[Secure-testing-commits] r2782 - data/CVE

Moritz Muehlenhoff jmm-guest at costa.debian.org
Fri Nov 18 10:12:34 UTC 2005 

Author: jmm-guest
Date: 2005-11-18 10:12:30 +0000 (Fri, 18 Nov 2005)
New Revision: 2782

Modified:
   data/CVE/list
Log:
horde2 and asterisk CVEfied
new kernel dos
lots of not-for-us
claim more


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2005-11-18 09:55:42 UTC (rev 2781)
+++ data/CVE/list	2005-11-18 10:12:30 UTC (rev 2782)
@@ -240,69 +240,68 @@
 	NOT-FOR-US: iCMS
 CVE-2005-3573 (Scrubber.py in Mailman 2.1.5-8 does not properly handle UTF8 character ...)
 	- mailman <unfixed> (bug #327732; medium)
-begin claimed by jmm
 CVE-2005-3572 (SQL injection vulnerability in index.php in Peel 2.6 through 2.7 ...)
-	TODO: check
+	NOT-FOR-US: Peel
 CVE-2005-3571 (PHP file inclusion vulnerability in protection.php in CodeGrrl (a) ...)
-	TODO: check
+	NOT-FOR-US: protection.php from several crappy web apps not in Debian
 CVE-2005-3570 (Unknown cross-site scripting (XSS) vulnerability in Horde before 2.2.9 ...)
-	TODO: check
+	- horde2 <unfixed> (bug #338983; unknown)
 CVE-2005-3569 (INSO service in IBM DB2 Content Manager before 8.2 Fix Pack 10 on AIX ...)
-	TODO: check
+	NOT-FOR-US: DB2
 CVE-2005-3568 (db2fmp process in IBM DB2 Content Manager before 8.2 Fix Pack 10 ...)
-	TODO: check
+	NOT-FOR-US: DB2
 CVE-2005-3567 (slapd daemon in IBM Tivoli Directory Server 5.2.0 and 6.0.0 binds ...)
-	TODO: check
+	NOT-FOR-US: Tivoli
 CVE-2005-3566 (Buffer overflow in the ha command of VERITAS Cluster Server for UNIX ...)
-	TODO: check
+	NOT-FOR-US: VERITAS Cluster Server
 CVE-2005-3565 (Unknown vulnerability in remshd daemon in HP-UX B.11.00, B.11.11, and ...)
-	TODO: check
+	NOT-FOR-US: HP-UX
 CVE-2005-3564 (envd daemon in HP-UX B.11.00 through B.11.11 allows local users to ...)
-	TODO: check
+	NOT-FOR-US: HP-UX
 CVE-2005-3563 (ATutor 1.5.1 stores temporary chat logs as world readable under the ...)
-	TODO: check
+	NOT-FOR-US: ATutor 
 CVE-2005-3562 (Direct code injection vulnerability in ATutor 1.5.1 allows remote ...)
-	TODO: check
+	NOT-FOR-US: ATutor 
 CVE-2005-3561 (SQL injection vulnerability in password_reminder.php in ATutor before ...)
-	TODO: check
+	NOT-FOR-US: ATutor 
 CVE-2005-3560 (Zone Labs (1) ZoneAlarm Pro 6.0, (2) ZoneAlarm Internet Security Suite ...)
-	TODO: check
+	NOT-FOR-US: Zone Labs
 CVE-2005-3559 (Directory traversal vulnerability in vmail.cgi in Asterisk 1.0.9 ...)
-	TODO: check
+	- asterisk <unfixed> (bug #338116; medium)
 CVE-2005-3558 (PHP file inclusion vulnerability in index.php in OSTE 1.0 allows ...)
-	TODO: check
+	NOT-FOR-US: OSTE 
 CVE-2005-3557 (Directory traversal vulnerability in admin/defaults.php in PHPlist ...)
-	TODO: check
+	NOT-FOR-US: PHPList
 CVE-2005-3556 (Multiple cross-site scripting (XSS) vulnerabilities in PHPlist 2.10.1 ...)
-	TODO: check
+	NOT-FOR-US: PHPList
 CVE-2005-3555 (Multiple SQL injection vulnerabilities in PHPlist 2.10.1 and earlier ...)
-	TODO: check
+	NOT-FOR-US: PHPList
 CVE-2005-3554 (Multiple direct code injection vulnerabilities in the help function in ...)
-	TODO: check
+	NOT-FOR-US: PHPKIT
 CVE-2005-3553 (Multiple SQL injection vulnerabilities include.php in PHPKIT 1.6.1 R2 ...)
-	TODO: check
+	NOT-FOR-US: PHPKIT
 CVE-2005-3552 (Multiple cross-site scripting (XSS) vulnerabilities in PHPKIT 1.6.1 R2 ...)
-	TODO: check
+	NOT-FOR-US: PHPKIT
 CVE-2005-3551 (toendaCMS before 0.6.2 stores user account and session data in the web ...)
-	TODO: check
+	NOT-FOR-US: toendaCMS
 CVE-2005-3550 (Directory traversal vulnerability in admin.php in toendaCMS before ...)
-	TODO: check
+	NOT-FOR-US: toendaCMS
 CVE-2005-3549 (Direct code injection vulnerability in Task Manager in Invision Power ...)
-	TODO: check
+	NOT-FOR-US: Invision Power Board
 CVE-2005-3548 (Directory traversal vulnerability in Task Manager in Invision Power ...)
-	TODO: check
+	NOT-FOR-US: Invision Power Board
 CVE-2005-3547 (Cross-site scripting (XSS) vulnerability in Invision Power Board 2.1 ...)
-	TODO: check
+	NOT-FOR-US: Invision Power Board
 CVE-2005-3546 (suid.cgi scripts in F-Secure (1) Internet Gatekeeper for Linux before ...)
-	TODO: check
+	NOT-FOR-US: F-Secure Internet Gatekeeper and Antivirus Gateway
 CVE-2005-3545 (SQL injection vulnerability in index.php of the report module in ...)
-	TODO: check
+	NOT-FOR-US: ibProArcade
 CVE-2005-3544 (Cross-site scripting (XSS) vulnerability in u2u.php in XMB 1.9.3 ...)
-	TODO: check
+	NOT-FOR-US: XMB
 CVE-2005-3543 (SQL injection vulnerability in search.php in Phorum 5.0.0alpha through ...)
-	TODO: check
+	NOT-FOR-US: Phorum
 CVE-2005-3542 (SQL injection vulnerability in showGallery.php in Tonio Gallery 2.4 ...)
-	TODO: check
+	NOT-FOR-US: Tonio Gallery
 CVE-2005-3541
 	RESERVED
 CVE-2005-3540
@@ -332,12 +331,13 @@
 CVE-2005-3528
 	RESERVED
 CVE-2005-3527 (Race condition in do_coredump in signal.c in Linux kernel 2.6 allows ...)
-	TODO: check
+	- linux-2.6 <unfixed> 
+	NOTE: Pinged Horms and Dannf
 CVE-2005-3526
 	RESERVED
 CVE-2005-3525
 	RESERVED
-end claimed by jmm
+begin claimed by jmm
 CVE-2005-3522 (Cross-site scripting (XSS) vulnerability in index.jsp in ManageEngine ...)
 	TODO: check
 CVE-2005-3521 (SQL injection vulnerability in resetcore.php in e107 0.617 through ...)
@@ -414,6 +414,7 @@
 	TODO: check
 CVE-2005-3483 (Buffer overflow in GO-Global for Windows 3.1.0.3270 and earlier allows ...)
 	TODO: check
+end claimed by jmm
 CVE-2004-2540 (readObject in (1) Java Runtime Environment (JRE) and (2) Software ...)
 	TODO: check
 CVE-2003-1283 (KaZaA Media Desktop (KMD) 2.0 launches advertisements in the Internet ...)
@@ -697,8 +698,6 @@
 CVE-2005-XXXX [kernel: NFS leases mem leak]
 	- linux-2.6 <unfixed>
 	- kernel-source-2.4.27 <not-affected>
-CVE-2005-XXXX [XSS in Horde]
-	- horde2 <unfixed> (bug #338983; unknown)
 CVE-2005-XXXX [Insecure temp file usage in migrationtools]
 	- migrationtools <unfixed> (bug #338920; medium)
 CVE-2005-XXXX [user logout in drupal has no effect]
@@ -711,8 +710,6 @@
 CVE-2005-XXXX [Buffer overflows in Sylpheed's address book import]
 	- sylpheed <unfixed> (bug #338434; medium)
 	- sylpheed-claws <unfixed> (bug #338436; medium)
-CVE-2005-XXXX [Information disclosure in Asterisk's voice mail system]
-	- asterisk <unfixed> (bug #338116; medium)
 CVE-2005-XXXX [webcalendar's password visible to local users through debconf]
 	- webcalendar <unfixed> (bug #337624)
 CVE-2005-3523 (Format string vulnerability in friendsd2 in GpsDrive allows remote ...)

More information about the Secure-testing-commits mailing list