Secure testing commits - Dec 2006 - r5189 - data/CVE

Author: stef-guest
Date: 2006-12-28 00:10:03 +0100 (Thu, 28 Dec 2006)
New Revision: 5189

Modified:
   data/CVE/list
Log:
- CVE-2006-637[34]: new phpmyadmin issues (low)
- CVE-2006-6698: new gconfd issue (low)
- CVE-2006-6719: new wget issue with insufficient info
- some NFUs


Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-12-27 22:45:01 UTC (rev 5188)
+++ data/CVE/list	2006-12-27 23:10:03 UTC (rev 5189)
@@ -95,7 +95,8 @@
 CVE-2006-6720 (PHP remote file inclusion vulnerability in
admin/index_sitios.php in ...)
 	NOT-FOR-US: Azucar CMS
 CVE-2006-6719 (The ftp_syst function in ftp-basic.c in Free Software Foundation
(FSF) ...)
-	TODO: check
+	- wget <unfixed>
+	TODO: insufficient info, file bug when more info is available
 CVE-2006-6718 (The Allied Telesis AT-9000/24 Ethernet switch has a default
password ...)
 	NOT-FOR-US: Allied Telesis
 CVE-2006-6717 (The Allied Telesis AT-9000/24 Ethernet switch accepts management
...)
@@ -137,7 +138,7 @@
 CVE-2006-6699 (Multiple CRLF injection vulnerabilities in Oracle Portal 9.0.2
and ...)
 	NOT-FOR-US: Oracle Portal
 CVE-2006-6698 (The GConf daemon (gconfd) in GConf 2.14.0 creates temporary
files ...)
-	TODO: check
+	- gconf2 <unfixed> (low; bug #404743)
 CVE-2005-4816 (Buffer overflow in mod_radius in ProFTPD before 1.3.0rc2 allows
remote ...)
 	TODO: check
 CVE-2003-1314 (PHP remote file inclusion vulnerability in admin/auth.php in
...)
@@ -839,9 +840,9 @@
 CVE-2006-6426 (PHP remote file inclusion vulnerability in
design/thinkedit/render.php ...)
 	NOT-FOR-US: ThinkEdit
 CVE-2006-6425 (Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell
...)
-	TODO: check
+	NOT-FOR-US: Novell NetMail
 CVE-2006-6424 (Multiple buffer overflows in Novell NetMail before 3.52e FTF2
allow ...)
-	TODO: check
+	NOT-FOR-US: Novell NetMail
 CVE-2006-6423 (Stack-based buffer overflow in the IMAP service for MailEnable
...)
 	NOT-FOR-US: MailEnable
 CVE-2006-6422 (Agileco AgileBill 1.4.x and AgileVoice 1.4.x do not properly
handle ...)
@@ -943,9 +944,10 @@
 CVE-2006-6375 (Cross-site scripting (XSS) vulnerability in display.php in
Simple ...)
 	NOT-FOR-US: Simple machines Forum
 CVE-2006-6374 (Multiple CRLF injection vulnerabilities in PhpMyAdmin 2.7.0-pl2
allow ...)
-	TODO: check phpmyadmin
+	- phpmyadmin <unfixed> (low; bug filed)
 CVE-2006-6373 (PhpMyAdmin 2.7.0-pl2 allows remote attackers to obtain sensitive
...)
-	TODO: check phpmyadmin
+	- phpmyadmin <unfixed> (unimportant)
+	NOTE: path is known in Debian anyway
 CVE-2006-6372 (Multiple cross-site scripting (XSS) vulnerabilities in
pbguestbook.php ...)
 	NOT-FOR-US: JAB Guest Book
 CVE-2006-6371 (Cross-site scripting (XSS) vulnerability in pbguestbook.php in
JAB ...)