[Secure-testing-commits] r3007 - data/CVE

Moritz Muehlenhoff jmm-guest at costa.debian.org
Sun Dec 11 21:54:08 UTC 2005 

Author: jmm-guest
Date: 2005-12-11 21:54:04 +0000 (Sun, 11 Dec 2005)
New Revision: 3007

Modified:
   data/CVE/list
Log:
new sudo issue
new mailman issue, still rather unclear
NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2005-12-11 21:15:34 UTC (rev 3006)
+++ data/CVE/list	2005-12-11 21:54:04 UTC (rev 3007)
@@ -1,51 +1,50 @@
-begin claimed by jmm
 CVE-2005-4164 (SQL injection vulnerability in view.php in PHP-addressbook 1.2 allows ...)
-	TODO: check
+	NOT-FOR-US: PHP-addressbook
 CVE-2005-4163 (Directory traversal vulnerability in captcha.php in Captcha PHP 0.9 ...)
-	TODO: check
+	NOT-FOR-US: Captcha
 CVE-2005-4162 (Cross-site scripting (XSS) vulnerability in cal_make.pl in ACME ...)
-	TODO: check
+	NOT-FOR-US: ACME PerlCal
 CVE-2005-4161 (Multiple cross-site scripting (XSS) vulnerabilities in MilliScripts ...)
-	TODO: check
+	NOT-FOR-US: MilliScripts
 CVE-2005-4160 (Directory traversal vulnerability in getdox.php in Torrential 1.2 ...)
-	TODO: check
+	NOT-FOR-US: Torrential
 CVE-2005-4159 (SQL injection vulnerability in Memberlist.php in Simple Machines Forum ...)
-	TODO: check
+	NOT-FOR-US: Simple Machines Forum
 CVE-2005-4158 (Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear ...)
-	TODO: check
+	- sudo <unfixed> (bug filed; medium)
 CVE-2005-4157 (Unspecified vulnerability in Kerio WinRoute Firewall before 6.1.3 ...)
-	TODO: check
+	NOT-FOR-US: Kerio Firewall
 CVE-2005-4156 (Unspecified vulnerability in Mambo 4.5 (1.0.0) through 4.5 (1.0.9), ...)
-	TODO: check
+	NOT-FOR-US: Mambo
 CVE-2005-4155 (registration.PHP in ATutor 1.5.1 pl2 allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: ATutor
 CVE-2005-4154 (Unspecified vulnerability in PEAR installer 1.4.2 and earlier allows ...)
-	TODO: check
+	NOT-FOR-US: PEAR installer
+	TODO: Please double-check, this could be included somewhere else
 CVE-2005-4153 (Mailman 2.1.4 through 2.1.6 allows remote attackers to cause a denial ...)
-	TODO: check
+	TODO: Pull this from the Mandriva update for further evaluation
 CVE-2005-4152 (Soti Pocket Controller-Professional 5.0 allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: Soti Pocket Controller-Professional 
 CVE-2005-4151 (The Wipe Free Space utility in PGP Desktop Home 8.0 and Desktop ...)
-	TODO: check
+	NOT-FOR-US: PGP Desktop Home
 CVE-2005-4150 (Cross-site scripting (XSS) vulnerability in the portal login page in ...)
-	TODO: check
+	NOT-FOR-US: CA Clever Path
 CVE-2005-4149 (Lyris ListManager 8.8 through 8.9b allows remote attackers to obtain ...)
-	TODO: check
+	NOT-FOR-US: Lyris ListManager
 CVE-2005-4148 (Lyris ListManager 8.5, and possibly other versions before 8.8, ...)
-	TODO: check
+	NOT-FOR-US: Lyris ListManager
 CVE-2005-4147 (The TCLHTTPd service in Lyris ListManager before 8.9b allows remote ...)
-	TODO: check
+	NOT-FOR-US: Lyris ListManager
 CVE-2005-4146 (Lyris ListManager before 8.9b allows remote attackers to obtain ...)
-	TODO: check
+	NOT-FOR-US: Lyris ListManager
 CVE-2005-4145 (The MSDE version of Lyris ListManager 5.0 through 8.9b configures the ...)
-	TODO: check
+	NOT-FOR-US: Lyris ListManager
 CVE-2005-4144 (Lyris ListManager 5.0 through 8.9a allows remote attackers to add ...)
-	TODO: check
+	NOT-FOR-US: Lyris ListManager
 CVE-2005-4143 (SQL injection vulnerability in Lyris ListManager 5.0 through 8.9a ...)
-	TODO: check
+	NOT-FOR-US: Lyris ListManager
 CVE-2005-4142 (The web interface for subscribing new users in Lyris ListManager 5.0 ...)
-	TODO: check
-end claimed by jmm
+	NOT-FOR-US: Lyris ListManager
 CVE-2005-XXXX [Multiple issues in Horde]
 	- horde3 <unfixed> (bug filed; medium)
 CVE-2005-XXXX [XSS in Kronolith]
@@ -208,7 +207,6 @@
 	NOT-FOR-US: AIX
 CVE-2005-4067
 	REJECTED
-	- mediawiki <not-affected> (Only affects the 1.5 branch)
 CVE-2005-4066 (Total Commander 6.53 uses weak encryption to store FTP usernames and ...)
 	NOT-FOR-US: Total Commander
 CVE-2005-4065 (SQL injection vulnerability in the search module in Edgewall Trac ...)
@@ -1556,10 +1554,8 @@
 	NOT-FOR-US: HP-UX
 CVE-2005-3563
 	REJECTED
-	NOT-FOR-US: ATutor 
 CVE-2005-3562
 	REJECTED
-	NOT-FOR-US: ATutor 
 CVE-2005-3561 ( ...)
 	NOT-FOR-US: ATutor 
 CVE-2005-3560 (Zone Labs (1) ZoneAlarm Pro 6.0, (2) ZoneAlarm Internet Security Suite ...)
@@ -2282,7 +2278,6 @@
 	NOT-FOR-US: saphp Lesson
 CVE-2005-3362
 	REJECTED
-	NOT-FOR-US: myBloggie
 CVE-2005-3361 (Cross-site scripting (XSS) vulnerability in forum/index.php in ...)
 	NOT-FOR-US: FlatNuke
 CVE-2005-3360

More information about the Secure-testing-commits mailing list