[Git][security-tracker-team/security-tracker][master] Associate several oder NFUs for phplist with the respective itp bug

Salvatore Bonaccorso carnil at debian.org
Mon Feb 3 20:35:34 GMT 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ef9a51c6 by Salvatore Bonaccorso at 2020-02-03T21:35:00+01:00
Associate several oder NFUs for phplist with the respective itp bug

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -286036,7 +286036,7 @@ CVE-2012-5230 (Unspecified vulnerability in the JE Story Submit (com_jesubmit) c
 CVE-2012-5229 (Cross-site scripting (XSS) vulnerability in css/gallery-css.php in the ...)
 	NOT-FOR-US: WP Gallery2
 CVE-2012-5228 (Cross-site scripting (XSS) vulnerability in admin/index.php in phplist ...)
-	NOT-FOR-US: phplist
+	- phplist <itp> (bug #612288)
 CVE-2012-5227 (SQL injection vulnerability in administrer/tva.php in Peel SHOPPING 2. ...)
 	NOT-FOR-US: Peel Shopping
 CVE-2012-5226 (Multiple cross-site scripting (XSS) vulnerabilities in Peel SHOPPING 2 ...)
@@ -288875,9 +288875,9 @@ CVE-2012-4249 (The Amazon Lab126 com.lab126.system sendEvent implementation on t
 CVE-2012-4248 (The Amazon Kindle Touch before 5.1.2 does not properly restrict access ...)
 	NOT-FOR-US: Kindle Touch
 CVE-2012-4247 (Multiple cross-site scripting (XSS) vulnerabilities in lists/admin/ind ...)
-	NOT-FOR-US: phplist
+	- phplist <itp> (bug #612288)
 CVE-2012-4246 (Multiple cross-site scripting (XSS) vulnerabilities in lists/admin/ind ...)
-	NOT-FOR-US: phplist
+	- phplist <itp> (bug #612288)
 CVE-2012-4245 (The scriptfu network server in GIMP 2.6 does not require authenticatio ...)
 	- gimp <unfixed> (unimportant)
 	NOTE: The interface isn't designed or advertised to be secure, this is hardly a security issue in practice
@@ -289761,9 +289761,9 @@ CVE-2012-3954 (Multiple memory leaks in ISC DHCP 4.1.x and 4.2.x before 4.2.4-P1
 	- isc-dhcp 4.2.4-2 (bug #686174)
 	[wheezy] - isc-dhcp 4.2.2.dfsg.1-5+deb70u1
 CVE-2012-3953 (SQL injection vulnerability in admin/index.php in phpList before 2.10. ...)
-	NOT-FOR-US: phplist
+	- phplist <itp> (bug #612288)
 CVE-2012-3952 (Cross-site scripting (XSS) vulnerability in admin/index.php in phpList ...)
-	NOT-FOR-US: phplist
+	- phplist <itp> (bug #612288)
 CVE-2012-3951 (The MySQL component in Plixer Scrutinizer (aka Dell SonicWALL Scrutini ...)
 	NOT-FOR-US: Plixer Scrutinizer
 CVE-2012-3950 (The Intrusion Prevention System (IPS) feature in Cisco IOS 12.3 throug ...)
@@ -292737,9 +292737,9 @@ CVE-2012-2742 (Revelation 0.4.13-2 and earlier uses only the first 32 characters
 	[squeeze] - revelation <no-dsa> (Minor issue)
 	NOTE: http://www.openwall.com/lists/oss-security/2012/06/18/1
 CVE-2012-2741 (Cross-site scripting (XSS) vulnerability in public_html/lists/admin/ i ...)
-	NOT-FOR-US: phplist
+	- phplist <itp> (bug #612288)
 CVE-2012-2740 (SQL injection vulnerability in public_html/lists/admin in phpList befo ...)
-	NOT-FOR-US: phplist
+	- phplist <itp> (bug #612288)
 CVE-2012-2739 (Oracle Java SE before 7 Update 6, and OpenJDK 7 before 7u6 build 12 an ...)
 	- openjdk-6 <removed> (unimportant)
 	- openjdk-7 <removed> (unimportant)
@@ -309541,7 +309541,7 @@ CVE-2011-1685 (Best Practical Solutions RT 3.8.0 through 3.8.9 and 4.0.0rc throu
 CVE-2011-1683 (IBM WebSphere Application Server (WAS) 6.0.x through 6.0.2.43, 6.1.x b ...)
 	NOT-FOR-US: IBM WebSphere Application Server
 CVE-2011-1682 (Multiple cross-site request forgery (CSRF) vulnerabilities in phpList  ...)
-	NOT-FOR-US: phpList
+	- phplist <itp> (bug #612288)
 CVE-2011-1684 (Heap-based buffer overflow in the MP4_ReadBox_skcr function in libmp4. ...)
 	{DSA-2218-1}
 	- vlc 1.1.8-3 (medium)
@@ -312409,7 +312409,7 @@ CVE-2011-0750
 CVE-2011-0749
 	RESERVED
 CVE-2011-0748 (Multiple cross-site request forgery (CSRF) vulnerabilities in phpList  ...)
-	NOT-FOR-US: phpList
+	- phplist <itp> (bug #612288)
 CVE-2011-0747
 	RESERVED
 CVE-2011-0746 (Cross-site request forgery (CSRF) vulnerability in Forms/PortForwardin ...)
@@ -341842,7 +341842,7 @@ CVE-2009-0424 (Cross-site scripting (XSS) vulnerability in sign1.php in AN Guest
 CVE-2009-0423 (Directory traversal vulnerability in index.php in Php Photo Album (PHP ...)
 	NOT-FOR-US: Php Photo Album
 CVE-2009-0422 (Dynamic variable evaluation vulnerability in lists/admin.php in phpLis ...)
-	NOT-FOR-US: phpList
+	- phplist <itp> (bug #612288)
 CVE-2009-0421 (SQL injection vulnerability in the Eventing (com_eventing) 1.6.x compo ...)
 	NOT-FOR-US: Joomla!
 CVE-2009-0420 (SQL injection vulnerability in the RD-Autos (com_rdautos) 1.5.5 Stable ...)
@@ -343057,7 +343057,7 @@ CVE-2008-5889 (Cross-site scripting (XSS) vulnerability in user.asp in Click&amp
 CVE-2008-5888 (Multiple SQL injection vulnerabilities in Click&Rank allow remote  ...)
 	NOT-FOR-US: Click&Rank
 CVE-2008-5887 (phplist before 2.10.8 allows remote attackers to include files via unk ...)
-	NOT-FOR-US: phplist
+	- phplist <itp> (bug #612288)
 CVE-2008-5886 (TAKempis Discussion Web 4.0 stores sensitive information under the web ...)
 	NOT-FOR-US: TAKempis Discussion Web
 CVE-2008-5885 (The Net Guys ASPired2Quote stores sensitive information under the web  ...)
@@ -378514,7 +378514,7 @@ CVE-2006-5526 (Multiple PHP remote file inclusion vulnerabilities in Teake Nutma
 CVE-2006-5525 (Incomplete blacklist vulnerability in mainfile.php in PHP-Nuke 7.9 and ...)
 	NOT-FOR-US: PHP-Nuke
 CVE-2006-5524 (Cross-site scripting (XSS) vulnerability in index.php in phplist 2.10. ...)
-	NOT-FOR-US: phplist
+	- phplist <itp> (bug #612288)
 CVE-2006-5523 (PHP remote file inclusion vulnerability in common.php in EZ-Ticket 0.0 ...)
 	NOT-FOR-US: EZ-Ticket
 CVE-2006-5522 (Multiple PHP remote file inclusion vulnerabilities in Johannes Erdfelt ...)
@@ -378988,9 +378988,9 @@ CVE-2006-5324 (The Web Services Notification (WSN) security component of IBM Web
 CVE-2006-5323 (Unspecified vulnerability in IBM WebSphere Application Server before 6 ...)
 	NOT-FOR-US: IBM WebSphere
 CVE-2006-5322 (Multiple SQL injection vulnerabilities in phplist before 2.10.3 allow  ...)
-	NOT-FOR-US: phplist
+	- phplist <itp> (bug #612288)
 CVE-2006-5321 (Multiple cross-site scripting (XSS) vulnerabilities in phplist before  ...)
-	NOT-FOR-US: phplist
+	- phplist <itp> (bug #612288)
 CVE-2006-5320 (Directory traversal vulnerability in getimg.php in Album Photo Sans No ...)
 	NOT-FOR-US: Album Photo Sans Nom
 CVE-2006-5319 (Directory traversal vulnerability in redir.php in Foafgen 0.3 allows r ...)
@@ -379044,7 +379044,7 @@ CVE-2006-5297 (Race condition in the safe_open function in the Mutt mail client
 CVE-2006-5296 (PowerPoint in Microsoft Office 2003 does not properly handle a contain ...)
 	NOT-FOR-US: Microsoft
 CVE-2006-5294 (Cross-site scripting (XSS) vulnerability in index.php in phplist befor ...)
-	NOT-FOR-US: phplist
+	- phplist <itp> (bug #612288)
 CVE-2006-5293 (Cross-site scripting (XSS) vulnerability in index.php in PhpOutsourcin ...)
 	NOT-FOR-US: PhpOutsourcing Noah's Classifieds
 CVE-2006-5292 (PHP remote file inclusion vulnerability in photo_comment.php in Exhibi ...)
@@ -387252,7 +387252,7 @@ CVE-2006-1748 (Cross-site scripting (XSS) vulnerability in XMB Forum 1.9.5 allow
 CVE-2006-1747 (PHP remote file inclusion vulnerability in Virtual War (VWar) 1.5.0 al ...)
 	NOT-FOR-US: Virtual War
 CVE-2006-1746 (Directory traversal vulnerability in PHPList 2.10.2 and earlier allows ...)
-	NOT-FOR-US: PHPList
+	- phplist <itp> (bug #612288)
 CVE-2006-1745 (Cross-site scripting (XSS) vulnerability in login.php in Bitweaver 1.3 ...)
 	NOT-FOR-US: Bitweaver
 CVE-2006-1743 (Multiple SQL injection vulnerabilities in form.php in JBook 1.4 allow  ...)
@@ -394361,11 +394361,11 @@ CVE-2005-3559 (Directory traversal vulnerability in vmail.cgi in Asterisk 1.0.9
 CVE-2005-3558 (PHP file inclusion vulnerability in index.php in OSTE 1.0 allows remot ...)
 	NOT-FOR-US: OSTE
 CVE-2005-3557 (Directory traversal vulnerability in admin/defaults.php in PHPlist 2.1 ...)
-	NOT-FOR-US: PHPList
+	- phplist <itp> (bug #612288)
 CVE-2005-3556 (Multiple cross-site scripting (XSS) vulnerabilities in PHPlist 2.10.1  ...)
-	NOT-FOR-US: PHPList
+	- phplist <itp> (bug #612288)
 CVE-2005-3555 (Multiple SQL injection vulnerabilities in PHPlist 2.10.1 and earlier a ...)
-	NOT-FOR-US: PHPList
+	- phplist <itp> (bug #612288)
 CVE-2005-3554 (Multiple eval injection vulnerabilities in the help function in PHPKIT ...)
 	NOT-FOR-US: PHPKIT
 CVE-2005-3553 (Multiple SQL injection vulnerabilities in include.php in PHPKIT 1.6.1  ...)
@@ -398181,9 +398181,9 @@ CVE-2005-2435 (Cross-site scripting (XSS) vulnerability in browse.php in Website
 CVE-2005-2434 (Linksys WRT54G router uses the same private key and certificate for ev ...)
 	NOT-FOR-US: Linksys hardware
 CVE-2005-2433 (PhpList allows remote attackers to obtain sensitive information via a  ...)
-	NOT-FOR-US: PhpList
+	- phplist <itp> (bug #612288)
 CVE-2005-2432 (SQL injection vulnerability in PhpList allows remote attackers to modi ...)
-	NOT-FOR-US: PhpList
+	- phplist <itp> (bug #612288)
 CVE-2005-2431 (The (1) lost password and (2) account pending features in GForge 4.5 d ...)
 	- gforge 4.5.14-2 (bug #328224; unimportant)
 	NOTE: Direct flooding is possible as well in most circumstances.



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ef9a51c6fc35b87d76b1a454ece6fe5bc13230b9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ef9a51c6fc35b87d76b1a454ece6fe5bc13230b9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200203/6d460f9b/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list