[Secure-testing-commits] r2781 - data/CVE

Moritz Muehlenhoff jmm-guest at costa.debian.org
Fri Nov 18 09:55:46 UTC 2005


Author: jmm-guest
Date: 2005-11-18 09:55:42 +0000 (Fri, 18 Nov 2005)
New Revision: 2781

Modified:
   data/CVE/list
Log:
moodle CVEfied
new clamav issue already fixed in 0.87.1
several not-affected
new mailman issue
lots of not-for-us
claim more


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2005-11-18 09:31:00 UTC (rev 2780)
+++ data/CVE/list	2005-11-18 09:55:42 UTC (rev 2781)
@@ -62,13 +62,12 @@
 	RESERVED
 CVE-2005-3700
 	RESERVED
-begin claimed by jmm
 CVE-2005-3664 (Heap-based buffer overflow in Kaspersky Anti-Virus Engine, as used in ...)
-	TODO: check
+	NOT-FOR-US: Kaspersky AV
 CVE-2005-3663 (Untrusted Windows search path vulnerability in Kaspersky Anti-Virus ...)
-	TODO: check
+	NOT-FOR-US: Kaspersky AV
 CVE-2005-3662 (Off-by-one buffer overflow in pnmtopng before 2.39, when using the ...)
-	TODO: check
+	TODO: Check, whether this applies to netpbm-free
 CVE-2005-3661
 	RESERVED
 CVE-2005-3660
@@ -92,41 +91,41 @@
 CVE-2005-3651
 	RESERVED
 CVE-2005-3650 (CodeSupport.ocx ActiveX control, as used by Sony to uninstall the ...)
-	TODO: check
+	NOT-FOR-US: Sony Root Kit Uninstaller
 CVE-2005-3649 (jumpto.php in Moodle 1.5.2 allows remote attackers to redirect users ...)
-	TODO: check
+	- moodle <unfixed> (bug #338592; medium)
 CVE-2005-3648 (Multiple SQL injection vulnerabilities in the get_record function in ...)
-	TODO: check
+	- moodle <unfixed> (bug #338592; medium)
 CVE-2005-3647 (Folder Guard allows local users to bypass protections by running from ...)
-	TODO: check
+	NOT-FOR-US: Folder Guard
 CVE-2005-3646 (Multiple SQL injection vulnerabilities in lib-sessions.inc.php in ...)
-	TODO: check
+	NOT-FOR-US: phpAdsNews
 CVE-2005-3645 (phpAdsNew 2.0.6 and possibly earlier versions allows remote attackers ...)
-	TODO: check
+	NOT-FOR-US: phpAdsNews
 CVE-2005-3644 (upnp_getdevicelist in UPnP for Windows 2000 Server SP3 and earlier, ...)
-	TODO: check
+	NOT-FOR-US: Windows 
 CVE-2005-3643 (IBM DB2 Database server running on Windows XP with Simple File Sharing ...)
-	TODO: check
+	NOT-FOR-US: DB2
 CVE-2005-3642 (IBM Informix Dynamic Database server running on Windows XP with Simple ...)
-	TODO: check
+	NOT-FOR-US: Informix
 CVE-2005-3641 (Oracle Databases running on Windows XP with Simple File Sharing ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2005-3640 (Multiple buffer overflows in the IMAP Groupware Mail server of ...)
-	TODO: check
+	NOT-FOR-US: FTGate
 CVE-2005-3639 (PHP file inclusion vulnerability in the osTicket module in Help Center ...)
-	TODO: check
+	NOT-FOR-US: Help Center Live
 CVE-2005-3638 (Cross-site scripting (XSS) vulnerabilities in Ekinboard 1.0.3 allow ...)
-	TODO: check
+	NOT-FOR-US: Ekinboard
 CVE-2005-3637 (Cross-site scripting (XSS) vulnerability in Antville 1.1 allows remote ...)
-	TODO: check
+	NOT-FOR-US: Antville 
 CVE-2005-3636 (Cross-site scripting (XSS) vulnerability in SAP Web Application Server ...)
-	TODO: check
+	NOT-FOR-US: SAP Web Application Server
 CVE-2005-3635 (Multiple cross-site scripting (XSS) vulnerabilities in SAP Web ...)
-	TODO: check
+	NOT-FOR-US: SAP Web Application Server
 CVE-2005-3634 (frameset.htm in the BSP runtime in SAP Web Application Server (WAS) ...)
-	TODO: check
+	NOT-FOR-US: SAP Web Application Server
 CVE-2005-3633 (HTTP response splitting vulnerability in frameset.htm in SAP Web ...)
-	TODO: check
+	NOT-FOR-US: SAP Web Application Server
 CVE-2005-3632
 	RESERVED
 CVE-2005-3631
@@ -148,7 +147,7 @@
 CVE-2005-3623
 	RESERVED
 CVE-2005-3622 (phpMyAdmin 2.7.0-beta1 and earlier allows remote attackers to obtain ...)
-	TODO: check
+	- phpmyadmin <unfixed> (unimportant)
 CVE-2005-3620
 	RESERVED
 CVE-2005-3619
@@ -198,50 +197,50 @@
 CVE-2005-3597
 	RESERVED
 CVE-2005-3596 (SQL injection vulnerability in ASPKnowledgebase allows remote ...)
-	TODO: check
+	NOT-FOR-US: ASPKnowledgebase
 CVE-2005-3595 (By default Microsoft Windows XP Home Edition installs with a blank ...)
-	TODO: check
+	NOT-FOR-US: Windows XP
 CVE-2005-3594 (game_score.php in e107 allows remote attackers to insert high scores ...)
-	TODO: check
+	NOT-FOR-US: e107
 CVE-2005-3592 (index.php CuteNews 1.4.0 and earlier allows remote attackers to obtain ...)
-	TODO: check
+	NOT-FOR-US: CuteNews
 CVE-2005-3591 (Macromedia Flash plugin (1) Flash.ocx 7.0.19.0 (Windows) and earlier ...)
 	TODO: check
 CVE-2005-3589 (Buffer overflow in FileZilla Server Terminal 0.9.4d may allow remote ...)
-	TODO: check
+	NOT-FOR-US: FileZilla
 CVE-2005-3588 (SQL injection vulnerability in admin.php in Advanced Guestbook 2.2 ...)
-	TODO: check
+	NOT-FOR-US: Advanced Guestbook
 CVE-2005-3587 (Improper boundary checks in petite.c in Clam AntiVirus (ClamAV) before ...)
-	TODO: check
+	- clamav 0.87.1-1 (medium)
 CVE-2005-3586 (content.php in Mambo 4.5.2 through 4.5.2.3 allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: Mambo
 CVE-2005-3585 (SQL injection vulnerability in forum.php in PhpWebThings 0.4.4 allows ...)
-	TODO: check
+	NOT-FOR-US: PhpWebThings
 CVE-2005-3584 (Cross-site scripting (XSS) vulnerability in forum.php in PhpWebThings ...)
-	TODO: check
+	NOT-FOR-US: PhpWebThings
 CVE-2005-3583 ((1) Java Runtime Environment (JRE) and (2) Software Development Kit ...)
-	TODO: check
+	NOT-FOR-US: Sun Java
 CVE-2005-3582 (ImageMagick before 6.2.4.2-r1 allows local users in the portage group ...)
-	TODO: check
+	- imagemagick <not-affected> (Gentoo-specific packaging flaw)
 CVE-2005-3581 (GDAL before 1.3.0-r1 allows local users in the portage group to ...)
-	TODO: check
+	- gdal <not-affected> (Gentoo-specific packaging flaw)
 CVE-2005-3580 (QDBM before 1.8.33-r2 allows local users in the portage group to ...)
-	TODO: check
+	- qdbm <not-affected> (Gentoo-specific packaging flaw)
 CVE-2005-3579 (ts.cgi in Walla TeleSite 3.0 and earlier allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: Walla TeleSite
 CVE-2005-3578 (SQL injection vulnerability in ts.exe in Walla TeleSite 3.0 and ...)
-	TODO: check
+	NOT-FOR-US: Walla TeleSite
 CVE-2005-3577 (Cross-site scripting vulnerability (XSS) in ts.exe in Walla TeleSite ...)
-	TODO: check
+	NOT-FOR-US: Walla TeleSite
 CVE-2005-3576 (ts.exe in Walla TeleSite 3.0 and earlier allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: Walla TeleSite
 CVE-2005-3575 (SQL injection vulnerability in show.php in Cyphor 0.19 and earlier ...)
-	TODO: check
+	NOT-FOR-US: Cyphor
 CVE-2005-3574 (PHP file inclusion vulnerability in index.php of iCMS allows remote ...)
-	TODO: check
+	NOT-FOR-US: iCMS
 CVE-2005-3573 (Scrubber.py in Mailman 2.1.5-8 does not properly handle UTF8 character ...)
-	TODO: check
-end claimed by jmm
+	- mailman <unfixed> (bug #327732; medium)
+begin claimed by jmm
 CVE-2005-3572 (SQL injection vulnerability in index.php in Peel 2.6 through 2.7 ...)
 	TODO: check
 CVE-2005-3571 (PHP file inclusion vulnerability in protection.php in CodeGrrl (a) ...)
@@ -338,6 +337,7 @@
 	RESERVED
 CVE-2005-3525
 	RESERVED
+end claimed by jmm
 CVE-2005-3522 (Cross-site scripting (XSS) vulnerability in index.jsp in ManageEngine ...)
 	TODO: check
 CVE-2005-3521 (SQL injection vulnerability in resetcore.php in e107 0.617 through ...)
@@ -708,8 +708,6 @@
 	- courier 0.47-12 (bug #211920; medium)
 CVE-2005-XXXX [double free() in libungif]
 	- libungif4 4.1.4-1 (bug #338542; medium)
-CVE-2005-XXXX [moodle SQL injection]
-	- moodle <unfixed> (bug #338592; medium)
 CVE-2005-XXXX [Buffer overflows in Sylpheed's address book import]
 	- sylpheed <unfixed> (bug #338434; medium)
 	- sylpheed-claws <unfixed> (bug #338436; medium)




More information about the Secure-testing-commits mailing list