[Secure-testing-commits] r2592 - data/CVE

Thu Oct 27 09:47:47 UTC 2005

Author: jmm-guest
Date: 2005-10-27 09:47:42 +0000 (Thu, 27 Oct 2005)
New Revision: 2592

Modified:
   data/CVE/list
Log:
new php issues
chmlib CVEfied
phpbb2 CVEfied
lots if NFUs
claim more


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2005-10-27 09:41:46 UTC (rev 2591)
+++ data/CVE/list	2005-10-27 09:47:42 UTC (rev 2592)
@@ -39,17 +39,17 @@
 	TODO: check
 CVE-2005-3321 (chkstat in SuSE Linux 9.0 through 10.0 allows local users to modify ...)
 	NOT-FOR-US: SuSE-specific tool
-begin claimed by jmm
 CVE-2005-3320 (Cross-site scripting (XSS) vulnerability in SiteTurn Domain Manager ...)
-	TODO: check
+	NOT-FOR-US: SiteTurn Domain Manager
 CVE-2005-3319 (The apache2handler SAPI (sapi_apache2.c) in the Apache module ...)
-	TODO: check
+	- php4 <unfixed>
+	- php5 <unfixed>
 CVE-2005-3318 (Buffer overflow in the _chm_decompress_block function in CHM lib ...)
-	TODO: check
+	- chmlib <unfixed> (bug #335931; medium)
 CVE-2005-3317 (Multiple stack-based buffer overflows in ZipGenius 5.5.1.468 and ...)
-	TODO: check
+	NOT-FOR-US: ZipGenius
 CVE-2005-3316 (The installation of ON Symantec Discovery 4.5.x and Symantec Discovery ...)
-	TODO: check
+	NOT-FOR-US: Symantec Discovery
 CVE-2005-3315
 	RESERVED
 CVE-2005-3314
@@ -57,26 +57,26 @@
 CVE-2005-3313
 	RESERVED
 CVE-2005-3312 (The HTML rendering engine in Microsoft Internet Explorer 6.0 allows ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2005-3311 (BMC Software Control-M 6.1.03 for Solaris, and possibly other ...)
-	TODO: check
+	NOT-FOR-US: BMC Software Control-M
 CVE-2005-3310 (Multiple interpretation error in phpBB 2.0.17, with remote avatars and ...)
-	TODO: check
+	- phpbb2 <unfixed> (bug filed)
 CVE-2005-3309 (Multiple SQL injection vulnerabilities in Zomplog 3.4 allow remote ...)
-	TODO: check
+	NOT-FOR-US: Zomplog
 CVE-2005-3308 (Multiple cross-site scripting (XSS) vulnerabilities in Zomplog 3.4 ...)
-	TODO: check
+	NOT-FOR-US: Zomplog
 CVE-2005-3307 (Directory traversal vulnerability in index.php for FlatNuke 2.5.6 ...)
-	TODO: check
+	NOT-FOR-US: FlatNuke
 CVE-2005-3306 (Cross-site scripting (XSS) vulnerability in index.php for FlatNuke ...)
-	TODO: check
+	NOT-FOR-US: FlatNuke
 CVE-2005-3305 (Multiple SQL injection vulnerabilities in Nuked Klan 1.7 allow remote ...)
-	TODO: check
+	NOT-FOR-US: Nuked Klan
 CVE-2005-3304 (Multiple SQL injection vulnerabilities in PHP-Nuke 7.8 allow remote ...)
-	TODO: check
+	NOT-FOR-US: PHP-Nuke
 CVE-2005-3303
 	RESERVED
-end claimed by jmm
+begin claimed by jmm
 CVE-2004-2539 (Unknown vulnerability in Network Appliance NetCache 5.2 and Data ONTAP ...)
 	TODO: check
 CVE-2004-2538 (Direct static code injection vulnerability in the PCG simple ...)
@@ -135,6 +135,7 @@
 	TODO: check
 CVE-2004-2511 (Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal ...)
 	TODO: check
+end claimed by jmm
 CVE-2004-2510 (Cross-site scripting (XSS) vulnerability in showflat.php in Infopop ...)
 	TODO: check
 CVE-2004-2509 (Cross-site scripting (XSS) vulnerabilities in (1) calendar.php, (2) ...)
@@ -194,14 +195,10 @@
 	[sarge] - kernel-source-2.4.27 <not-affected>
 	[sarge] - kernel-source-2.6.8 <not-affected>
 	NOTE: http://www.kernel.org/git/?p=linux/kernel/git/chrisw/linux-2.6.12.y.git;a=commit;h=4717ecd49ce5c556d38e8c7b6fdc9fac5d35c00e
-CVE-2005-XXXX [chmlib buffer overflow]
-	- chmlib <unfixed> (bug #335931; medium)
 CVE-2005-XXXX [Insecure temp file usage in thttpd's syslogtocern]
 	- thttpd 2.23beta1-4 (low)
 CVE-2005-XXXX [buffer overflow in inkscape]
 	- inkscape <unfixed> (bug #330894)
-CVE-2005-XXXX [phpbb2 cookie disclosure when using IE as a browser]
-	- phpbb2 <unfixed> (bug filed)
 CVE-2005-3301 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
 	- phpmyadmin 4:2.6.4-pl3-1 (bug #335513; medium)
 CVE-2005-3300 (The register_globals emulation layer in grab_globals.php for ...)


