Author: nion Date: 2007-08-30 14:50:14 +0000 (Thu, 30 Aug 2007) New Revision: 6441 Modified: data/CVE/list Log: CVE-2007-3204 and CVE-2007-3192 of jffnms fixed in 0.8.3dfsg.1-4 Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-08-30 14:36:27 UTC (rev 6440) +++ data/CVE/list 2007-08-30 14:50:14 UTC (rev 6441) @@ -3122,7 +3122,9 @@ - php5 <unfixed> (unimportant) NOTE: That''s by design CVE-2007-3204 (SQL injection vulnerability in auth.php in Just For Fun Network ...) - - jffnms <unfixed> (high) + - jffnms 0.8.3dfsg.1-4 (high) + NOTE: 20_security.dpatch is addressing this bug however the maintainer didn''t include + NOTE: a note about the CVE id. NOTE: the fix for CVE-2007-3190 is incomplete (the ''pass'' param can still contain an injection) CVE-2007-3203 (Stack-based buffer overflow in smtpdll.dll in the SMTP service in ...) NOT-FOR-US: 602Pro LAN SUITE @@ -3147,7 +3149,9 @@ CVE-2007-3193 (lib/WikiUser/LDAP.php in PhpWiki before 1.3.13p1, when the ...) - phpwiki <unfixed> (low; bug #429201) CVE-2007-3192 (admin/setup.php in Just For Fun Network Management System (JFFNMS) ...) - - jffnms <unfixed> (medium) + - jffnms 0.8.3dfsg.1-4 (medium) + NOTE: 20_security.dpatch is addressing this bug however the maintainer didn''t include + NOTE: a note about the CVE id. CVE-2007-3191 (Just For Fun Network Management System (JFFNMS) 0.8.3 allows remote ...) - jffnms 0.8.3dfsg.1-4 CVE-2007-3190 (Multiple SQL injection vulnerabilities in auth.php in Just For Fun ...)