[Secure-testing-commits] r8997 - bin data/CVE

nion at alioth.debian.org nion at alioth.debian.org
Fri Jun 6 13:36:22 UTC 2008 

Author: nion
Date: 2008-06-06 13:36:21 +0000 (Fri, 06 Jun 2008)
New Revision: 8997

Modified:
   bin/report-vuln
   data/CVE/list
Log:
NFUs

Modified: bin/report-vuln
===================================================================
--- bin/report-vuln	2008-06-06 11:10:07 UTC (rev 8996)
+++ bin/report-vuln	2008-06-06 13:36:21 UTC (rev 8997)
@@ -11,8 +11,9 @@
 #     mutt -i $TMPFILE submit at bugs.debian.org
 #     rm $TMPFILE
 # }
+# export http_proxy if you need to use an http proxy to report bugs
 
-import sys, re, httplib
+import sys, re, httplib, os
 
 def gen_index(ids):
 	ret = ''
@@ -22,18 +23,30 @@
 
 	return ret
 
+def do_httpconnect(id):
+	proxy = os.getenv('http_proxy').lstrip('http://')
+	url = '/cgi-bin/cvename.cgi?name=' + id
+	host = 'cve.mitre.org'
+	if proxy != None:
+		host = proxy
+		url = 'http://cve.mitre.org' + url
+
+	try:
+		conn = httplib.HTTPConnection(host)
+		conn.request('GET', url)
+		resp = conn.getresponse()
+	except Exception, e:
+		error('on doing HTTP request' + str(e))
+
+	return resp
+
 # this is a hack that parses the cve id description from mitre
 def get_cve(id):
 	desc = False
 	r = re.compile('.*<th\ colspan=.*>Description<.*')
 	tag = re.compile('.*</?tr>.*')
-	try:
-		conn = httplib.HTTPConnection('cve.mitre.org')
-		conn.request('GET', '/cgi-bin/cvename.cgi?name=' + id)
-		resp = conn.getresponse()
-		ret = ''
-	except Exception, e:
-		error('on doing HTTP request' + str(e))
+	ret = ''
+	resp = do_httpconnect(id)
 
 	for line in resp.read().rsplit('\n'):
 		if r.match(line):

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-06-06 11:10:07 UTC (rev 8996)
+++ data/CVE/list	2008-06-06 13:36:21 UTC (rev 8997)
@@ -1,15 +1,15 @@
 CVE-2008-2559 (Integer overflow in Borland Interbase 2007 SP2 (8.1.0.256) allows ...)
-	TODO: check
+	NOT-FOR-US: Borland Interbase
 CVE-2008-2558 (CRE Loaded 6.2.13.1 and earlier does not set the &quot;Secure&quot; attribute ...)
-	TODO: check
+	NOT-FOR-US: CRE Loaded
 CVE-2008-2557 (Cross-site scripting (XSS) vulnerability in CRE Loaded 6.2.13.1 and ...)
-	TODO: check
+	NOT-FOR-US: CRE Loaded
 CVE-2008-2556 (SQL injection vulnerability in read.php in PHP Visit Counter 0.4 and ...)
-	TODO: check
+	NOT-FOR-US: PHP Visit Counter
 CVE-2008-2555 (SQL injection vulnerability in index.php in EasyWay CMS allows remote ...)
-	TODO: check
+	NOT-FOR-US: EasyWay CMS
 CVE-2008-2554 (Multiple SQL injection vulnerabilities in BP Blog 6.0 allow remote ...)
-	TODO: check
+	NOT-FOR-US: BP Blog
 CVE-2008-2553 (Cross-site scripting (XSS) vulnerability in Slashdot Like Automated ...)
 	TODO: check
 CVE-2008-2552 (Unspecified vulnerability in the Service Tag Registry on Sun Solaris ...)

More information about the Secure-testing-commits mailing list