Author: stef-guest Date: 2007-02-11 20:56:23 +0100 (Sun, 11 Feb 2007) New Revision: 5437 Modified: data/CVE/list Log: - new Firefox-sage XSS - new php issues - CVE-2007-0175 affects b2evolution (low) Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-02-11 18:53:29 UTC (rev 5436) +++ data/CVE/list 2007-02-11 19:56:23 UTC (rev 5437) @@ -1,3 +1,10 @@ +CVE-2007-XXXX [Firefox-sage XSS] + - firefox-sage <unfixed> + NOTE: http://secunia.com/advisories/24086/ + NOTE: might not affect Debian version because HTML mode is disabled. sf: pinged maintainer +CVE-2007-XXXX [php: multiple issues fixed in php 5.2.1] + - php4 <unfixed> + - php5 <unfixed> (bug filed) CVE-2007-XXXX [ikiwiki allows web user to edit images and other non-page format files in the wiki] - ikiwiki 1.42 CVE-2007-0858 @@ -1433,6 +1440,7 @@ NOTE: libgtop does not contain the affected code. CVE-2007-0234 REJECTED + NOTE: Duplicate of CVE-2007-0243 CVE-2007-0233 (wp-trackback.php in WordPress 2.0.6 and earlier does not properly ...) - wordpress 2.1.0-1 (unimportant) NOTE: This is argubly a php bug, CVE-2006-3017 @@ -1630,7 +1638,7 @@ - gforge 4.5.14-20 (low; bug #406244) [sarge] - gforge <not-affected> (Vulnerable code not present) CVE-2007-0175 (Cross-site scripting (XSS) vulnerability in htsrv/login.php in ...) - - b2evolution <not-affected> + - b2evolution <unfixed> (bug filed; low) CVE-2007-0174 (Multiple stack-based multiple buffer overflows in the BRWOSSRE2UC.dll ...) NOT-FOR-US: Sina UC2006 CVE-2007-0173 (Directory traversal vulnerability in index.php in L2J Statistik Script ...)