[Secure-testing-commits] r2591 - data/CVE

Moritz Muehlenhoff jmm-guest at costa.debian.org
Thu Oct 27 09:41:51 UTC 2005 

Author: jmm-guest
Date: 2005-10-27 09:41:46 +0000 (Thu, 27 Oct 2005)
New Revision: 2591

Modified:
   data/CVE/list
Log:
lots of mantis issues CVEfied, some new forwarded NMUer
new flyspray issue
new BASE issue
mgdiff CVEfied
wordpress CVEfied
zope CVEfied
lots of NFUs
claim new block


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2005-10-27 09:16:49 UTC (rev 2590)
+++ data/CVE/list	2005-10-27 09:41:46 UTC (rev 2591)
@@ -1,43 +1,45 @@
-begin claimed by jmm
 CVE-2005-3339 (Mantis before 0.19.3 caches the User ID longer than necessary, which ...)
-	TODO: check
+	- mantis <unfixed> (bug #330682; unknown)
 CVE-2005-3338 (Unspecified vulnerability in Mantis before 0.19.3, when using ...)
-	TODO: check
+	- mantis <unfixed> (bug #330682; low)
 CVE-2005-3337 (Multiple cross-site scripting (XSS) vulnerabilities in Mantis before ...)
-	TODO: check
+	- mantis <unfixed>
+	NOTE: Pinged Thijs Kinkhorst, who's preparing an update
 CVE-2005-3336 (SQL injection vulnerability in Mantis 1.0.0RC2 and 0.19.2 allows ...)
-	TODO: check
+	- mantis <unfixed>
+	NOTE: Pinged Thijs Kinkhorst, who's preparing an update
 CVE-2005-3335 (PHP file inclusion vulnerability in bug_sponsorship_list_view_inc.php ...)
-	TODO: check
+	- mantis <unfixed> (bug filed; medium)
 CVE-2005-3334 (Cross-site scripting (XSS) vulnerability in index.php in Flyspray ...)
-	TODO: check
+	- flyspray <unfixed> (bug filed)
 CVE-2005-3333 (SQL injection vulnerability in eBASEweb 3.0 allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: eBASEweb
 CVE-2005-3332 (PHP remote file include vulnerability in admin/define.inc.php in ...)
-	TODO: check
+	NOT-FOR-US: Belchior Foundry vCard
 CVE-2005-3331 (viewpatch in mgdiff 1.0 allows local users to overwrite arbitrary ...)
-	TODO: check
+	- mgdiff 1.0-28 (bug #335188; unimportant)
 CVE-2005-3330 (The _httpsrequest function in Snoopy 1.2 allows remote attackers to ...)
-	TODO: check
+	- wordpress <unfixed> (bug #335817; high)
 CVE-2005-3329 (Cross-site scripting (XSS) vulnerability in RSA Authentication Agent ...)
-	TODO: check
+	NOT-FOR-US: RSA Authentication Agent
 CVE-2005-3328 (PHP remote file inclusion vulnerability in common.php PunBB 1.1.2 ...)
-	TODO: check
+	NOT-FOR-US: PunBB
 CVE-2005-3327 (Network Appliance Data ONTAP 7.0 and earlier allows iSCSI Initiators ...)
-	TODO: check
-CVE-2005-3326 (SQL injection vulnerability in usercp.php in MyBulletinBoard (MyBB) ...)
-	TODO: check
+	NOT-FOR-US: Data ONTAP
+CVE-2005-3326 (SQL injection vulnerability in usercp.php in MyBulletinBoard (MyBB) ...) M
+	NOT-FOR-US: MyBB
 CVE-2005-3325 (SQL injection vulnerability in base_qry_main.php in Basic Analysis and ...)
-	TODO: check
+	- acidbase <unfixed> (bug filed)
 CVE-2005-3324 (SQL injection vulnerability in chat.php in MWChat 6.8 allows remote ...)
-	TODO: check
+	NOT-FOR-US: MWChat
 CVE-2005-3323 (docutils in Zope 2.6, 2.7 before 2.7.8, and 2.8 before 2.8.2 allows ...)
-	TODO: check
+	- zope2.8 2.8.1-7 (bug #334055; unknown)
+	- zope2.7 2.7.8-1 (bug #334055; unknown)
 CVE-2005-3322 (Unspecified vulnerability in Squid on SUSE Linux 9.0 allows remote ...)
 	TODO: check
 CVE-2005-3321 (chkstat in SuSE Linux 9.0 through 10.0 allows local users to modify ...)
-	TODO: check
-end claimed by jmm
+	NOT-FOR-US: SuSE-specific tool
+begin claimed by jmm
 CVE-2005-3320 (Cross-site scripting (XSS) vulnerability in SiteTurn Domain Manager ...)
 	TODO: check
 CVE-2005-3319 (The apache2handler SAPI (sapi_apache2.c) in the Apache module ...)
@@ -74,6 +76,7 @@
 	TODO: check
 CVE-2005-3303
 	RESERVED
+end claimed by jmm
 CVE-2004-2539 (Unknown vulnerability in Network Appliance NetCache 5.2 and Data ONTAP ...)
 	TODO: check
 CVE-2004-2538 (Direct static code injection vulnerability in the PCG simple ...)
@@ -193,14 +196,8 @@
 	NOTE: http://www.kernel.org/git/?p=linux/kernel/git/chrisw/linux-2.6.12.y.git;a=commit;h=4717ecd49ce5c556d38e8c7b6fdc9fac5d35c00e
 CVE-2005-XXXX [chmlib buffer overflow]
 	- chmlib <unfixed> (bug #335931; medium)
-CVE-2005-XXXX [mantis t_core_path file inclusion]
-	- mantis <unfixed> (bug filed; medium)
 CVE-2005-XXXX [Insecure temp file usage in thttpd's syslogtocern]
 	- thttpd 2.23beta1-4 (low)
-CVE-2005-XXXX [wordpress contains a vulnerable copy of "snoopy"]
-	- wordpress <unfixed> (bug #335817; high)
-CVE-2005-XXXX [Insecure temp usage in mgdiff example file]
-	- mgdiff 1.0-28 (bug #335188; unimportant)
 CVE-2005-XXXX [buffer overflow in inkscape]
 	- inkscape <unfixed> (bug #330894)
 CVE-2005-XXXX [phpbb2 cookie disclosure when using IE as a browser]
@@ -308,10 +305,6 @@
 	NOT-FOR-US: versatileBulletinBoard
 CVE-2005-3259 (Multiple SQL injection vulnerabilities in versatileBulletinBoard (vBB) ...)
 	NOT-FOR-US: versatileBulletinBoard
-CVE-2005-XXXX [Insecure caching of user id in mantis]
-	- mantis <unfixed> (bug #330682; unknown)
-CVE-2005-XXXX [Filter information disclosure in mantis]
-	- mantis <unfixed> (bug #330682; low)
 CVE-2005-3258 (The rfc1738_do_escape function in ftp.c for Squid 2.5 STABLE11 and ...)
 	- squid <not-affected> (bug #334882; medium)
 	NOTE: Bug was introduced in a patch to squid-2.5.STABLE10,
@@ -474,9 +467,6 @@
 	- xscreensaver <unfixed> (bug #334193; low)
 CVE-2005-XXXX [centericq remote dos by special nmap scan]
 	- centericq <unfixed> (bug #334089; low)
-CVE-2005-XXXX [Unspecified vulnerability in zope's docutils]
-	- zope2.8 2.8.1-7 (bug #334055; unknown)
-	- zope2.7 2.7.8-1 (bug #334055; unknown)
 CVE-2005-3185 (Stack-based buffer overflow in the ntlm_output function in http-ntlm.c ...)
 	- wget 1.10.2-1 (medium)
 	- curl 7.15.0-1 (bug #333734; medium)

More information about the Secure-testing-commits mailing list