[Secure-testing-commits] r2548 - data/CVE

Moritz Muehlenhoff jmm-guest at costa.debian.org
Mon Oct 24 09:54:14 UTC 2005 

Author: jmm-guest
Date: 2005-10-24 09:54:08 +0000 (Mon, 24 Oct 2005)
New Revision: 2548

Modified:
   data/CVE/list
Log:
new phpmyadmin issues, plus a CVEfication
new issue in bmv
one issue in spe not affecting debian
lots of nfus


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2005-10-24 09:28:04 UTC (rev 2547)
+++ data/CVE/list	2005-10-24 09:54:08 UTC (rev 2548)
@@ -1,55 +1,61 @@
-begin claimed by jmm
 CVE-2005-3301 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
-	TODO: check
+	TODO: check, which of these issues are covered by #328501
+CVE-2005-3300 (The register_globals emulation layer in grab_globals.php for ...)
+	- phpmyadmin <unfixed> (bug #335306; high)
+CVE-2005-3299 (PHP file inclusion vulnerability in grab_globals.lib.php in phpMyAdmin ...)
+	- phpmyadmin 4:2.6.4-pl2-1 (bug #333433)
 CVE-2005-3298 (Multiple buffer overflows in OpenWBEM on SuSE Linux 9 allow remote ...)
-	TODO: check
+	NOT-FOR-US: OpenWBEM
 CVE-2005-3297 (Multiple integer overflows in OpenWBEM on SuSE Linux 9 allow remote ...)
-	TODO: check
+	NOT-FOR-US: OpenWBEM
 CVE-2005-3296 (The FTP server in HP-UX 10.20, B.11.00, and B.11.11, allows remote ...)
-	TODO: check
+	NOT-FOR-US: HP-UX
 CVE-2005-3295 (Unspecified vulnerability in HP-UX B.11.23 on Itanium platforms allows ...)
-	TODO: check
+	NOT-FOR-US: HP-UX
 CVE-2005-3294 (Typsoft FTP Server 1.11, with &quot;Sub Directory Include&quot; enabled, allows ...)
-	TODO: check
+	NOT-FOR-US: Typsoft FTP Server
 CVE-2005-3293 (Xerver 4.17 allows remote attackers to (1) obtain source code of ...)
-	TODO: check
+	NOT-FOR-US: Xerver
 CVE-2005-3292 (Multiple cross-site scripting (XSS) vulnerabilities in Xeobook 0.93 ...)
-	TODO: check
+	NOT-FOR-US: Xeobook
 CVE-2005-3291 (Stani's Python Editor (SPE) 0.7.5 is installed with world-writable ...)
-	TODO: check
+	- spe <not-affected> (Gentoo-specific packaging flaw)
 CVE-2005-3290 (SQL injection vulnerability in Accelerated Mortgage Manager allows ...)
-	TODO: check
+	NOT-FOR-US: Accelerated Mortgage manager
 CVE-2005-3289 (LSCFG in IBM AIX 5.2 and 5.3 does not create temporary files securely, ...)
-	TODO: check
+	NOT-FOR-US: AIX
 CVE-2005-3288 (Mailsite Express allows remote attackers to upload and execute files ...)
-	TODO: check
+	NOT-FOR-US: Mailsite Express
 CVE-2005-3287 (Incomplete blacklist vulnerability in Mailsite Express allows remote ...)
-	TODO: check
+	NOT-FOR-US: Mailsite Express
 CVE-2005-3286 (The FWDRV driver in Kerio Personal Firewall 4.2 and Server Firewall ...)
-	TODO: check
+	NOT-FOR-US: Kerio Personal Firewall
 CVE-2005-3285 (Cross-site scripting (XSS) vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: Comersus Backoffice Plus
 CVE-2005-3284 (Multiple buffer overflows in AhnLab V3 AntiVirus V3Pro 2004 before ...)
-	TODO: check
+	NOT-FOR-US: AhnLab
 CVE-2005-3283 (Cross-site scripting (XSS) vulnerability in TikiWiki before 1.9.1.1 ...)
-	TODO: check
+	NOT-FOR-US: TikiWiki
 CVE-2005-3282 (Splatt Forum 3.0 to 3.2 allows remote attackers to bypass ...)
-	TODO: check
+	NOT-FOR-US: Splatt Forum
 CVE-2005-3281 (Directory traversal vulnerability in NukeFix 3.1 for PHP-Nuke 7.8 ...)
-	TODO: check
+	NOT-FOR-US: PHP-Nuke addon
 CVE-2005-3280 (Paros 3.2.5 uses a default password for the &quot;sa&quot; account in the ...)
-	TODO: check
+	NOT-FOR-US: Paros
 CVE-2005-3279 (Stack-based buffer overflow in the vgasco_printf function in Jan Kybic ...)
-	TODO: check
+	- bmv <unfixed> (bug filed; unimportant)
+	NOTE: Vulnerable code not activated in binary package
 CVE-2005-3278 (Integer overflow in the openpsfile function in gsinterf.c for Jan ...)
-	TODO: check
-CVE-2005-3277 (The LPD service in HP-UX 10.20 11.11 (11i) and earlier allows remote ...)
-	TODO: check
-end claimed by jmm
+	- bmv <unfixed> (bug filed; medium)
+CVE-2005-3277 [hpux lpd issue]
+	NOT-FOR-US: HP-UX
 CVE-2005-XXXX [adduser's deluser creates backup files with world readable permissions]
 	- adduser 3.77 (bug #331720; low)
+<<<<<<< .mine
+=======
 CVE-2005-3300 (The register_globals emulation layer in grab_globals.php for ...)
 	- phpmyadmin <unfixed> (bug #335306; high)
+>>>>>>> .r2547
 CVE-2005-XXXX [Pavuk Digest Authentication Buffer Overflow]
 	- pavuk 0.9.33-1 (bug #264684; high)
 	NOTE: second hole mentioned in bug report
@@ -330,7 +336,6 @@
 	- polipo <unfixed> (bug #332411; medium)
 CVE-2005-3162
 	REJECTED
-	NOT-FOR-US: PHP-Fusion
 CVE-2005-3161 (SQL injection vulnerability in PHP-Fusion before 6.00.110 allows ...)
 	NOT-FOR-US: PHP-Fusion
 CVE-2005-3160 (Multiple SQL injection vulnerabilities in photogallery.php in ...)
@@ -1346,7 +1351,7 @@
 CVE-2005-2760
 	RESERVED
 CVE-2005-2759 (** SPLIT ** The jlucaller program in LiveUpdate for Symantec Norton ...)
-	TODO: check
+	NOT-FOR-US: Symantec Antivirus
 CVE-2005-2758 (Integer signedness error in the administrative interface for Symantec ...)
 	NOT-FOR-US: Symantec Antivirus
 CVE-2005-2757
@@ -2465,7 +2470,7 @@
 CVE-2005-2470 (Buffer overflow in a &quot;core application plug-in&quot; for Adobe Reader 5.1 ...)
 	NOT-FOR-US: Adobe
 CVE-2005-2469 (Stack-based buffer overflow in the NMAP Agent for Novell NetMail 3.52C ...)
-	TODO: check
+	NOT-FOR-US: Novell NetMail
 CVE-2005-2459 (The huft_build function in inflate.c in the zlib routines in the Linux ...)
 	{DTSA-16-1}
 	- linux-2.6 2.6.12-3 (bug #323173)
@@ -4034,7 +4039,7 @@
 CVE-2005-2127 (Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers ...)
 	NOT-FOR-US: Windows
 CVE-2005-2126 (The FTP client in Windows XP SP1 and Server 2003, and Internet ...)
-	TODO: check
+	NOT-FOR-US: Windows
 CVE-2005-2125
 	RESERVED
 CVE-2005-2124
@@ -4042,7 +4047,7 @@
 CVE-2005-2123
 	RESERVED
 CVE-2005-2122 (Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and ...)
-	TODO: check
+	NOT-FOR-US: Windows
 CVE-2005-2121
 	RESERVED
 CVE-2005-2120 (Stack-based buffer overflow in the Plug and Play (PnP) service ...)
@@ -4050,9 +4055,9 @@
 CVE-2005-2119 (The MIDL_user_allocate function in the Microsoft Distributed ...)
 	NOT-FOR-US: Microsoft
 CVE-2005-2118 (Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and ...)
-	TODO: check
+	NOT-FOR-US: Windows
 CVE-2005-2117 (Web View in Windows Explorer on Microsoft Windows 2000 SP4, XP SP1 and ...)
-	TODO: check
+	NOT-FOR-US: Windows
 CVE-2004-2154 (CUPS before 1.1.21rc1 treats a Location directive in cupsd.conf as ...)
 	- cupsys 1.1.20final+rc1-1 (low)
 CVE-2005-2116

More information about the Secure-testing-commits mailing list