[Secure-testing-commits] r4864 - data/CVE
Author: jmm-guest
Date: 2006-10-20 16:36:50 + (Fri, 20 Oct 2006)
New Revision: 4864
Modified:
data/CVE/list
Log:
new steam issue
python2.3 fixed
new qt issue
some mozilla issues don't affect xulrunner, some are already fixed
mediawiki fixed
bugnums
rewrote blender and bind issues, which are not important for Etch
Modified: data/CVE/list
===
--- data/CVE/list 2006-10-19 13:15:39 UTC (rev 4863)
+++ data/CVE/list 2006-10-20 16:36:50 UTC (rev 4864)
@@ -1,3 +1,6 @@
+CVE-2006- [unspecified steam cache vulnerability]
+ - steam 2.2.31-1
+ [sarge] - steam not-affected (Sarge version doesn't implement caching)
CVE-2006-5381 (Contenido CMS stores sensitive data under the web root with ...)
TODO: check
CVE-2006-5380 (** DISPUTED ** ...)
@@ -835,7 +838,7 @@
CVE-2006-4980 (Buffer overflow in the repr function in Python 2.3 through 2.6
before ...)
- python2.5 2.5-1 (bug #391589)
- python2.4 2.4.3-9 (bug #391589)
- - python2.3 unfixed (bug #393053)
+ - python2.3 2.3.5-16 (bug #393053)
- python2.2 not-affected (Compiled without UCS-4 support)
CVE-2006-4979 (Direct static code injection vulnerability in
cfgphpquiz/install.php ...)
NOT-FOR-US: PhpQuiz
@@ -1191,8 +1194,10 @@
CVE-2006-4812 (Integer overflow in PHP 5 up to 5.1.6 and 4 before 4.3.0 allows
remote ...)
- php4 not-affected
- php5 unfixed (bug #391586)
-CVE-2006-4811
+CVE-2006-4811 [qt pixmap overflow]
RESERVED
+ - qt-x11-free unfixed (bug #394192)
+ - qt4-x11 unfixed (bug #394192)
CVE-2006-4810
RESERVED
CVE-2006-4809
@@ -2341,7 +2346,6 @@
CVE-2006-4311 (PHP remote file inclusion vulnerability in Sonium Enterprise
...)
NOT-FOR-US: Sonium Enterprise Adressbook
CVE-2006-4310 (Mozilla Firefox 1.5.0.6 allows remote attackers to cause a
denial of ...)
- - xulrunner unfixed
- firefox unfixed
- mozilla unfixed
- mozilla-firefox unfixed
@@ -5566,7 +5570,7 @@
CVE-2006-2879 (SQL injection vulnerability in newscomments.php in Alex
News-Engine ...)
NOT-FOR-US: Alex News-Engine
CVE-2006-2878 (The spellchecker (spellcheck.php) in DokuWiki 2006/06/04 and
earlier ...)
- - dokuwiki 0.0.20060309-4 (bug #370369; high)
+ - dokuwiki 0.0.20060309-4 (bug #370369; bug #370785; high)
CVE-2006-2877 (PHP remote file inclusion vulnerability in Bookmark4U 2.0.0 and
...)
NOT-FOR-US: Bookmark4U
CVE-2006-2876 (Cross-site scripting (XSS) vulnerability in cat.php in PHP Pro
Publish ...)
@@ -5826,7 +5830,6 @@
NOTE: MFSA-2006-40
- thunderbird 1.5.0.4-1 (high)
- mozilla 2:1.7.13-0.3 (high)
- - xulrunner unfixed (high)
CVE-2006-2780 (Integer overflow in Mozilla Firefox and Thunderbird before
1.5.0.4 ...)
{DSA-1134-1 DSA-1120 DSA-1118}
NOTE: MFSA-2006-32
@@ -5840,7 +5843,7 @@
- firefox 1.5.dfsg+1.5.0.4-1 (high)
- thunderbird 1.5.0.4-1 (high)
- mozilla 2:1.7.13-0.3 (high)
- - xulrunner unfixed (high)
+ - xulrunner 1.8.0.4-1 (high)
CVE-2006-2778 (The crypto.signText function in Mozilla Firefox and Thunderbird
before ...)
{DSA-1134-1 DSA-1120 DSA-1118}
NOTE: MFSA-2006-38
@@ -5853,7 +5856,7 @@
NOTE: MFSA-2006-43
- firefox 1.5.dfsg+1.5.0.4-1 (high)
- mozilla 2:1.7.13-0.3 (high)
- - xulrunner unfixed (high)
+ - xulrunner 1.8.0.4-1 (high)
CVE-2006-2776 (Certain privileged UI code in Mozilla Firefox and Thunderbird
before ...)
{DSA-1134-1 DSA-1120 DSA-1118}
NOTE: MFSA-2006-37
@@ -6231,7 +6234,8 @@
NOT-FOR-US: Novell Client for Windows
NOTE: The Windows clipboard is a public resource anyway.
CVE-2006-2611 (Cross-site scripting (XSS) vulnerability in
includes/Sanitizer.php in ...)
- - mediawiki unfixed (medium)
+ - mediawiki1.7 not-affected (Fixed in 1.5 prior to release)
+ - mediawiki unfixed
CVE-2006-2610 (Cross-site scripting (XSS) vulnerability in view.php in phpRaid
2.9.5 ...)
NOT-FOR-US: phpRaid
CVE-2006-2609 (artmedic newsletter 4.1.2 and possibly other versions, when ...)
@@ -6374,11 +6378,12 @@
CVE-2002-2212 (The DNS resolver in unspecified versions of Fujitsu UXP/V, when
...)
NOT-FOR-US: Fujitsu UXP/V
CVE-2002-2211 (BIND 4 and BIND 8, when resolving recursive DNS queries for
arbitrary ...)
- - bind unfixed (medium)
- [sarge] - bind no-dsa (Upgrade to BIND 9 as a fix)
+ - bind unfixed (unimportant)
- bind9 not-affected (does not send parallel queries)
NOTE: Disabling recursion does not close all attack vectors.
NOTE: Browser reflection attacks will still work.
+ NOTE: Bind 8 design limitations that are only addressed in bind 9 are
not
+ NOTE: treated a security issues, DNS admins need to be aware what they
are using
CVE-2006-2550 (perlpodder before 0.5
[Secure-testing-commits] Processing r4864 failed
The error message was: error: unknown package note '#366044' make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] can I trust you?
Dr.AL_Hahji Azizi . E_mail:[EMAIL PROTECTED] My dear friend, How are you and your friend over there which is most important thing of this world hope ok. This my letter is for order to transfer out (Twelve million five hunderd thousand pounds sterlings) from our bank here in Dakar Senegal,the owner of this account in Mr.Dow D.Rice,a foreigner and the manager of petrol chemical service here in Dakar Senegal. Mr.Dow D.Rice with his family went to his country New York, USA for a summer vacation, after a year and some months we heard that Mr.Dow D.Rice and his family had a plane crash with American Airlines Flight 587, Website: http://www.airsafe.com/events/aa587.htm. Mr.Dow D.Rice was a chemical engineer by proffession and he died on 12 November 2001,at Approximately 9:17 A.M local time, American Airlines Flight 587, an Airbus A300-600. The amount involved is (pound;12.5) Great British Pounds Sterlings. I want to transfer this money into a safe foreign account abroad but I don't know any foreigner who will assist me in this regard, Hence, I contated you to assist me. I know that this massage will come to you as a surprise as we don't know our self before,but be rest-asured that it is real and a genuine business. I believe in God that you will never let me down in this investment. Your full contact information phone and fax number,name will be necessary for this effect. Hope to hear from you immediately. Contact me with this email addres:[EMAIL PROTECTED] Thanks. Mr.AL_Hahji Azizi . ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r4865 - data/CVE
Author: stef-guest Date: 2006-10-20 19:51:08 + (Fri, 20 Oct 2006) New Revision: 4865 Modified: data/CVE/list Log: some NFUs Modified: data/CVE/list === --- data/CVE/list 2006-10-20 16:36:50 UTC (rev 4864) +++ data/CVE/list 2006-10-20 19:51:08 UTC (rev 4865) @@ -2,105 +2,105 @@ - steam 2.2.31-1 [sarge] - steam not-affected (Sarge version doesn't implement caching) CVE-2006-5381 (Contenido CMS stores sensitive data under the web root with ...) - TODO: check + NOT-FOR-US: Contenido CMS CVE-2006-5380 (** DISPUTED ** ...) - TODO: check + NOT-FOR-US: Contenido CMS CVE-2006-5379 (The accelerated rendering functionality of NVIDIA Binary Graphics ...) TODO: check CVE-2006-5378 (Unspecified vulnerability in JD Edwards HTML Server in JD Edwards ...) - TODO: check + NOT-FOR-US: EnterpriseOne CVE-2006-5377 (Unspecified vulnerability in PeopleSoft component in Oracle PeopleSoft ...) - TODO: check + NOT-FOR-US: PeopleSoft CVE-2006-5376 (Multiple unspecified vulnerabilities in PeopleTools component in ...) - TODO: check + NOT-FOR-US: PeopleSoft CVE-2006-5375 (Multiple unspecified vulnerabilities in PeopleTools component in ...) - TODO: check + NOT-FOR-US: PeopleSoft CVE-2006-5374 (Unspecified vulnerability in Oracle Pharmaceutical Applications 4.5.1 ...) - TODO: check + NOT-FOR-US: Oracle CVE-2006-5373 (Unspecified vulnerability in Oracle Install Base component in Oracle ...) - TODO: check + NOT-FOR-US: Oracle CVE-2006-5372 (Multiple unspecified vulnerabilities in Oracle E-Business Suite ...) - TODO: check + NOT-FOR-US: Oracle CVE-2006-5371 (Unspecified vulnerability in Oracle Email Center component in Oracle ...) - TODO: check + NOT-FOR-US: Oracle CVE-2006-5370 (Multiple unspecified vulnerabilities in Oracle E-Business Suite ...) - TODO: check + NOT-FOR-US: Oracle CVE-2006-5369 (Unspecified vulnerability in Oracle Application Object Library in ...) - TODO: check + NOT-FOR-US: Oracle CVE-2006-5368 (Unspecified vulnerability in Oracle Exchange component in Oracle ...) - TODO: check + NOT-FOR-US: Oracle CVE-2006-5367 (Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.7 ...) - TODO: check + NOT-FOR-US: Oracle CVE-2006-5366 (Multiple unspecified vulnerabilities in Oracle Collaboration Suite ...) - TODO: check + NOT-FOR-US: Oracle CVE-2006-5365 (Unspecified vulnerability in Oracle Forms in Oracle Application Server ...) - TODO: check + NOT-FOR-US: Oracle CVE-2006-5364 (Unspecified vulnerability in Oracle Containers for J2EE component in ...) - TODO: check + NOT-FOR-US: Oracle CVE-2006-5363 (Unspecified vulnerability in Oracle Single Sign-On component in Oracle ...) - TODO: check + NOT-FOR-US: Oracle CVE-2006-5362 (Unspecified vulnerability in Oracle Containers for J2EE component in ...) - TODO: check + NOT-FOR-US: Oracle CVE-2006-5361 (Unspecified vulnerability in Oracle Containers for J2EE in Oracle ...) - TODO: check + NOT-FOR-US: Oracle CVE-2006-5360 (Unspecified vulnerability in Oracle Forms component in Oracle ...) - TODO: check + NOT-FOR-US: Oracle CVE-2006-5359 (Multiple unspecified vulnerabilities in Oracle Reports Developer ...) - TODO: check + NOT-FOR-US: Oracle CVE-2006-5358 (Unspecified vulnerability in Oracle Forms component in Oracle ...) - TODO: check + NOT-FOR-US: Oracle CVE-2006-5357 (Unspecified vulnerability in Oracle HTTP Server component in Oracle ...) - TODO: check + NOT-FOR-US: Oracle CVE-2006-5356 (Unspecified vulnerability in Oracle Containers for J2EE component in ...) - TODO: check + NOT-FOR-US: Oracle CVE-2006-5355 (Unspecified vulnerability in Oracle Single Sign-On component in Oracle ...) - TODO: check + NOT-FOR-US: Oracle CVE-2006-5354 (Unspecified vulnerability in Oracle HTTP Server 9.2.0.7 and 10.1.0.5, ...) - TODO: check + NOT-FOR-US: Oracle CVE-2006-5353 (Unspecified vulnerability in Oracle HTTP Server component in Oracle ...) - TODO: check + NOT-FOR-US: Oracle CVE-2006-5352 (Multiple unspecified vulnerabilities in Oracle Application Express 1.5 ...) - TODO: check + NOT-FOR-US: Oracle CVE-2006-5351 (Multiple unspecified vulnerabilities in Oracle Application Express ...) - TODO: check + NOT-FOR-US: Oracle CVE-2006-5350 (Unspecified vulnerability in Oracle HTTP Server 9.2.0.7 and Oracle ...) - TODO: check + NOT-FOR-US: Oracle CVE-2006-5349 (Unspecified vulnerability in Oracle HTTP Server 9.2.0.7, when running ...) - TODO: check + NOT-FOR-US: Oracle CVE-2006-5348 (Unspecified vulnerability in Oracle HTTP Server 9.2.0.7, Oracle
[Secure-testing-commits] Processing r4865 failed
The error message was: error: unknown package note '#366044' make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] Processing r4866 failed
The error message was: data/CVE/list:6236: source and binary package annotations data/CVE/list:6236: source package: mediawiki1.7 data/CVE/list:6236: binary package: mediawiki make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r4867 - data/CVE
Author: stef-guest Date: 2006-10-20 20:06:54 + (Fri, 20 Oct 2006) New Revision: 4867 Modified: data/CVE/list Log: fix mediawiki entry Modified: data/CVE/list === --- data/CVE/list 2006-10-20 19:53:36 UTC (rev 4866) +++ data/CVE/list 2006-10-20 20:06:54 UTC (rev 4867) @@ -6234,8 +6234,8 @@ NOT-FOR-US: Novell Client for Windows NOTE: The Windows clipboard is a public resource anyway. CVE-2006-2611 (Cross-site scripting (XSS) vulnerability in includes/Sanitizer.php in ...) - - mediawiki1.7 not-affected (Fixed in 1.5 prior to release) - - mediawiki unfixed + - mediawiki1.7 not-affected (Fixed in 1.7 prior to release) + - mediawiki1.5 unfixed CVE-2006-2610 (Cross-site scripting (XSS) vulnerability in view.php in phpRaid 2.9.5 ...) NOT-FOR-US: phpRaid CVE-2006-2609 (artmedic newsletter 4.1.2 and possibly other versions, when ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
