[Secure-testing-commits] r3389 - data/DSA

2006-01-30 Thread Moritz Muehlenhoff 
Author: jmm-guest
Date: 2006-01-30 13:31:32 + (Mon, 30 Jan 2006)
New Revision: 3389

Modified:
   data/DSA/list
Log:
trac DSA updated


Modified: data/DSA/list
===
--- data/DSA/list   2006-01-29 20:55:51 UTC (rev 3388)
+++ data/DSA/list   2006-01-30 13:31:32 UTC (rev 3389)
@@ -29,10 +29,11 @@
[woody] - libapache-auth-ldap 1.6.0-3.1
[sarge] - libapache-auth-ldap 1.6.0-8.1
NOTE: fixed in testing at time of DSA (no longer present in testing/sid)
-[23 Jan 2006] DSA-951-1 trac - missing input sanitising
+[23 Jan 2006] DSA-951-2 trac - missing input sanitising
{CVE-2005-4065 CVE-2005-4644}
-   [sarge] - trac 0.8.1-3sarge3
+   [sarge] - trac 0.8.1-3sarge4
NOTE: fixed in testing at time of DSA
+   NOTE: Original fix in 951-1 had regressions
 [23 Jan 2006] DSA-950-1 cupsys - buffer overflow
{CVE-2005-3191 CVE-2005-3192 CVE-2005-3193 CVE-2005-3624 CVE-2005-3625 
CVE-2005-3626 CVE-2005-3627 CVE-2005-3628}
[woody] - cupsys 1.1.14-5woody14


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] Processing r3389 failed

2006-01-30 Thread secure-testing 
The error message was:

reference to unknwown bug DSA-951-1
make: *** [all] Error 1

___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r3390 - data/CVE

2006-01-30 Thread Moritz Muehlenhoff 
Author: jmm-guest
Date: 2006-01-30 15:24:59 + (Mon, 30 Jan 2006)
New Revision: 3390

Modified:
   data/CVE/list
Log:
I forgot to adapt CVE/list for the trac update


Modified: data/CVE/list
===
--- data/CVE/list   2006-01-30 13:31:32 UTC (rev 3389)
+++ data/CVE/list   2006-01-30 15:24:59 UTC (rev 3390)
@@ -624,7 +624,7 @@
 CVE-2005-4645 (SQL injection vulnerability in index.php in 3CFR allows remote 
...)
NOT-FOR-US: 3CFR
 CVE-2005-4644 (Cross-site scripting (XSS) vulnerability in the HTML 
WikiProcessor in ...)
-   {DSA-951-1}
+   {DSA-951-2}
- trac 0.9.3-1
 CVE-2005-4643 (SQL injection vulnerability in index.php in Antharia OnContent 
// CMS ...)
NOT-FOR-US: Antharia OnContent
@@ -2162,7 +2162,7 @@
 CVE-2005-4066 (Total Commander 6.53 uses weak encryption to store FTP 
usernames and ...)
NOT-FOR-US: Total Commander
 CVE-2005-4065 (SQL injection vulnerability in the search module in Edgewall 
Trac ...)
-   {DSA-951-1}
+   {DSA-951-2}
- trac 0.9.2-1 (bug #342232; medium)
 CVE-2005-4064 (Multiple SQL injection vulnerabilities in A-FAQ 1.0 allow 
remote ...)
NOT-FOR-US: A-FAQ


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r3391 - data/CVE

2006-01-30 Thread Joey Hess 
Author: joeyh
Date: 2006-01-30 21:14:23 + (Mon, 30 Jan 2006)
New Revision: 3391

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2006-01-30 15:24:59 UTC (rev 3390)
+++ data/CVE/list   2006-01-30 21:14:23 UTC (rev 3391)
@@ -1,3 +1,87 @@
+CVE-2006-0467
+   RESERVED
+CVE-2006-0466 (Cross-site scripting (XSS) vulnerability in search.asp in 
Goldstag ...)
+   TODO: check
+CVE-2006-0465 (Cross-site scripting (XSS) vulnerability in 
risultati_ricerca.php in ...)
+   TODO: check
+CVE-2006-0464 (Multiple SQL injection vulnerabilities in index.php in 
IdeoContent ...)
+   TODO: check
+CVE-2006-0463 (Cross-site scripting (XSS) vulnerability in IdeoContent Manager 
allows ...)
+   TODO: check
+CVE-2006-0462 (SQL injection vulnerability in comentarios.php in AndoNET Blog 
...)
+   TODO: check
+CVE-2006-0461 (Cross-site scripting (XSS) vulnerability in core.input.php in 
...)
+   TODO: check
+CVE-2006-0460
+   RESERVED
+CVE-2006-0459
+   RESERVED
+CVE-2006-0458
+   RESERVED
+CVE-2006-0457
+   RESERVED
+CVE-2006-0456
+   RESERVED
+CVE-2006-0455
+   RESERVED
+CVE-2006-0454
+   RESERVED
+CVE-2006-0453
+   RESERVED
+CVE-2006-0452
+   RESERVED
+CVE-2006-0451
+   RESERVED
+CVE-2006-0450 (phpBB 2.0.19 and earlier allows remote attackers to cause a 
denial of ...)
+   TODO: check
+CVE-2006-0449 (Early termination vulnerability in the IMAP service in E-Post 
Mail ...)
+   TODO: check
+CVE-2006-0448 (Multiple directory traversal vulnerabilities in (1) 
EPSTIMAP4S.EXE and ...)
+   TODO: check
+CVE-2006-0447 (Multiple buffer overflows in E-Post Mail Server 4.10 and 
SPA-PRO Mail ...)
+   TODO: check
+CVE-2006-0446 (Unspecified vulnerability in WeBWorK 2.1.3 and 2.2-pre1 allows 
remote ...)
+   TODO: check
+CVE-2006-0445 (index.php in Phpclanwebsite 1.23.1 allows remote authenticated 
users ...)
+   TODO: check
+CVE-2006-0444 (SQL injection vulnerability in index.php in Phpclanwebsite (aka 
PCW) ...)
+   TODO: check
+CVE-2006-0443 (Cross-site scripting (XSS) vulnerability in archive.php in 
CheesyBlog ...)
+   TODO: check
+CVE-2006-0442 (Multiple cross-site scripting (XSS) vulnerabilities in 
usercp.php in ...)
+   TODO: check
+CVE-2006-0441 (Stack-based buffer overflow in Sami FTP Server 2.0.1 allows 
remote ...)
+   TODO: check
+CVE-2006-0440 (Text Rider 2.4 allows attackers to bypass authentication and 
upload ...)
+   TODO: check
+CVE-2006-0439 (Text Rider 2.4 stores sensitive data in the data directory 
under the ...)
+   TODO: check
+CVE-2006-0438
+   RESERVED
+CVE-2006-0437
+   RESERVED
+CVE-2006-0436 (Unspecified vulnerability in HP HP-UX B.11.00, B.11.04, and 
B.11.11 ...)
+   TODO: check
+CVE-2006-0435 (Unspecified vulnerability in Oracle PL/SQL (PLSQL) allows 
attackers to ...)
+   TODO: check
+CVE-2006-0434 (Directory traversal vulnerability in action.php in phpXplorer 
allows ...)
+   TODO: check
+CVE-2005-4675 (Cross-site scripting (XSS) vulnerability in list.php in 
Complete PHP ...)
+   TODO: check
+CVE-2005-4674 (Multiple SQL injection vulnerabilities in list.php in Complete 
PHP ...)
+   TODO: check
+CVE-2005-4673 (ioFTPD 0.5.84 u responds with different messages depending on 
whether ...)
+   TODO: check
+CVE-2005-4672 (Cross-site scripting (XSS) vulnerability in 
image-editor-52/index.php ...)
+   TODO: check
+CVE-2005-4671 (Cross-site scripting (XSS) vulnerability in 
simple-upload-53.php in ...)
+   TODO: check
+CVE-2005-4670 (Cross-site scripting (XSS) vulnerability in message.php in 
CityPost ...)
+   TODO: check
+CVE-2005-4669 (SQL injection vulnerability in RT Internet Solutions (RTIS) 
WebAdmin ...)
+   TODO: check
+CVE-2005-4668 (The embedded HSQLDB in ParosProxy before 3.2.7, when running 
with JDK ...)
+   TODO: check
 CVE-2006-0433
RESERVED
 CVE-2006-0432 (Unspecified vulnerability in BEA WebLogic Server and WebLogic 
Express ...)
@@ -948,8 +1032,8 @@
RESERVED
 CVE-2006-0058
RESERVED
-CVE-2006-0057
-   RESERVED
+CVE-2006-0057 (Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote 
attackers ...)
+   TODO: check
 CVE-2006-0056
RESERVED
 CVE-2006-0055 (The ispell_op function in ee on FreeBSD 4.10 to 6.0 uses 
predictable ...)
@@ -2019,7 +2103,7 @@
NOT-FOR-US: DRZES HMS
 CVE-2005-4135 (Direct static code injection vulnerability in 
includes/newtopic.php in ...)
NOT-FOR-US: SimpleBBS
-CVE-2005-4134 (** DISPUTED ** ...)
+CVE-2005-4134 (Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon 
before ...)
- mozilla-firefox unfixed (unimportant)
NOTE: Not exploitable beyond a sluggish browser startup, see
NOTE: http://www.mozilla.org/security/history-title.html
@@ -6839,7 +6923,7 @@
- phpbb2 2.0.6c (low)
 CVE-2004-2357 (The