[Secure-testing-commits] r4253 - data/CVE

Fri, 16 Jun 2006 23:54:26 -0700 

Author: alec-guest
Date: 2006-06-17 06:07:39 +0000 (Sat, 17 Jun 2006)
New Revision: 4253

Modified:
   data/CVE/list
Log:
* CVE-2006-2230 (xine-ui): found fixed version
* CVE-2006-1991 (php4): found fixed version
* CVE-2005-3330 (wordpress): bug closed last year, maintainer says the
                             component isn't vulnerable, marking unaffected


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2006-06-16 22:30:51 UTC (rev 4252)
+++ data/CVE/list       2006-06-17 06:07:39 UTC (rev 4253)
@@ -1879,7 +1879,7 @@
        NOT-FOR-US: Big Webmaster Guestbook Script
 CVE-2006-2230 (Multiple format string vulnerabilities in xiTK (xitk/main.c) in 
xine ...)
        {DSA-1093-1}
-       - xine-ui <unfixed> (medium; bug #363370)
+       - xine-ui 0.99.4-1 (medium; bug #363370)
 CVE-2006-2229 (OpenVPN 2.0.7 and earlier, when configured to use the 
--management ...)
        - openvpn <unfixed> (unimportant)
        NOTE: One needs to explicitly set the IP to something else than 
127.0.0.1
@@ -2421,7 +2421,7 @@
 CVE-2006-1992 (mshtml.dll 6.00.2900.2873, as used in Microsoft Internet 
Explorer, ...)
        NOT-FOR-US: Microsoft Internet Explorer
 CVE-2006-1991 (The substr_compare function in string.c in PHP 4.4.2 and 5.1.2 
allows ...)
-       - php4 <unfixed> (bug #365311; medium)
+       - php4 4:4.4.2-1.1 (bug #365311; medium)
        - php5 5.1.4-0.1 (bug #365312; medium)
 CVE-2006-1990 (Integer overflow in the wordwrap function in string.c in PHP 
4.4.2 and ...)
        - php4 4:4.4.2-1.1 (bug #365311; medium)
@@ -10824,9 +10824,8 @@
 CVE-2005-3331 (viewpatch in mgdiff 1.0 allows local users to overwrite 
arbitrary ...)
        - mgdiff 1.0-28 (bug #335188; unimportant)
 CVE-2005-3330 (The _httpsrequest function in Snoopy 1.2, as used in products 
such as ...)
-       - wordpress <unfixed> (bug #335817; unimportant)
-       NOTE: The vulnerability is only exposed if the administrator edits
-       NOTE: non-configuration PHP files and adds https:// URLs.
+       - wordpress <not-affected> (bug #335817; unimportant)
+       NOTE: Upstream claims the modified Snoopy class is secure
 CVE-2005-3329 (Cross-site scripting (XSS) vulnerability in RSA Authentication 
Agent ...)
        NOT-FOR-US: RSA Authentication Agent
 CVE-2005-3328 (PHP remote file inclusion vulnerability in common.php in PunBB 
1.1.2 ...)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

Reply via email to