[Secure-testing-commits] r5091 - data/CVE

Moritz Muehlenhoff Fri, 08 Dec 2006 15:37:31 -0800

Author: jmm-guest
Date: 2006-12-09 00:37:24 +0100 (Sat, 09 Dec 2006)
New Revision: 5091


Modified:
   data/CVE/list
Log:
new severe madwifi issue (thank god we're not Ubuntu having such crap
  in the default kernel)
  new 2.6.19-only kernel issue
  new issues in fail2ban and denyhosts
  new evince issue
  bugnums


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2006-12-08 20:14:15 UTC (rev 5090)
+++ data/CVE/list       2006-12-08 23:37:24 UTC (rev 5091)
@@ -69,9 +69,11 @@
 CVE-2006-6334
        RESERVED
 CVE-2006-6333 (The tr_rx function in ibmtr.c for Linux kernel 2.6.19 assigns 
the ...)
-       TODO: check
-CVE-2006-6332
+       - linux-2.6 <unfixed>
+       [etch] - linux-2.6 <not-affected> (Only affects 2.6.19, introduced 
after 2.6.18)
+CVE-2006-6332 [madwifi code injection]
        RESERVED
+       - madwifi 1:0.9.2+r1842.20061207-1 (high)
 CVE-2006-6331 (metaInfo.php in TorrentFlux 2.2, when 
$cfg[&quot;enable_file_priority&quot;] is ...)
        TODO: check
 CVE-2006-6330 (index.php for TorrentFlux 2.2 allows remote registered users to 
...)
@@ -185,9 +187,9 @@
 CVE-2006-6274 (SQL injection vulnerability in articles.asp in Expinion.net 
iNews (1) ...)
        TODO: check
 CVE-2006-6302 (fail2ban 0.7.4 and earlier does not properly parse sshd logs 
file, which ...)
-       - fail2ban <unfixed> (medium; bug filed)
+       - fail2ban <unfixed> (medium; bug #401793)
 CVE-2006-6301 (DenyHosts 2.5 does not properly parse sshd logs file, which 
allows remote ...)
-       - denyhosts <unfixed> (medium; bug filed)
+       - denyhosts <unfixed> (medium; bug #401795)
 CVE-2006-5873 [l2tpns Heartbeat Packets Buffer Overflow Vulnerability]
        RESERVED
        NOTE: http://secunia.com/advisories/23230/
@@ -404,10 +406,10 @@
 CVE-2006-6176 (Cross-site scripting (XSS) vulnerability in admin.php in Blogn 
before ...)
        NOT-FOR-US: Blogn
 CVE-2006-6175 (Directory traversal vulnerability in lib/FBView.php in Horde 
Kronolith ...)
-       - kronolith2 2.1.4-1 (bug #400899)
+       - kronolith2 2.1.4-1 (bug #400899; bug #401061)
        TODO: check kronolith 1.x
 CVE-2006-6174 (Cross-site scripting (XSS) vulnerability in tDiary before 2.0.3 
and ...)
-       - tdiary 2.1.4-5 (bug #400447)
+       - tdiary 2.1.4-5 (bug #400447; bug #400650)
 CVE-2006-6173 (Buffer overflow in the shared_region_make_private_np function 
in ...)
        NOT-FOR-US: Mac OS X 
 CVE-2006-6172 (Buffer overflow in the asmrp_eval function for Real Media input 
plugin ...)
@@ -800,7 +802,7 @@
 CVE-2006-5990 (VMWare VirtualCenter client 2.x before 2.0.1 Patch 1 (Build 
33643) and ...)
        NOT-FOR-US: VMWare
 CVE-2006-5989 (Off-by-one error in the der_get_oid function in mod_auth_kerb 
5.0 ...)
-       - libapache-mod-auth-kerb 5.3-1 (low)
+       - libapache-mod-auth-kerb 5.3-1 (low; bug #400589)
 CVE-2006-5988 (Unspecified vulnerability in Windows 2000 Advanced Server SP4 
running ...)
        NOT-FOR-US: Windows
 CVE-2006-5987 (SQL injection vulnerability in default.asp in ASPintranet, 
possibly ...)
@@ -905,7 +907,7 @@
 CVE-2006-5942 (Cross-site scripting (XSS) vulnerability in ...)
        NOT-FOR-US: Less Inventory Manager
 CVE-2006-5941 (snmpd in (1) the SUNWsmagt package in Solaris 10 before 
20061122 and ...)
-       NOT-FOR-US: Solaris
+       NOT-FOR-US: Solaris, see #400557
 CVE-2006-5940 (Unspecified vulnerability in Grisoft AVG Anti-Virus before 
7.1.407 has ...)
        NOT-FOR-US: Grisoft AVG Anti-Virus
 CVE-2006-5939 (Grisoft AVG Anti-Virus before 7.1.407 allows remote attackers 
to cause ...)
@@ -940,7 +942,7 @@
        {DSA-1228-1 DSA-1226-1}
        - links 0.99+1.00pre12-1.1 (medium; bug #399188)
        - elinks 0.11.1-1.2 (medium; bug #399187)
-       - links2 2.1pre25-2
+       - links2 2.1pre25-2 (medium; bug #400718)
 CVE-2006-5924 (Cross-site scripting (XSS) vulnerability in index.php in 
Efficient IP ...)
        NOT-FOR-US: Efficient IP iPmanager (IPm)
 CVE-2006-5923 (PHP remote file inclusion vulnerability in index.php in Chris 
Mac ...)
@@ -1163,6 +1165,7 @@
 CVE-2006-5864 (Stack-based buffer overflow in the ps_gettext function in ps.c 
for GNU ...)
        {DSA-1214}
        - gv 1:3.6.2-2 (medium; bug #398292)
+       - evince 0.4.0-3 (medium; bug #400904)
 CVE-2006-5818 (Multiple buffer overflows in tunekrnl in IBM Lotus Domino 6.x 
before ...)
        NOT-FOR-US: Lotus Domino 
 CVE-2006-5817 (prl_dhcpd in Parallels Desktop for Mac Build 1940 uses insecure 
...)
@@ -2687,7 +2690,7 @@
        NOTE: Only path disclosure
 CVE-2006-5116 (Multiple cross-site request forgery (CSRF) vulnerabilities in 
...)
        {DSA-1207-1}
-       - phpmyadmin 4:2.9.0.2-0.1 (bug #391090; low)
+       - phpmyadmin 4:2.9.0.2-0.1 (bug #391090; bug #400553; low)
        [sarge] - phpmyadmin <not-affected> (Vulnerable code not present)
 CVE-2006-5115 (Directory traversal vulnerability in kgcall.php in KGB 1.87 
allows ...)
        NOT-FOR-US: KGB
@@ -4638,7 +4641,7 @@
        - man-db 2.4.3-5
 CVE-2006-4249 [plone group creation privilege escalation]
        RESERVED
-       - zope-cmfplone <unfixed>
+       - zope-cmfplone <unfixed> (bug #401796)
        [sarge] - zope-cmfplone <not-affected> (Vulnerable code not present)
 CVE-2006-4248 (thttpd on Debian GNU/Linux, and possibly other distributions, 
allows ...)
        {DSA-1205-1}


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r5091 - data/CVE

Reply via email to