006-6385 (Stack-based buffer overflow in Intel PRO 10/100, PRO/1000, and
...)
-	- linux-2.6 <not-affected> (Affects only Windows despite other claims)
+	NOT-FOR-US: Affects only Windows despite other claims
 CVE-2006-6368 (PHP remote file inclusion vulnerability in login.php.inc in
awrate 1.0 ...)
 	TODO: check
 CVE-2006-6367 (Multiple SQL injection vulnerabilities in detail.asp in DUware
...)
-	TODO: check
+	NOT-FOR-US: Duware
 CVE-2006-6366 (Cross-site scripting (XSS) vulnerability in ...)
 	TODO: check
 CVE-2006-6365 (SQL injection vulnerability in detail.asp in DUware DUpaypal
3.1, and ...)
-	TODO: check
+	NOT-FOR-US: Duware
 CVE-2006-6364 (Cross-site scripting (XSS) vulnerability in error.php in Inside
...)
 	TODO: check
 CVE-2006-6363 (Cross-site scripting (XSS) vulnerability in admin.pl in
BlueSocket ...)
 	TODO: check
 CVE-2006-6362
 	REJECTED
-	TODO: check
 CVE-2006-6361 (Heap-based buffer overflow in the
uploadprogress_php_rfc1867_file ...)
-	TODO: check
+	NOT-FOR-US: Bitflux Upload Progress Mete
 CVE-2006-6360 (PHP remote file inclusion vulnerability in activate.php in PHP
Upload ...)
-	TODO: check
+	NOT-FOR-US: PHP Upload Center
 CVE-2006-6359 (Cross-site scripting (XSS) vulnerability in Stefan Frech ...)
 	TODO: check
 CVE-2006-6358 (SQL injection vulnerability in the login function in auth.inc in
...)
 	TODO: check
 CVE-2006-6357 (Cross-site scripting (XSS) vulnerability in
templates/cat_temp.php in ...)
-	TODO: check
+	NOT-FOR-US: PHPNews
 CVE-2006-6356 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
-	TODO: check
+	NOT-FOR-US: PHPNews
 CVE-2006-6355 (SQL injection vulnerability in default.asp in DuWare DuClassmate
...)
-	TODO: check
+	NOT-FOR-US: DuWare
 CVE-2006-6354 (Multiple SQL injection vulnerabilities in detail.asp in DuWare
DuNews ...)
-	TODO: check
+	NOT-FOR-US: DuWare
 CVE-2006-6353 (Multiple unspecified vulnerabilities in BOMArchiveHelper in Mac
OS X ...)
-	TODO: check
+	NOT-FOR-US: Mac OS X
 CVE-2006-6352 (FRISK Software F-Prot Antivirus before 4.6.7 allows
user-assisted ...)
 	NOT-FOR-US: F-Prot Antivirus
 CVE-2006-6351 (KhaledMuratList stores sensitive data under the web root with
...)
@@ -312,7 +311,7 @@
 CVE-2006-6341 (Multiple PHP remote file inclusion vulnerabilities in
mg.applanix ...)
 	TODO: check
 CVE-2006-6340 (keystone.exe in nVIDIA nView allows attackers to cause a denial
of ...)
-	TODO: check
+	NOT-FOR-US: nVIDIA nView 
 CVE-2006-6339 (SQL injection vulnerability in sites/index.php in deV!L`z
Clanportal ...)
 	TODO: check
 CVE-2006-6338 (Unrestricted file upload vulnerability in upload/index.php in
deV!L`z ...)
@@ -372,15 +371,15 @@
 CVE-2006-6312
 	RESERVED
 CVE-2006-6311 (Microsoft Internet Explorer 6.0.2900.2180 allows remote
attackers to ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2006-6310 (Microsoft Internet Explorer 6.0 SP1 and earlier allows remote
...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2006-6309 (Multiple array index errors in IBM Tivoli Storage Manager (TSM)
before ...)
-	TODO: check
+	NOT-FOR-US: Tivoli
 CVE-2006-6308 (** DISPUTED ** ...)
-	TODO: check
+	NOT-FOR-US: Symantec LiveState 
 CVE-2006-6307 (srvloc.sys in Novell Client for Windows before 4.91 SP3 allows
remote ...)
-	TODO: check
+	NOT-FOR-US: Novell Netware
 CVE-2006-6306 (Format string vulnerability in Novell Modular Authentication
Services ...)
 	TODO: check
 CVE-2006-6305 (Unspecified vulnerability in Net-SNMP 5.3 before 5.3.0.1, when
...)
@@ -398,7 +397,8 @@
 CVE-2006-6298 (SQL injection vulnerability in uye_giris_islem.asp in Metyus
Okul ...)
 	TODO: check
 CVE-2006-6297 (Stack overflow in the KFILE JPEG (kfile_jpeg) plugin in
kdegraphics 3, ...)
-	TODO: check
+	- kdegraphics <unfixed> (unimportant)
+	NOTE: Generic bug, treating it as a security problem is quite a stretch
 CVE-2006-6296 (The RpcGetPrinterData function in the Print Spooler
(spoolsv.exe) ...)
 	TODO: check
 CVE-2006-6295 (PHP remote file inclusion vulnerability in
includes/mx_common.php in ...)
@@ -665,7 +665,7 @@
 CVE-2006-6173 (Buffer overflow in the shared_region_make_private_np function in
...)
 	NOT-FOR-US: Mac OS X 
 CVE-2006-6172 (Buffer overflow in the asmrp_eval function for Real Media input
plugin ...)
-	- xine-lib <unfixed> (medium; bug #401740)
+	- xine-lib 1.1.2+dfsg-2 (medium; bug #401740)
 	TODO: check usual suspects (ffmpeg, ...)
 CVE-2006-6171 (** DISPUTED ** ...)
 	{DSA-1218}
@@ -1307,8 +1307,9 @@
 	RESERVED
 CVE-2006-5876
 	RESERVED
-CVE-2006-5875
+CVE-2006-5875 [EoC shell command injection]
 	RESERVED
+	- enemies-of-carlotta 1.2.4-1 (medium)
 CVE-2006-5874 (Clam AntiVirus (ClamAV) 0.88 and earlier allows remote attackers
to ...)
 	{DSA-1232-1}
 	- clamav 0.86-1
Secure testing commits - Dec 2006 - r5114 - data/CVE

[Secure-testing-commits] r5114 - data/CVE
