[Secure-testing-commits] r3786 - data/CVE

Tue, 11 Apr 2006 07:49:40 -0700 

Author: jmm-guest
Date: 2006-04-11 14:48:56 +0000 (Tue, 11 Apr 2006)
New Revision: 3786

Modified:
   data/CVE/list
Log:
four new php issues
new fbi issue
new cyrus-sasl2 issue


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2006-04-11 11:43:51 UTC (rev 3785)
+++ data/CVE/list       2006-04-11 14:48:56 UTC (rev 3786)
@@ -1,3 +1,7 @@
+CVE-2006-XXXX [Insecure temp files in fbgs]
+       - fbi <unfixed> (bug #361370)
+CVE-2006-XXXX [Cyrus SASL DIGEST-MD5 Pre-Authentication Denial of Service]
+       - cyrus-sasl2 <unfixed> (bug #361937)
 CVE-2006-1675 (Multiple cross-site scripting (XSS) vulnerabilities in 
PHPWebGallery ...)
        TODO: check
 CVE-2006-1674 (Cross-site scripting (XSS) vulnerability in search.php in ...)
@@ -143,7 +147,8 @@
 CVE-2006-1609 (Unspecified vulnerability in Hitachi XFIT/S, XFIT/S/JCA, 
XFIT/S/ZGN, ...)
        TODO: check
 CVE-2006-1608 (The copy function in file.c in PHP 4.4.2 and 5.1.2 allows local 
users ...)
-       TODO: check
+       - php4 <unfixed> (bug #361856)
+       - php5 <unfixed> (bug #361915)
 CVE-2006-1607 (Unspecified vulnerability in the banner module in Exponent CMS 
before ...)
        TODO: check
 CVE-2006-1606 (Unspecified vulnerability in the image module in Exponent CMS 
before ...)
@@ -279,8 +284,10 @@
        NOT-FOR-US: Apple 
 CVE-2006-1551
        RESERVED
-CVE-2006-1549
+CVE-2006-1549 [function *() php/apache Crash]
        RESERVED
+       - php4 <unfixed> (bug #361854)
+       - php5 <unfixed> (bug #361917)
 CVE-2005-4767 (BEA WebLogic Server and WebLogic Express 8.1 SP5 and earlier, 
and 7.0 ...)
        NOT-FOR-US: BEA WebLogic
 CVE-2005-4766 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 
and 7.0 ...)
@@ -427,7 +434,8 @@
 CVE-2006-1495 (SQL injection vulnerability in general/sendpassword.php in (1) 
...)
        NOT-FOR-US: PHPCollab / NetOffice
 CVE-2006-1494 (Directory traversal vulnerability in file.c in PHP 4.4.2 and 
5.1.2 ...)
-       TODO: check
+       - php4 <unfixed> (bug #361855)
+       - php5 <unfixed> (bug #361916)
 CVE-2006-1493 (Cross-site scripting (XSS) vulnerability in dir.php in Explorer 
XP ...)
        NOT-FOR-US: Explorer XP
 CVE-2006-1492 (Directory traversal vulnerability in dir.php in Explorer XP 
allows ...)
@@ -1541,7 +1549,8 @@
 CVE-2006-0997 (The SSL server implementation in NILE.NLM in Novell NetWare 6.5 
and ...)
        NOT-FOR-US: Novell
 CVE-2006-0996 (Cross-site scripting (XSS) vulnerability in phpinfo (info.c) in 
PHP ...)
-       TODO: check
+       - php4 <unfixed> (bug #361853)
+       - php5 <unfixed> (bug #361914)
 CVE-2006-0995 (EMC Dantz Retrospect 7 backup client 7.0.107, and other 
versions ...)
        NOT-FOR-US: EMC Dantz Retrospect
 CVE-2006-0994


_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

Reply via email to