Author: jmm-guest Date: 2005-12-01 09:48:12 +0000 (Thu, 01 Dec 2005) New Revision: 2910 Modified: data/CVE/list Log: integer overflow in perl''s format string code claim a block Modified: data/CVE/list ==================================================================--- data/CVE/list 2005-12-01 09:14:19 UTC (rev 2909) +++ data/CVE/list 2005-12-01 09:48:12 UTC (rev 2910) @@ -1,3 +1,5 @@ +CVE-2005-XXXX [integer overflow in perl''s format string code] + - perl <unfixed> (bug filed; medium) CVE-2006-0034 RESERVED CVE-2006-0033 @@ -30,7 +32,7 @@ RESERVED CVE-2006-0018 REJECTED - TODO: check +begin claimed by jmm CVE-2005-3961 (WebCalendar 1.0.1 allows remote attackers to overwrite WebCalendar ...) TODO: check CVE-2005-3960 (Kadu 0.4.2 and 0.5.0pre allows remote attackers to cause a denial of ...) @@ -67,6 +69,7 @@ TODO: check CVE-2005-3944 (SQL injection vulnerability in survey.php in ilyav Survey System 1.1 ...) TODO: check +end claimed by jmm CVE-2005-3943 (Multiple SQL injection vulnerabilities in ilyav FAQ System 1.1 and ...) TODO: check CVE-2005-3942 (SQL injection vulnerability in knowledgebase-control.php in Orca ...) @@ -188,8 +191,6 @@ TODO: check CVE-2005-XXXX [webmin format string vulnerability] - webmin <unfixed> (bug #341394; medium) - TODO: This sounds as if perl needed to be fixed as well, - TODO: requires further investigation, but details limited so far CVE-2005-XXXX [drupal: Unspecified XSS] - drupal 4.5.6-1 (unknown) CVE-2005-XXXX [drupal: Protect against IE interpretation flaw]