Author: fw
Date: 2006-12-20 23:29:13 +0100 (Wed, 20 Dec 2006)
New Revision: 5153
Modified:
data/CVE/list
data/DSA/list
Log:
critical typo3 issue
fix breakage due to rejected CVE entry
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-12-20 08:14:20 UTC (rev 5152)
+++ data/CVE/list 2006-12-20 22:29:13 UTC (rev 5153)
@@ -18,6 +18,9 @@
RESERVED
CVE-2007-0001
RESERVED
+CVE-2006-XXXX [Typo3 Remote Command Execution via rtehtmlarea extension]
+ - typo3 <unfixed> (high; bug #403906)
+ NOTE:
http://typo3.org/news-single-view/?tx_newsimporter_pi1%5BshowItem%5D=0&cHash=e4a40a11a9
CVE-2006-6659 (The Microsoft Office Outlook Recipient ActiveX control
(ole32.dll) in ...)
TODO: check
CVE-2006-6658 (Inktomi Search 4.1.4 allows remote attackers to obtain sensitive
...)
@@ -1754,7 +1757,8 @@
CVE-2006-5879 (SQL injection vulnerability in default1.asp in ASPPortal 4.0.0
beta ...)
NOT-FOR-US: ASPPortal
CVE-2006-5878 (Cross-site request forgery (CSRF) vulnerability in Edgewall Trac
0.10 ...)
- NOT-FOR-US: Dupe of CVE-2006-5848
+ {DSA-1209}
+ - trac 0.10.1-1 (bug #397683)
CVE-2006-5877
RESERVED
CVE-2006-5876
@@ -1820,8 +1824,6 @@
NOT-FOR-US: IrayoBlog
CVE-2006-5848
REJECTED
- {DSA-1209}
- - trac 0.10.1-1 (bug #397683)
CVE-2006-5847 (Cross-site scripting (XSS) vulnerability in index.php in
FreeWebshop ...)
NOT-FOR-US: FreeWebshop
CVE-2006-5846 (Directory traversal vulnerability in index.php in FreeWebshop
2.2.2 ...)
Modified: data/DSA/list
==================================================================---
data/DSA/list 2006-12-20 08:14:20 UTC (rev 5152)
+++ data/DSA/list 2006-12-20 22:29:13 UTC (rev 5153)
@@ -89,7 +89,7 @@
{CVE-2006-2788 CVE-2006-4340 CVE-2006-4565 CVE-2006-4566 CVE-2006-4568
CVE-2006-4571}
[sarge] - mozilla-firefox 1.0.4-2sarge12
[12 Nov 2006] DSA-1209 trac
- {CVE-2006-5848}
+ {CVE-2006-5878}
[sarge] - trac 0.8.1-3sarge6
[11 Nov 2006] DSA-1208-1 bugzilla
{CVE-2005-4534 CVE-2006-5453}