[Secure-testing-commits] r3188 - data/CVE

Moritz Muehlenhoff jmm-guest at costa.debian.org
Fri Dec 30 04:07:52 UTC 2005 

Author: jmm-guest
Date: 2005-12-30 04:07:46 +0000 (Fri, 30 Dec 2005)
New Revision: 3188

Modified:
   data/CVE/list
Log:
With ethereal losing pace (0.10.14 fixes only three vulnerabilities),
a promising new contestant enters the field in the run for the crap
package of the month; mantis. Each new release has constant new problems,
intransparent upstream security policy and a maintainer no longer
using the package. Go, Mantis, go!


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2005-12-30 03:47:59 UTC (rev 3187)
+++ data/CVE/list	2005-12-30 04:07:46 UTC (rev 3188)
@@ -143,19 +143,19 @@
 CVE-2005-4525 (SmcGui.exe in Sygate Protection Agent 5.0 build 6144 allows local ...)
 	NOT-FOR-US: Sygate 
 CVE-2005-4524 (Mantis 1.0.0rc3 does not properly handle "Make note private" when a ...)
-	TODO: file bug
+	- mantis <unfixed> (bug filed)
 CVE-2005-4523 (Mantis 1.0.0rc3 and earlier discloses private bugs via public RSS ...)
-	TODO: file bug
+	- mantis <unfixed> (bug filed)
 CVE-2005-4522 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
-	TODO: file bug
+	- mantis <unfixed> (bug filed)
 CVE-2005-4521 (CRLF injection vulnerability in Mantis 1.0.0rc3 and earlier allows ...)
-	TODO: file bug
+	- mantis <unfixed> (bug filed)
 CVE-2005-4520 (Unspecified &quot;port injection&quot; vulnerabilities in filters in Mantis ...)
-	TODO: file bug
+	- mantis <unfixed> (bug filed)
 CVE-2005-4519 (Multiple SQL injection vulnerabilities in the manage user page ...)
-	TODO: file bug
+	- mantis <unfixed> (bug filed)
 CVE-2005-4518 (Mantis before 0.19.4 allows remote attackers to bypass the file upload ...)
-	TODO: file bug
+	- mantis <unfixed> (bug filed)
 CVE-2005-4517 (SQL injection vulnerability in PHP-Fusion 6.00.200 through 6.00.300 ...)
 	NOT-FOR-US: PHP-Fusion
 CVE-2005-4516 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Fusion ...)
@@ -770,8 +770,7 @@
 CVE-2005-4239 (Cross-site scripting (XSS) vulnerability in Search/DisplayResults.php ...)
 	NOT-FOR-US: PHP JackKnife
 CVE-2005-4238 (Cross-site scripting (XSS) vulnerability in view_filters_page.php in ...)
-	- mantis <unfixed>
-	TODO: File bug
+	- mantis <unfixed> (bug filed)
 CVE-2005-4237 (Cross-site scripting (XSS) vulnerability in MySQL Auction 3.0 and ...)
 	NOT-FOR-US: MySQL Auction 
 CVE-2005-4236 (Cross-site scripting (XSS) vulnerability in search.php in CKGOLD ...)

More information about the Secure-testing-commits mailing list