Author: jmm-guest
Date: 2007-01-10 21:52:03 +0100 (Wed, 10 Jan 2007)
New Revision: 5235
Modified:
data/CVE/list
Log:
fix xorg source package name
krb5 issues
bugnums
Modified: data/CVE/list
==================================================================---
data/CVE/list 2007-01-10 20:37:50 UTC (rev 5234)
+++ data/CVE/list 2007-01-10 20:52:03 UTC (rev 5235)
@@ -818,7 +818,6 @@
NOT-FOR-US: EternalMart Mailing List Manager (EMLM)
CVE-2006-6749 (Buffer overflow in the parse_expression function in parse_config
in ...)
- openser 1.1.0-8 (medium; bug #404591)
- NOTE: OpenPKG-SA-2006.042
CVE-2006-XXXX [insecure rpath in libflash-mozplugin]
- libflash 0.4.13-9 (low; bug #399508)
[etch] - libflash <no-dsa> (Not exploitable through directory writable
by an unprivileged user)
@@ -1397,7 +1396,7 @@
NOT-FOR-US: ColdFusion
CVE-2006-6481 (Clam AntiVirus (ClamAV) 0.88.6 allows remote attackers to cause
a ...)
{DSA-1238-1}
- - clamav 0.88.7-1 (low)
+ - clamav 0.88.7-1 (low; bug #401874)
CVE-2006-6480 (admin/admin_membre/fiche_membre.php in AnnonceScriptHP 2.0
allows ...)
NOT-FOR-US: AnnonceScriptHP
CVE-2006-6479 (Multiple cross-site scripting (XSS) vulnerabilities in
AnnonceScriptHP ...)
@@ -1549,7 +1548,7 @@
NOT-FOR-US: F-Prot
CVE-2006-6406 (Clam AntiVirus (ClamAV) 0.88.6 allows remote attackers to bypass
virus ...)
{DSA-1238-1}
- - clamav 0.88.7-1 (medium)
+ - clamav 0.88.7-1 (medium; bug #401873)
CVE-2006-6405 (BitDefender Mail Protection for SMB 2.0 allows remote attackers
to ...)
NOT-FOR-US: BitDefender
CVE-2006-6404
@@ -1824,7 +1823,7 @@
CVE-2006-6274 (SQL injection vulnerability in articles.asp in Expinion.net
iNews (1) ...)
NOT-FOR-US: Expinion.net iNews
CVE-2006-6302 (fail2ban 0.7.4 and earlier does not properly parse sshd logs
file, which ...)
- - fail2ban <not-affected> (looks fixed in 0.6)
+ - fail2ban <not-affected> (looks fixed in 0.6, see #401793)
CVE-2006-6301 (DenyHosts 2.5 does not properly parse sshd logs file, which
allows remote ...)
- denyhosts 2.6-1 (medium; bug #401795)
CVE-2006-6273 (sp_index.php in Simple PHP Gallery 1.1 allows remote attackers
to ...)
@@ -2105,9 +2104,10 @@
CVE-2006-6145 (CRYPTOCard CRYPTO-Server before 6.4.56 stores LDAP credentials
in ...)
NOT-FOR-US: CRYPTOCard
CVE-2006-6144 (The "mechglue" abstraction interface of the
GSS-API library for ...)
- TODO: check
+ - krb5 <not-affected> (Only 1.5 onwards are vulnerable)
CVE-2006-6143 (The RPC library in Kerberos 5 1.4 through 1.4.4, and 1.5 through
...)
- krb5 1.4.4-6
+ [sarge] - krb5 <not-affected>
CVE-2006-6142 (Multiple cross-site scripting (XSS) vulnerabilities in
SquirrelMail ...)
{DSA-1241-1}
- squirrelmail 2:1.4.9a-1
@@ -2201,13 +2201,13 @@
CVE-2006-6104 (The System.Web class in the XSP for ASP.NET server 1.1 through
2.0 in ...)
- mono 1.2.2.1-1 (low)
CVE-2006-6103 (Integer overflow in the ProcDbeSwapBuffers function in the DBE
...)
- - xorg 2:1.1.1-15
+ - xorg-server 2:1.1.1-15
[sarge] - xfree86 <unfixed>
CVE-2006-6102 (Integer overflow in the ProcDbeGetVisualInfo function in the DBE
...)
- - xorg 2:1.1.1-15
+ - xorg-server 2:1.1.1-15
[sarge] - xfree86 <unfixed>
CVE-2006-6101 (Integer overflow in the ProcRenderAddGlyphs function in the
Render ...)
- - xorg 2:1.1.1-15
+ - xorg-server 2:1.1.1-15
[sarge] - xfree86 <unfixed>
CVE-2006-6100
RESERVED