[Secure-testing-commits] r3036 - data/CVE

Moritz Muehlenhoff jmm-guest at costa.debian.org
Wed Dec 14 09:51:00 UTC 2005


Author: jmm-guest
Date: 2005-12-14 09:50:56 +0000 (Wed, 14 Dec 2005)
New Revision: 3036

Modified:
   data/CVE/list
Log:
four of the horde XSS issues have been CVEfied,
MITRE seems to have missed turba, I've pinged them


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2005-12-14 09:36:36 UTC (rev 3035)
+++ data/CVE/list	2005-12-14 09:50:56 UTC (rev 3036)
@@ -66,25 +66,27 @@
 	NOT-FOR-US: MyBB
 CVE-2005-4198 (SQL injection vulnerability in index.php in Netref 3.0 allows remote ...)
 	NOT-FOR-US: Netref
-begin claimed by jmm
 CVE-2005-4197 (tunnelform.yaws in Nortel SSL VPN 4.2.1.6 allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: Nortel SSL VPN
 CVE-2005-4196 (Multiple cross-site scripting (XSS) vulnerabilities in Scout Portal ...)
-	TODO: check
+	NOT-FOR-US: Scout Portal Toolkit
 CVE-2005-4195 (Multiple SQL injection vulnerabilities in Scout Portal Toolkit (SPT) ...)
-	TODO: check
+	NOT-FOR-US: Scout Portal Toolkit
 CVE-2005-4194 (Buffer overflow in MediaServerList.exe in Sights 'n Sounds Streaming ...)
-	TODO: check
+	NOT-FOR-US: Sights 'n Sounds Streaming Media Server
 CVE-2005-4193 (Cross-site scripting (XSS) vulnerability in UseBB before 0.7 allows ...)
-	TODO: check
+	NOT-FOR-US: UseBB
+CVE-2005-XXXX [XSS in Turba]
+	- turba2 <unfixed> (bug #342946; medium)
+	NOTE: CVE requested
 CVE-2005-4192 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
-	TODO: check
+	- mnemo2 <unfixed> (bug #342944; medium)
 CVE-2005-4191 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
-	TODO: check
+	- nag2 <unfixed> (bug #342945; medium)
 CVE-2005-4190 (Multiple cross-site scripting (XSS) vulnerabilities in Horde Framework ...)
-	TODO: check
+	- horde3 <unfixed> (bug #342942; medium)
 CVE-2005-4189 (Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith ...)
-	TODO: check
+	- kronolith <unfixed> (bug #342943; medium)
 CVE-2005-4188
 	RESERVED
 CVE-2005-4187
@@ -106,32 +108,31 @@
 CVE-2005-4179
 	RESERVED
 CVE-2005-4177 (Cross-site scripting (XSS) vulnerability in book.cfm in Magic Book ...)
-	TODO: check
+	NOT-FOR-US: Magic Book Personal and Professional
 CVE-2005-4176 (AWARD Bios Modular 4.50pg does not clear the keyboard buffer after ...)
-	TODO: check
+	NOT-FOR-US: AWARD BIOS
 CVE-2005-4175 (Insyde BIOS V190 does not clear the keyboard buffer after reading the ...)
-	TODO: check
+	NOT-FOR-US: Insyde BIOS
 CVE-2005-4174 (eFiction 1.0, 1.1, and 2.0, in unspecified environments, might allow ...)
-	TODO: check
+	NOT-FOR-US: eFiction
 CVE-2005-4173 (eFiction 1.0, 1.1, and 2.0 allows remote attackers to obtain sensitive ...)
-	TODO: check
+	NOT-FOR-US: eFiction
 CVE-2005-4172 (eFiction 1.0, 1.1, and 2.0 allows remote attackers to obtain sensitive ...)
-	TODO: check
+	NOT-FOR-US: eFiction
 CVE-2005-4171 (The &quot;Upload new image&quot; command in the &quot;Manage Images&quot; eFiction 1.1, ...)
-	TODO: check
+	NOT-FOR-US: eFiction
 CVE-2005-4170 (SQL injection vulnerability in eFiction 1.1 allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: eFiction
 CVE-2005-4169 (Multiple SQL injection vulnerabilities in eFiction 1.0 allow remote ...)
-	TODO: check
+	NOT-FOR-US: eFiction
 CVE-2005-4168 (Multiple SQL injection vulnerabilities in eFiction 1.0, 1.1, and 2.0 ...)
-	TODO: check
+	NOT-FOR-US: eFiction
 CVE-2005-4167 (Cross-site scripting (XSS) vulnerability in eFiction 1.0 and 1.1 ...)
-	TODO: check
+	NOT-FOR-US: eFiction
 CVE-2005-4166 (Cross-site scripting (XSS) vulnerability in password.asp in DUWare ...)
-	TODO: check
+	NOT-FOR-US: DUportal
 CVE-2005-4165 (Multiple SQL injection vulnerabilities in ASP-DEV ASP Resources Forum ...)
-	TODO: check
-end claimed by jmm
+	NOT-FOR-US: ASP-DEV ASP Resources Forum
 CVE-2005-XXXX [Another fib_lookup DoS]
 	- linux-2.6 <unfixed>
 CVE-2005-XXXX [DoS in i82365 driver]
@@ -185,16 +186,6 @@
 	NOT-FOR-US: Lyris ListManager
 CVE-2005-4142 (The web interface for subscribing new users in Lyris ListManager 5.0 ...)
 	NOT-FOR-US: Lyris ListManager
-CVE-2005-XXXX [Multiple issues in Horde]
-	- horde3 <unfixed> (bug #342942; medium)
-CVE-2005-XXXX [XSS in Kronolith]
-	- kronolith <unfixed> (bug #342943; medium)
-CVE-2005-XXXX [XSS in Mnemo]
-	- mnemo2 <unfixed> (bug #342944; medium)
-CVE-2005-XXXX [XSS in Nag]
-	- nag2 <unfixed> (bug #342945; medium)
-CVE-2005-XXXX [XSS in Turba]
-	- turba2 <unfixed> (bug #342946; medium)
 CVE-2005-4141 (Multiple SQL injection vulnerabilities in ASPMForum allow remote ...)
 	NOT-FOR-US: ASPMForum
 CVE-2005-4140 (SQL injection vulnerability in admin/login/index.php in Website Baker ...)




More information about the Secure-testing-commits mailing list