[Secure-testing-commits] r4138 - data/CVE
Author: djoume-guest Date: 2006-06-05 09:04:37 + (Mon, 05 Jun 2006) New Revision: 4138 Modified: data/CVE/list Log: Mozilla cleanup Modified: data/CVE/list === --- data/CVE/list 2006-06-04 12:15:56 UTC (rev 4137) +++ data/CVE/list 2006-06-05 09:04:37 UTC (rev 4138) @@ -4302,7 +4302,8 @@ CVE-2006-0837 (IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 has world-readable ...) NOT-FOR-US: Tivoli CVE-2006-0836 (Mozilla Thunderbird 1.5 allows user-complicit attackers to cause an ...) - - mozilla-thunderbird unfixed + - thunderbird unfixed (bug filed; low) + [sarge] - mozilla-thunderbird unfixed (bug filed; low) CVE-2006-0835 (SQL injection vulnerability in dropbase.php in MitriDAT Web Calendar ...) NOT-FOR-US: MitriDAT Web Calendar CVE-2006-0834 (Uniden UIP1868P VoIP Telephone and Router has a default password of ...) @@ -5637,27 +5638,27 @@ - dpkg not-affected (has completely different tar implementation) [woody] - tar not-affected CVE-2006-0299 (The E4X implementation in Mozilla Firefox before 1.5.0.1, Thunderbird ...) - - mozilla-firefox not-affected (Only Firefox 1.5 is affected) + [sarge] - mozilla-firefox not-affected (Only Firefox 1.5 is affected) - mozilla not-affected (E4X not implemented in Mozilla 1.7) - firefox 1.5.dfsg+1.5.0.1-1 (bug #351442) - - mozilla-thunderbird unfixed + [sarge] - mozilla-thunderbird not-affected (Only 1.5 is affected) - thunderbird 1.5.0.2-1 CVE-2006-0298 (The XML parser in Mozilla Firefox before 1.5.0.1 and SeaMonkey before ...) - - mozilla-firefox not-affected (Only Firefox 1.5 is affected) + [sarge] - mozilla-firefox not-affected (Only Firefox 1.5 is affected) - mozilla not-affected (Mozilla 1.7 is not affected) - firefox 1.5.dfsg+1.5.0.1-1 (bug #351442) - - mozilla-thunderbird unfixed + [sarge] - mozilla-thunderbird not-affected (Only 1.5 is affected) - thunderbird 1.5.0.2-1 CVE-2006-0297 (Multiple integer overflows in Mozilla Firefox 1.5, Thunderbird 1.5 if ...) - - mozilla-firefox not-affected (Only Firefox 1.5 is affected) + [sarge] - mozilla-firefox not-affected (Only Firefox 1.5 is affected) - mozilla not-affected (Mozilla 1.7 is not affected) - firefox 1.5.dfsg+1.5.0.1-1 (bug #351442) - - mozilla-thunderbird unfixed + [sarge] - mozilla-thunderbird not-affected (Only 1.5 is affected) - thunderbird 1.5.0.2-1 - xulrunner 1.8.0.1-9 CVE-2006-0296 (The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, ...) {DSA-1051-1} - - mozilla-firefox not-affected (Only Firefox 1.5 is affected) + [sarge] - mozilla-firefox not-affected (Only Firefox 1.5 is affected) - firefox 1.5.dfsg+1.5.0.1-1 (bug #351442) [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 - mozilla not-affected (Mozilla 1.7 is not affected) @@ -5665,24 +5666,23 @@ CVE-2006-0295 (Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, ...) - firefox 1.5.dfsg+1.5.0.1-1 (bug #351442) [sarge] - mozilla-firefox not-affected - - mozilla-firefox 1.5.dfsg+1.5.0.1-1 (bug #351442) - - mozilla-thunderbird unfixed + [sarge] - mozilla-thunderbird not-affected (Only 1.5 is affected) - thunderbird 1.5.0.2-1 CVE-2006-0294 (Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript ...) - firefox 1.5.dfsg+1.5.0.1-1 (bug #351442) - - mozilla-firefox not-affected (Only Firefox 1.5 is affected) - - mozilla not-affected (Mozilla 1.7 is not affected) + [sarge] - mozilla-firefox not-affected (Only Firefox 1.5 is affected) + [sarge] - mozilla-thunderbird not-affected (Only 1.5 is affected) - mozilla-thunderbird unfixed - thunderbird 1.5.0.2-1 CVE-2006-0293 (The function allocation code (js_NewFunction in jsfun.c) in Firefox ...) {DSA-1051-1 DSA-1046-1} - firefox 1.5.dfsg+1.5.0.1-1 (bug #351442) - - mozilla-firefox not-affected (Only Firefox 1.5 is affected) + [sarge] - mozilla-firefox not-affected (Only Firefox 1.5 is affected) [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 CVE-2006-0292 (The Javascript interpreter (jsinterp.c) in Mozilla and Firefox before ...) {DSA-1051-1 DSA-1046-1 DSA-1044-1} - firefox 1.5.dfsg+1.5.0.1-1 (bug #351442) - - mozilla-firefox 1.5.dfsg+1.5.0.1-1 (bug #351442) + [sarge] - mozilla-firefox 1.0.4-2sarge6 [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 - thunderbird 1.5.0.2-1 CVE-2006-0291 (Multiple unspecified vulnerabilities in Oracle Database Server ...) @@ -9649,7 +9649,8 @@ CVE-2005-3403 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.1 ...) NOT-FOR-US: ATutor CVE-2005-3402 (The SMTP client in Mozilla Thunderbird 1.0.5
[Secure-testing-commits] r4139 - data/CVE
Author: joeyh Date: 2006-06-05 09:14:50 + (Mon, 05 Jun 2006) New Revision: 4139 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2006-06-05 09:04:37 UTC (rev 4138) +++ data/CVE/list 2006-06-05 09:14:50 UTC (rev 4139) @@ -1,3 +1,323 @@ +CVE-2006-2805 (SQL injection vulnerability in VBulletin 3.0.10 allows remote ...) + TODO: check +CVE-2006-2804 (Cross-site scripting (XSS) vulnerability in index.cfm in Goss iCM 7.0 ...) + TODO: check +CVE-2006-2803 (Multiple cross-site scripting (XSS) vulnerabilities in PHP ManualMaker ...) + TODO: check +CVE-2006-2802 (Buffer overflow in the HTTP Plugin (xineplug_inp_http.so) for xine-lib ...) + TODO: check +CVE-2006-2801 (Multiple SQL injection vulnerabilities in Unak CMS 1.5 RC2 and earlier ...) + TODO: check +CVE-2006-2800 (Multiple cross-site scripting (XSS) vulnerabilities in Unak CMS 1.5 ...) + TODO: check +CVE-2006-2799 (Cross-site scripting (XSS) vulnerability in content_footer.php in ...) + TODO: check +CVE-2006-2798 (Multiple cross-site scripting (XSS) vulnerabilities in ...) + TODO: check +CVE-2006-2797 (Multiple SQL injection vulnerabilities in phpCommunityCalendar 4.0.3 ...) + TODO: check +CVE-2006-2796 (Cross-site scripting (XSS) vulnerability in gallery.php in Captivate ...) + TODO: check +CVE-2006-2795 (Multiple cross-site scripting (XSS) vulnerabilities in XiTi Tracking ...) + TODO: check +CVE-2006-2794 (Hesabim.asp in ASPSitem 2.0 and earlier allows remote attackers to ...) + TODO: check +CVE-2006-2793 (SQL injection vulnerability in Anket.asp in ASPSitem 2.0 and earlier ...) + TODO: check +CVE-2006-2792 (SQL injection vulnerability in misc.php in Woltlab Burning Board (WBB) ...) + TODO: check +CVE-2006-2791 (Directory traversal vulnerability in index.php in iBoutique.MALL and ...) + TODO: check +CVE-2006-2790 (A package component in Sun Storage Automated Diagnostic Environment ...) + TODO: check +CVE-2006-2789 (Evolution 2.2.x and 2.3.x in GNOME 2.7 and 2.8, when quot;load images if ...) + TODO: check +CVE-2006-2788 (Double-free vulnerability in the getRawDER function for nsIX509Cert in ...) + TODO: check +CVE-2006-2787 (EvalInSandbox in Mozilla Firefox and Thunderbird before 1.5.0.4 allows ...) + TODO: check +CVE-2006-2786 (HTTP response smuggling vulnerability in Mozilla Firefox and ...) + TODO: check +CVE-2006-2785 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox before ...) + TODO: check +CVE-2006-2784 (The PLUGINSPAGE functionality in Mozilla Firefox before 1.5.0.4 allows ...) + TODO: check +CVE-2006-2783 (Mozilla Firefox and Thunderbird before 1.5.0.4 strips the Unicode ...) + TODO: check +CVE-2006-2782 (Firefox 1.5.0.2 does not fix all test cases associated with ...) + TODO: check +CVE-2006-2781 (Double-free vulnerability in Mozilla Thunderbird before 1.5.0.4 and ...) + TODO: check +CVE-2006-2780 (Integer overflow in Mozilla Firefox and Thunderbird before 1.5.0.4 ...) + TODO: check +CVE-2006-2779 (Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers ...) + TODO: check +CVE-2006-2778 (The crypto.signText function in Mozilla Firefox and Thunderbird before ...) + TODO: check +CVE-2006-2777 (Unspecified vulnerability in Mozilla Firefox before 1.5.0.4 and ...) + TODO: check +CVE-2006-2776 (Certain privileged UI code in Mozilla Firefox and Thunderbird before ...) + TODO: check +CVE-2006-2775 (Mozilla Firefox and Thunderbird before 1.5.0.4 associates XUL ...) + TODO: check +CVE-2006-2774 (Cross-site scripting (XSS) vulnerability in search.php in QontentOne ...) + TODO: check +CVE-2006-2773 (admin/redigera/redigera2.asp in Hogstorps hogstorp Guestbook 2.0 does ...) + TODO: check +CVE-2006-2772 (Cross-site scripting (XSS) vulnerability in add.asp in Hogstorps ...) + TODO: check +CVE-2006-2771 (admin/radera/tabort.asp in Hogstorps hogstorp guestbook 2.0 does not ...) + TODO: check +CVE-2006-2770 (Directory traversal vulnerability in randompic.php in pppBLOG 0.3.8 ...) + TODO: check +CVE-2006-2769 (The HTTP Inspect preprocessor in Snort 2.4.0 through 2.4.4 allows ...) + TODO: check +CVE-2006-2768 (PHP remote file inclusion vulnerability in METAjour 2.1, when ...) + TODO: check +CVE-2006-2767 (PHP remote file inclusion vulnerability in Ottomanpath 1.1.2, when ...) + TODO: check +CVE-2006-2766 (Buffer overflow in INETCOMM.DLL, as used in Microsoft Internet ...) + TODO: check +CVE-2006-2765 (Cross-site scripting (XSS) vulnerability in news_information.php in ...) + TODO: check +CVE-2006-2764 (Cross-site scripting (XSS) vulnerability in GuestbookXL 1.3 allows ...) + TODO: check +CVE-2006-2763 (SQL injection vulnerability
[Secure-testing-commits] Processing r4139 failed
The error message was: data/CVE/list:671: rejected CVE entries must not have notes make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r4140 - data/CVE
Author: djoume-guest Date: 2006-06-05 09:40:25 + (Mon, 05 Jun 2006) New Revision: 4140 Modified: data/CVE/list Log: mysql-dfsg removed from sid Modified: data/CVE/list === --- data/CVE/list 2006-06-05 09:14:50 UTC (rev 4139) +++ data/CVE/list 2006-06-05 09:40:25 UTC (rev 4140) @@ -3071,19 +3071,19 @@ {DSA-1079-1 DSA-1073-1 DSA-1071-1} - mysql-dfsg-5.0 5.0.21-1 (bug #365939; medium) - mysql-dfsg-4.1 unfixed (bug #365939; medium) - - mysql-dfsg unfixed (bug #365939; medium) + - mysql-dfsg removed (bug #365939; bug#356751; medium) - mysql unfixed (bug #365939; medium) CVE-2006-1517 (sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and ...) {DSA-1079-1 DSA-1073-1 DSA-1071-1} - mysql-dfsg-5.0 5.0.21-1 (bug #365939; low) - mysql-dfsg-4.1 unfixed (bug #365939; low) - - mysql-dfsg unfixed (bug #365939; low) + - mysql-dfsg removed (bug #365939; bug#356751; low) - mysql unfixed (bug #365939; low) CVE-2006-1516 (The check_connection function in sql_parse.cc in MySQL 4.0.x up to ...) {DSA-1079-1 DSA-1073-1 DSA-1071-1} - mysql-dfsg-5.0 5.0.21-1 (bug #365939; low) - mysql-dfsg-4.1 unfixed (bug #365939; low) - - mysql-dfsg unfixed (bug #365939; low) + - mysql-dfsg removed (bug #365939; bug#356751; low) - mysql unfixed (bug #365939; low) CVE-2006-1515 (Buffer overflow in the addnewword function in typespeed 0.4.4 and ...) {DSA-1084-1} ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] Processing r4140 failed
The error message was: data/CVE/list:671: rejected CVE entries must not have notes make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r4141 - data/CVE
Author: djoume-guest Date: 2006-06-05 09:44:49 + (Mon, 05 Jun 2006) New Revision: 4141 Modified: data/CVE/list Log: mysql-dfsg removed from sid Modified: data/CVE/list === --- data/CVE/list 2006-06-05 09:40:25 UTC (rev 4140) +++ data/CVE/list 2006-06-05 09:44:49 UTC (rev 4141) @@ -329,7 +329,7 @@ CVE-2006- [drupal: Execution of arbitrary files in certain Apache configurations] - drupal unfixed (bug #368835; medium) CVE-2006- [mysql SQL-injection with multibyte encoding] - - mysql-dfsg unfixed (bug #369741; medium) + - mysql-dfsg removed (bug #369741; bug #356751; medium) - mysql unfixed (bug #369754; medium) - mysql-dfsg-5.0 unfixed (bug #369735; medium) - mysql-dfsg-4.1 unfixed (medium) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] Processing r4141 failed
The error message was: data/CVE/list:671: rejected CVE entries must not have notes make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r4142 - data/CVE
Author: djoume-guest Date: 2006-06-05 09:50:30 + (Mon, 05 Jun 2006) New Revision: 4142 Modified: data/CVE/list Log: CVE-2006-2493 rejected Modified: data/CVE/list === --- data/CVE/list 2006-06-05 09:44:49 UTC (rev 4141) +++ data/CVE/list 2006-06-05 09:50:30 UTC (rev 4142) @@ -670,7 +670,6 @@ NOT-FOR-US: IntelliTampe CVE-2006-2493 REJECTED - - freetype 2.2.1-1 CVE-2005-1755 (PHP remote code injection vulnerability in poll_vote.php in PHP Poll ...) NOT-FOR-US: PHP Poll Creator CVE-2005-1754 (JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] Processing r4142 failed
The error message was: error: unknown package note 'bug#356751' make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r4143 - data/CVE
Author: djoume-guest Date: 2006-06-05 09:53:50 + (Mon, 05 Jun 2006) New Revision: 4143 Modified: data/CVE/list Log: thunderbird bug number Modified: data/CVE/list === --- data/CVE/list 2006-06-05 09:50:30 UTC (rev 4142) +++ data/CVE/list 2006-06-05 09:53:50 UTC (rev 4143) @@ -4621,8 +4621,8 @@ CVE-2006-0837 (IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 has world-readable ...) NOT-FOR-US: Tivoli CVE-2006-0836 (Mozilla Thunderbird 1.5 allows user-complicit attackers to cause an ...) - - thunderbird unfixed (bug filed; low) - [sarge] - mozilla-thunderbird unfixed (bug filed; low) + - thunderbird unfixed (bug #370432; low) + [sarge] - mozilla-thunderbird unfixed (bug #370432; low) CVE-2006-0835 (SQL injection vulnerability in dropbase.php in MitriDAT Web Calendar ...) NOT-FOR-US: MitriDAT Web Calendar CVE-2006-0834 (Uniden UIP1868P VoIP Telephone and Router has a default password of ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] Processing r4143 failed
The error message was: error: unknown package note 'bug#356751' make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r4145 - data/CVE
Author: micah Date: 2006-06-05 11:39:47 + (Mon, 05 Jun 2006) New Revision: 4145 Modified: data/CVE/list Log: Adjusted debian package number for gdm (CVE-2006-1057) Modified: data/CVE/list === --- data/CVE/list 2006-06-05 09:56:43 UTC (rev 4144) +++ data/CVE/list 2006-06-05 11:39:47 UTC (rev 4145) @@ -4127,7 +4127,7 @@ - busybox unfixed (low; bug #360578) CVE-2006-1057 (Race condition in daemon/slave.c in gdm before 2.14.1 allows local ...) {DSA-1040-1} - - gdm 2.14.1-1 + - gdm 2.14.4-1 CVE-2006-1056 (The Linux kernel before 2.6.16.9 and the FreeBSD kernel, when running ...) - linux-2.6 2.6.16-9 - kfreebsd-source-5.4 5.4-17 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r4146 - data/CVE
Author: fw Date: 2006-06-05 12:18:59 + (Mon, 05 Jun 2006) New Revision: 4146 Modified: data/CVE/list Log: dokuwiki issues Modified: data/CVE/list === --- data/CVE/list 2006-06-05 11:39:47 UTC (rev 4145) +++ data/CVE/list 2006-06-05 12:18:59 UTC (rev 4146) @@ -1,3 +1,7 @@ +CVE-2006- [XSS vulnerability in dokuwikis's Fullname and E-Mail fields] + - dokuwiki unfixed (medium) +CVE-2006- [PHP injection vulnerability in dokuwiki via curly braces] + - dokuwiki unfixed (medium) CVE-2006-2805 (SQL injection vulnerability in VBulletin 3.0.10 allows remote ...) TODO: check CVE-2006-2804 (Cross-site scripting (XSS) vulnerability in index.cfm in Goss iCM 7.0 ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r4149 - /
Author: fw Date: 2006-06-05 15:10:05 + (Mon, 05 Jun 2006) New Revision: 4149 Modified: Makefile Log: * Makefile: Include amd64 data for etch and its successors. Modified: Makefile === --- Makefile2006-06-05 12:43:43 UTC (rev 4148) +++ Makefile2006-06-05 15:10:05 UTC (rev 4149) @@ -8,7 +8,7 @@ # MIRROR = http://merkel.debian.org/~aba/debian/ MIRROR = http://ftp-stud.fht-esslingen.de/debian/ SARGE_ARCHS = alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc -ETCH_ARCHS = $(SARGE_ARCHS) +ETCH_ARCHS = $(SARGE_ARCHS) amd64 all: rm -f data/security-new.db data/security-new.db.journal ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r4150 - data/CVE
Author: micah Date: 2006-06-05 22:21:37 + (Mon, 05 Jun 2006) New Revision: 4150 Modified: data/CVE/list Log: Re-contacting mitre about duplicate backup manager CVEs, no response yet Modified: data/CVE/list === --- data/CVE/list 2006-06-05 15:10:05 UTC (rev 4149) +++ data/CVE/list 2006-06-05 22:21:37 UTC (rev 4150) @@ -14233,9 +14233,11 @@ CVE-2005-2212 (Backup Manager 0.5.8a creates an archive repository with world ...) NOTE: duplicate of CVE-2005-1856 NOTE: Mitre contacted - micah April 20, 2006 + NOTE: Mitre re-contacted - micah June 5, 2006 CVE-2005-2211 (Backup Manager 0.5.8a creates temporary files insecurely, which allows ...) NOTE: duplicate of CVE-2005-1855 NOTE: Mitre contacted - micah April 20, 2006 + NOTE: Mitre re-contacted - micah June 5, 2006 CVE-2005-2210 (Stack-based buffer overflow in Internet Download Manager 4.05 allows ...) NOT-FOR-US: Internet Download Manager CVE-2005-2209 (Capturix ScanShare 1.06 build 50 stores sensitive information such as ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits