Moritz Muehlenhoff
2007-Apr-22 19:52 UTC
[Secure-testing-commits] r5704 - in data: CVE DSA
Author: jmm-guest
Date: 2007-04-22 19:52:09 +0000 (Sun, 22 Apr 2007)
New Revision: 5704
Modified:
data/CVE/list
data/DSA/list
Log:
webcalendar DSA, several issues have been checked by the new maintainer
Modified: data/CVE/list
==================================================================---
data/CVE/list 2007-04-22 18:52:49 UTC (rev 5703)
+++ data/CVE/list 2007-04-22 19:52:09 UTC (rev 5704)
@@ -17803,7 +17803,7 @@
CVE-2006-1538 (The Enova X-Wall ASIC encrypts with a key obtained via Microwire
from ...)
NOT-FOR-US: Enova X-Wall ASIC
CVE-2006-1537 (Craig Knudsen WebCalendar 1.1.0-CVS allows remote attackers to
obtain ...)
- NOT-FOR-US: Craig Knudsen WebCalendar
+ - webcalendar <unfixed> (unimportant)
CVE-2006-1536 (Multiple SQL injection vulnerabilities in Phoetux.net
PhxContacts ...)
NOT-FOR-US: Phoetux.net PhxContacts
CVE-2006-1535 (Cross-site scripting (XSS) vulnerability in login.php in
Phoetux.net ...)
Modified: data/DSA/list
==================================================================---
data/DSA/list 2007-04-22 18:52:49 UTC (rev 5703)
+++ data/DSA/list 2007-04-22 19:52:09 UTC (rev 5704)
@@ -1,3 +1,6 @@
+[22 Apr 2007] DSA-1279-1 webcalendar - missing input sanitising
+ {CVE-2006-6669}
+ [sarge] - webcalendar 0.9.45-4sarge7
[06 Apr 2007] DSA-1278-1 man-db - buffer overflow
{CVE-2006-4250}
[sarge] - man-db 2.4.2-21sarge1
@@ -883,7 +886,7 @@
[sarge] - xpvm 1.2.5-7.3sarge1
NOTE: fixed in testing at the time of DSA (not in testing)
[15 Mar 2006] DSA-1002-1 webcalendar - several
- {CVE-2005-3949 CVE-2005-3961 CVE-2005-3982}
+ {CVE-2005-3949 CVE-2005-3961 CVE-2005-3982 CVE-2005-3984}
[sarge] - webcalendar 0.9.45-4sarge3
NOTE: not fixed in testing at the time of DSA (too young)
[14 Mar 2006] DSA-1001-1 crossfire - buffer overflow