[Secure-testing-commits] r3184 - data/CVE

Moritz Muehlenhoff jmm-guest at costa.debian.org
Fri Dec 30 01:47:44 UTC 2005 

Author: jmm-guest
Date: 2005-12-30 01:47:39 +0000 (Fri, 30 Dec 2005)
New Revision: 3184

Modified:
   data/CVE/list
Log:
scponly CVEfied
a whole bunch of new mantis crap
new mediawiki issue


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2005-12-30 01:16:51 UTC (rev 3183)
+++ data/CVE/list	2005-12-30 01:47:39 UTC (rev 3184)
@@ -122,77 +122,75 @@
 	RESERVED
 CVE-2005-4535
 	RESERVED
-begin claimed by jmm
 CVE-2005-4533 (Argument injection vulnerability in scponlyc in scponly 4.1 and ...)
-	TODO: check
+	- scponly <unfixed> (bug #344418)
 CVE-2005-4532 (scponlyc in scponly 4.1 and earlier, when the operating system ...)
-	TODO: check
+	- scponly <unfixed> (bug #344418)
 CVE-2005-4531
 	REJECTED
-	TODO: check
 CVE-2005-4530 (Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft EPay ...)
-	TODO: check
+	NOT-FOR-US: EPay Enterprise
 CVE-2005-4529 (The Chatspot 2.0.0a7 module for phpBB might allow remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: phpBB addon
 CVE-2005-4528 (SQL injection vulnerability in the Chatspot 2.0.0a7 module for phpBB ...)
-	TODO: check
+	NOT-FOR-US: phpBB addon
 CVE-2005-4527 (Multiple SQL injection vulnerabilities in Direct News 4.9 allow remote ...)
-	TODO: check
+	NOT-FOR-US: Direct News
 CVE-2005-4526 (Clearswift MIMEsweeper For Web (a.k.a. WEBsweeper) 4.0 through 5.1 ...)
-	TODO: check
+	NOT-FOR-US: MIMEsweeper For Web
 CVE-2005-4525 (SmcGui.exe in Sygate Protection Agent 5.0 build 6144 allows local ...)
-	TODO: check
+	NOT-FOR-US: Sygate 
 CVE-2005-4524 (Mantis 1.0.0rc3 does not properly handle &quot;Make note private&quot; when a ...)
-	TODO: check
+	TODO: file bug
 CVE-2005-4523 (Mantis 1.0.0rc3 and earlier discloses private bugs via public RSS ...)
-	TODO: check
+	TODO: file bug
 CVE-2005-4522 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
-	TODO: check
+	TODO: file bug
 CVE-2005-4521 (CRLF injection vulnerability in Mantis 1.0.0rc3 and earlier allows ...)
-	TODO: check
+	TODO: file bug
 CVE-2005-4520 (Unspecified &quot;port injection&quot; vulnerabilities in filters in Mantis ...)
-	TODO: check
+	TODO: file bug
 CVE-2005-4519 (Multiple SQL injection vulnerabilities in the manage user page ...)
-	TODO: check
+	TODO: file bug
 CVE-2005-4518 (Mantis before 0.19.4 allows remote attackers to bypass the file upload ...)
-	TODO: check
+	TODO: file bug
 CVE-2005-4517 (SQL injection vulnerability in PHP-Fusion 6.00.200 through 6.00.300 ...)
-	TODO: check
+	NOT-FOR-US: PHP-Fusion
 CVE-2005-4516 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Fusion ...)
-	TODO: check
+	NOT-FOR-US: PHP-Fusion
 CVE-2005-4515 (SQL injection vulnerability in WebDB 1.1 and earlier allows remote ...)
-	TODO: check
+	NOT-FOR-US: WebDB
 CVE-2005-4514 (The encapsulation script mechanism in Webwasher CSM Appliance Suite ...)
-	TODO: check
+	NOT-FOR-US: Webwasher
 CVE-2005-4513 (Cross-site scripting (XSS) vulnerability in WANDSOFT e-SEARCH allows ...)
-	TODO: check
+	NOT-FOR-US: WANDSOFT e-SEARCH
 CVE-2005-4512 (Cross-site scripting (XSS) vulnerability in WAXTRAPP 3.0.1 and earlier ...)
-	TODO: check
+	NOT-FOR-US: WAXTRAPP
 CVE-2005-4511 (Format string vulnerability in TN3270 Resource Gateway 1.1.0 allows ...)
-	TODO: check
+	NOT-FOR-US: TN3270 Resource Gateway
 CVE-2005-4510 (Directory traversal vulnerability in server.np in NetPublish Server 7 ...)
-	TODO: check
+	NOT-FOR-US: Netpublish Server
 CVE-2005-4509 (SQL injection vulnerability in index.asp in pTools allows remote ...)
-	TODO: check
+	NOT-FOR-US: pTools
 CVE-2005-4508 (Nexus Concepts Dev Hound 2.24 and earlier allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: Nexus Concepts Dev Hound
 CVE-2005-4507 (Multiple cross-site scripting (XSS) vulnerabilities in Nexus Concepts ...)
-	TODO: check
+	NOT-FOR-US: Nexus Concepts Dev Hound
 CVE-2005-4506 (Nexus Concepts Dev Hound 2.24 and earlier stores username and password ...)
-	TODO: check
+	NOT-FOR-US: Nexus Concepts Dev Hound
 CVE-2005-4505 (Unquoted Windows search path vulnerability in McAfee VirusScan ...)
-	TODO: check
+	NOT-FOR-US: McAfee
 CVE-2005-4504 (The khtml::RenderTableSection::ensureRows function in KHTMLParser in ...)
-	TODO: check
+	TODO: check, whether this affects konqueror
 CVE-2005-4503 (httprint v202, and possibly other versions before v301, allows remote ...)
-	TODO: check
+	NOT-FOR-US: httprint
 CVE-2005-4502 (Cross-site scripting (XSS) vulnerability in httprint v202, and ...)
-	TODO: check
+	NOT-FOR-US: httprint
 CVE-2005-4501 (MediaWiki before 1.5.4 uses a hard-coded &quot;internal placeholder ...)
-	TODO: check
+	- mediawiki <unfixed> (bug filed)
 CVE-2005-4500 (SQL injection vulnerability in MusicBox 2.3 allows remote attackers to ...)
-	TODO: check
-end claimed by jmm
+	NOT-FOR-US: MusicBox
+begin claimed by jmm
 CVE-2005-4499 (The Downloadable RADIUS ACLs feature in Cisco PIX and VPN 3000 ...)
 	TODO: check
 CVE-2005-4498 (Cross-site scripting (XSS) vulnerability in Text-e 1.6.4 and earlier ...)
@@ -243,8 +241,7 @@
 	TODO: check
 CVE-2005-4475 (Cross-site scripting (XSS) vulnerability in OpenCms 6.0.3 and earlier ...)
 	TODO: check
-CVE-2005-XXXX [privilege escalation in scponly]
-	- scponly <unfixed> (bug #344418)
+end claimed by jmm
 CVE-2005-4534 (The shadow database feature (syncshadowdb) in Bugzilla 2.16.7 through ...)
 	- bugzilla 2.18 (bug #329387; low)
 	NOTE: The vulnerable script has been removed in the 2.18 upstream release

More information about the Secure-testing-commits mailing list