[Secure-testing-commits] r4003 - data/CVE

Sat, 20 May 2006 07:08:24 -0700 

Author: alec-guest
Date: 2006-05-20 14:07:45 +0000 (Sat, 20 May 2006)
New Revision: 4003

Modified:
   data/CVE/list
Log:
* dia bug number
* libopenobex already fixed (sweet!)
* NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2006-05-20 13:20:47 UTC (rev 4002)
+++ data/CVE/list       2006-05-20 14:07:45 UTC (rev 4003)
@@ -24,8 +24,7 @@
 CVE-2006-2481
        RESERVED
 CVE-2006-2480 (Format string vulnerability in Dia 0.94 allows user-complicit 
...)
-       NOTE: will file a bug when I finish testing the patch - alec
-       - dia <unfixed> (low)
+       - dia <unfixed> (bug #368202; low)
 CVE-2006-2479 (The Update functionality in Bitrix Site Manager 4.1.x does not 
verify ...)
        NOT-FOR-US: Bitrix
 CVE-2006-2478 (Bitrix Site Manager 4.1.x allows remote attackers to redirect 
users to ...)
@@ -55,8 +54,7 @@
 CVE-2006-2466 (BEA WebLogic Server 8.1 up to SP4 and 7.0 up to SP6 allows 
remote ...)
        NOT-FOR-US: BEA
 CVE-2006-2465 (Buffer overflow in MP3Info 0.8.4 allows attackers to execute 
arbitrary ...)
-       NOTE: will file bug soon, poking around for a fix - alec
-       - mp3info <unfixed> (low)
+       - mp3info <unfixed> (bug filed; low)
 CVE-2006-2464 (stopWebLogic.sh in BEA WebLogic Server 8.1 before Service Pack 
4 and ...)
        NOT-FOR-US: BEA
 CVE-2006-2463 (view_album.php in SelectaPix 1.31 and earlier allows remote 
attackers ...)
@@ -248,15 +246,15 @@
        - vnc4 4.1.1+X4.3.0-10 (high)
        [sarge] - vnc4 <not-affected> (vuln not in 4.0)
 CVE-2006-2368 (Cross-site scripting (XSS) vulnerability in index.php in 
Clansys (aka ...)
-       TODO: check
+       NOT-FOR-US: Clansys
 CVE-2006-2367 (Cross-site scripting (XSS) vulnerability in index.php in 
Clansys (aka ...)
-       TODO: check
+       NOT-FOR-US: Clansys
 CVE-2006-2366 (ircp_io.c in libopenobex for ircp 1.2, when ircp is run with 
the -r ...)
-       TODO: check
+       - libopenobex 1.2-3 (bug #366484)
 CVE-2006-2365 (Cross-site scripting (XSS) vulnerability in a_login.php in 
Vizra ...)
-       TODO: check
+       NOT-FOR-US: Vizra
 CVE-2006-2364 (Cross-site scripting (XSS) vulnerability in the validation 
feature in ...)
-       TODO: check
+       NOT-FOR-US: Macromedia
 CVE-2006-2363 (SQL injection vulnerability in the weblinks option 
(weblinks.html.php) ...)
        TODO: check
 CVE-2006-2362 (Buffer overflow in getsym in tekhex.c in libbfd in Free 
Software ...)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

Reply via email to