diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2006-03-17 10:55:24 +0000 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2006-03-17 10:55:24 +0000 |
commit | a43882751c3bb5aaf6b1255a74d92819679ca330 (patch) | |
tree | ecc63ee98a5f86c015f00a6172f0483328c5ea1f /data | |
parent | ba82b8e2b1bbc973635658e39b183f87279a72f5 (diff) |
potential new kernel issue
NFUs
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@3635 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/2000.list | 2 | ||||
-rw-r--r-- | data/CVE/2005.list | 5 | ||||
-rw-r--r-- | data/CVE/2006.list | 22 |
3 files changed, 16 insertions, 13 deletions
diff --git a/data/CVE/2000.list b/data/CVE/2000.list index 8fcba951f4..9d3356370b 100644 --- a/data/CVE/2000.list +++ b/data/CVE/2000.list @@ -1,5 +1,5 @@ CVE-2000-1239 (The HTTP interface of Tivoli Lightweight Client Framework (LCF) in IBM ...) - TODO: check + NOT-FOR-US: Tivoli CVE-2000-1238 (BEA Systems WebLogic Express and WebLogic Server 5.1 SP1-SP6 allows ...) NOT-FOR-US: BEA Weblogic CVE-2000-1237 (The POP3 server in FTGate returns an -ERR code after receiving an ...) diff --git a/data/CVE/2005.list b/data/CVE/2005.list index 4c257e3f92..756e34ea62 100644 --- a/data/CVE/2005.list +++ b/data/CVE/2005.list @@ -1,7 +1,7 @@ CVE-2005-XXXX [xsupplicant information leak] - xsupplicant 1.0.1-5 (bug #317703; low) CVE-2005-4731 (The Next action in PEAR HTML_QuickForm_Controller 1.0.4 includes the ...) - TODO: check + NOT-FOR-US: PEAR HTML_QuickForm_Controller CVE-2005-4730 (Unspecified vulnerability in PEAR Text_Password 1.0 has unknown impact ...) TODO: check CVE-2005-4729 (SQL injection vulnerabilitiy in show.php in VBZooM Forum allows remote ...) @@ -130,8 +130,7 @@ CVE-2005-4669 (SQL injection vulnerability in RT Internet Solutions (RTIS) WebAd CVE-2005-4668 (The embedded HSQLDB in ParosProxy before 3.2.7, when running with JDK ...) NOT-FOR-US: ParoxProxy CVE-2005-4667 (Buffer overflow in UnZip 5.50 and earlier allows user-complicit ...) - - unzip 5.52-7 (unimportant; bug #349794) - NOTE: Overflow can only be triggered, not setuid + - unzip 5.52-7 (low; bug #349794) CVE-2005-4666 (Cross-site scripting (XSS) vulnerability in PHlyMail before 3.3 Beta1 ...) NOT-FOR-US: PHlyMail CVE-2005-4665 (Cross-site scripting (XSS) vulnerability in PunBB 1.2.6 and earlier ...) diff --git a/data/CVE/2006.list b/data/CVE/2006.list index 768a95fae4..b6b88dd472 100644 --- a/data/CVE/2006.list +++ b/data/CVE/2006.list @@ -1,29 +1,32 @@ CVE-2006-XXXX [Multiple issues in libcgi-session-perl] - libcgi-session-perl 4.07-1 CVE-2006-1244 (Unspecified vulnerability in certain versions of xpdf after 3.00, as ...) - TODO: check + - xpdf <not-affected> (All issues previously fixed) + NOTE: Discussion has shown that the revamp patch doesn't fix new vulnerabilities CVE-2006-1243 (Directory traversal vulnerability in install05.php in Simple PHP Blog ...) - TODO: check + NOT-FOR-US: Simple PHP Blog CVE-2006-1242 (Certain Linux 2.4 and 2.6 kernels increment the IP ID field after ...) - TODO: check + - linux-2.6 <unfixed> + NOTE: Possibly junk CVE-2006-1241 (Firebird 1.5.2.4731 installs (1) fb_lock_mgr, (2) gds_drop, and (3) ...) - firebird2 <not-affected> (Not setuid in Debian) CVE-2006-1240 (Buffer overflow in inet_server.cpp in (1) fb_inet_server and (2) ...) - firebird2 <not-affected> (Not setuid in Debian) CVE-2006-1239 (Cross-site scripting (XSS) vulnerability in issue/createissue.aspx in ...) - TODO: check + NOT-FOR-US: Gemini CVE-2006-1238 (SQL injection vulnerability in DSLogin 1.0, with magic_quotes_gpc ...) - TODO: check + NOT-FOR-US: DSLogin CVE-2006-1237 (Multiple SQL injection vulnerabilities in DSNewsletter 1.0, with ...) - TODO: check + NOT-FOR-US: DSNewsletter CVE-2006-1236 (Buffer overflow in the SetUp function in socket/request.c in CrossFire ...) - crossfire 1.9.0-2 (medium) CVE-2006-1235 (Directory traversal vulnerability in admin/deleteuser.php in HitHost ...) - TODO: check + NOT-FOR-US: HitHost CVE-2006-1234 (SQL injection vulnerability in index.php in DSCounter 1.2, with ...) - TODO: check + NOT-FOR-US: DSCounter CVE-2006-1233 (Multiple cross-site scripting (XSS) vulnerabilities in WMNews allow ...) - TODO: check + NOT-FOR-US: WMNews +begin claimed by jmm CVE-2006-1232 (Multiple SQL injection vulnerabilities in DSDownload 1.0, with ...) TODO: check CVE-2006-1231 (CAPI4HylaFAX 1.3, when compiled with GENERATE_DEBUGSFFDATAFILE set, ...) @@ -72,6 +75,7 @@ CVE-2006-1211 (IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 configures a MySQL TODO: check CVE-2006-1210 (The web interface for IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 ...) TODO: check +end claimed by jmm CVE-2006-1209 (PHP Advanced Transfer Manager 1.00 through 1.30 stores sensitive ...) TODO: check CVE-2006-1208 (Sergey Korostel PHP Upload Center allows remote attackers to execute ...) |