[Secure-testing-commits] r3105 - in data: . CVE

Moritz Muehlenhoff jmm-guest at costa.debian.org
Tue Dec 20 09:59:13 UTC 2005 

Author: jmm-guest
Date: 2005-12-20 09:59:08 +0000 (Tue, 20 Dec 2005)
New Revision: 3105

Modified:
   data/CVE/list
   data/embedded-code-copies
Log:
new cpio issue
some not-affected
phpmyadmin issue turned out to be unimportant
lots of NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2005-12-20 09:22:35 UTC (rev 3104)
+++ data/CVE/list	2005-12-20 09:59:08 UTC (rev 3105)
@@ -123,58 +123,60 @@
 	NOT-FOR-US: eDatCat
 CVE-2005-4288 (Cross-site scripting (XSS) vulnerability in index.php in MarmaraWeb ...)
 	NOT-FOR-US: MarmaraWeb E-commerce
-begin claimed by jmm
 CVE-2005-4287 (PHP remote file include vulnerability in MarmaraWeb E-commerce allows ...)
-	TODO: check
+	NOT-FOR-US: MarmaraWeb E-commerce
 CVE-2005-4286 (Unspecified vulnerability in PhpLogCon before 1.2.2 allows remote ...)
-	TODO: check
+	NOT-FOR-US: PhpLogCon
 CVE-2005-4285 (Cross-site scripting (XSS) vulnerability in pdestore.cgi in Dick ...)
-	TODO: check
+	NOT-FOR-US: Dick Copits PDEstore
 CVE-2005-4284 (Cross-site scripting (XSS) vulnerability in StaticStore Search Engine ...)
-	TODO: check
+	NOT-FOR-US: StaticStore Search Engine
 CVE-2005-4283 (Cross-site scripting (XSS) vulnerability in The CITY Shop 1.3 and ...)
-	TODO: check
+	NOT-FOR-US: The CITY Shop
 CVE-2005-4282 (Cross-site scripting (XSS) vulnerability in Zaygo DomainCart 2.0 and ...)
-	TODO: check
+	NOT-FOR-US: Zaygo DomainCart
 CVE-2005-4281 (Cross-site scripting (XSS) vulnerability in Zaygo HostingCart 2.0 and ...)
-	TODO: check
+	NOT-FOR-US: Zaygo HostingCart
 CVE-2005-4280 (Untrusted search path vulnerability in CMake before 2.2.0-r1 on Gentoo ...)
-	TODO: check
+	- cmake <not-affected> (Gentoo-specific packaging flaw)
 CVE-2005-4279 (Untrusted search path vulnerability in Qt-UnixODBC before 3.3.4-r1 on ...)
-	TODO: check
+	- qt-x11-free <not-affected> (Gentoo-specific packaging flaw)
 CVE-2005-4278 (Untrusted search path vulnerability in Perl before 5.8.7-r1 on Gentoo ...)
-	TODO: check
+	- perl <not-affected> (Gentoo-specific packaging flaw)
 CVE-2005-4277 (Cross-site scripting (XSS) vulnerability in index.php in toendaCMS ...)
-	TODO: check
+	NOT-FOR-US: toendaCMS
 CVE-2005-4276 (Westell Versalink 327W allows remote attackers to cause a denial of ...)
-	TODO: check
+	NOT-FOR-US: Westell Versalink
 CVE-2005-4275 (Scientific Atlanta DPX2100 Cable Modem allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: Scientific Atlanta DPX2100 Cable Modem
 CVE-2005-4274 (Unspecified vulnerability in Business Objects WebIntelligence 6.5x ...)
-	TODO: check
+	NOT-FOR-US: Business Objects WebIntelligence
 CVE-2005-4273 (Multiple unspecified vulnerabilities in (1) getShell and (2) ...)
-	TODO: check
+	NOT-FOR-US: AIX 
 CVE-2005-4272 (Multiple buffer overflows in IBM AIX 5.1, 5.2, and 5.3 allow remote ...)
-	TODO: check
+	NOT-FOR-US: AIX 
 CVE-2005-4271 (Buffer overflow in the malloc debug system in IBM AIX 5.3 allows local ...)
-	TODO: check
+	NOT-FOR-US: AIX 
 CVE-2005-4270 (Buffer overflow in Watchfire AppScan QA 5.0.609 and 5.0.134 allows ...)
-	TODO: check
+	NOT-FOR-US: Watchfire AppScan
 CVE-2005-4269 (mshtml.dll in Microsoft Windows XP, Server 2003, and Internet Explorer ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Windows
 CVE-2005-4268 (Buffer overflow in cpio 2.6-8.FC4 on 64-bit platforms, when creating a ...)
-	TODO: check
+	- cpio <unfixed> (bug filed)
+	[sarge] - cpio <unfixed>
+	[woody] - cpio <unfixed>
 CVE-2005-4267
 	RESERVED
 CVE-2004-2652 (The DecodeTCPOptions function in decode.c in Snort before 2.3.0, when ...)
 	TODO: check
 CVE-2004-2651 (Multiple cross-site scripting (XSS) vulnerabilities in YaCy before ...)
-	TODO: check
+	NOT-FOR-US: YaCy
 CVE-2003-1289 (The iBCS2 system call translator for statfs in NetBSD 1.5 through ...)
-	TODO: check
-end claimed by jmm
+	NOT-FOR-US: NetBSD
 CVE-2005-XXXX [SQL Injection in server_privileges.php]
-	- phpmyadmin <unfixed> (bug #343858; high)
+	- phpmyadmin <unfixed> (bug #343858; unimportant)
+	NOTE: Attack only works for authenticated users and after all "SQL injection" is
+	NOTE: phpmyadmin's primary use case :-)
 CVE-2005-XXXX [rageirc IRC daemon always allows login with empty password]
 	- rageircd <unfixed> (bug #343543; medium)
 CVE-2005-4266 (WorldClient.dll in Alt-N MDaemon and WorldClient 8.1.3 trusts a ...)

Modified: data/embedded-code-copies
===================================================================
--- data/embedded-code-copies	2005-12-20 09:22:35 UTC (rev 3104)
+++ data/embedded-code-copies	2005-12-20 09:59:08 UTC (rev 3105)
@@ -148,6 +148,5 @@
 curl:
 wget (code for NTLM authentication)
 
-
 TODO evaluate:
-gimp-gap
\ No newline at end of file
+gimp-gap (potentially using ffmpeg code as well)
\ No newline at end of file

More information about the Secure-testing-commits mailing list