Author: jmm-guest Date: 2005-10-27 09:41:46 +0000 (Thu, 27 Oct 2005) New Revision: 2591 Modified: data/CVE/list Log: lots of mantis issues CVEfied, some new forwarded NMUer new flyspray issue new BASE issue mgdiff CVEfied wordpress CVEfied zope CVEfied lots of NFUs claim new block Modified: data/CVE/list ==================================================================--- data/CVE/list 2005-10-27 09:16:49 UTC (rev 2590) +++ data/CVE/list 2005-10-27 09:41:46 UTC (rev 2591) @@ -1,43 +1,45 @@ -begin claimed by jmm CVE-2005-3339 (Mantis before 0.19.3 caches the User ID longer than necessary, which ...) - TODO: check + - mantis <unfixed> (bug #330682; unknown) CVE-2005-3338 (Unspecified vulnerability in Mantis before 0.19.3, when using ...) - TODO: check + - mantis <unfixed> (bug #330682; low) CVE-2005-3337 (Multiple cross-site scripting (XSS) vulnerabilities in Mantis before ...) - TODO: check + - mantis <unfixed> + NOTE: Pinged Thijs Kinkhorst, who''s preparing an update CVE-2005-3336 (SQL injection vulnerability in Mantis 1.0.0RC2 and 0.19.2 allows ...) - TODO: check + - mantis <unfixed> + NOTE: Pinged Thijs Kinkhorst, who''s preparing an update CVE-2005-3335 (PHP file inclusion vulnerability in bug_sponsorship_list_view_inc.php ...) - TODO: check + - mantis <unfixed> (bug filed; medium) CVE-2005-3334 (Cross-site scripting (XSS) vulnerability in index.php in Flyspray ...) - TODO: check + - flyspray <unfixed> (bug filed) CVE-2005-3333 (SQL injection vulnerability in eBASEweb 3.0 allows remote attackers to ...) - TODO: check + NOT-FOR-US: eBASEweb CVE-2005-3332 (PHP remote file include vulnerability in admin/define.inc.php in ...) - TODO: check + NOT-FOR-US: Belchior Foundry vCard CVE-2005-3331 (viewpatch in mgdiff 1.0 allows local users to overwrite arbitrary ...) - TODO: check + - mgdiff 1.0-28 (bug #335188; unimportant) CVE-2005-3330 (The _httpsrequest function in Snoopy 1.2 allows remote attackers to ...) - TODO: check + - wordpress <unfixed> (bug #335817; high) CVE-2005-3329 (Cross-site scripting (XSS) vulnerability in RSA Authentication Agent ...) - TODO: check + NOT-FOR-US: RSA Authentication Agent CVE-2005-3328 (PHP remote file inclusion vulnerability in common.php PunBB 1.1.2 ...) - TODO: check + NOT-FOR-US: PunBB CVE-2005-3327 (Network Appliance Data ONTAP 7.0 and earlier allows iSCSI Initiators ...) - TODO: check -CVE-2005-3326 (SQL injection vulnerability in usercp.php in MyBulletinBoard (MyBB) ...) - TODO: check + NOT-FOR-US: Data ONTAP +CVE-2005-3326 (SQL injection vulnerability in usercp.php in MyBulletinBoard (MyBB) ...) M + NOT-FOR-US: MyBB CVE-2005-3325 (SQL injection vulnerability in base_qry_main.php in Basic Analysis and ...) - TODO: check + - acidbase <unfixed> (bug filed) CVE-2005-3324 (SQL injection vulnerability in chat.php in MWChat 6.8 allows remote ...) - TODO: check + NOT-FOR-US: MWChat CVE-2005-3323 (docutils in Zope 2.6, 2.7 before 2.7.8, and 2.8 before 2.8.2 allows ...) - TODO: check + - zope2.8 2.8.1-7 (bug #334055; unknown) + - zope2.7 2.7.8-1 (bug #334055; unknown) CVE-2005-3322 (Unspecified vulnerability in Squid on SUSE Linux 9.0 allows remote ...) TODO: check CVE-2005-3321 (chkstat in SuSE Linux 9.0 through 10.0 allows local users to modify ...) - TODO: check -end claimed by jmm + NOT-FOR-US: SuSE-specific tool +begin claimed by jmm CVE-2005-3320 (Cross-site scripting (XSS) vulnerability in SiteTurn Domain Manager ...) TODO: check CVE-2005-3319 (The apache2handler SAPI (sapi_apache2.c) in the Apache module ...) @@ -74,6 +76,7 @@ TODO: check CVE-2005-3303 RESERVED +end claimed by jmm CVE-2004-2539 (Unknown vulnerability in Network Appliance NetCache 5.2 and Data ONTAP ...) TODO: check CVE-2004-2538 (Direct static code injection vulnerability in the PCG simple ...) @@ -193,14 +196,8 @@ NOTE: http://www.kernel.org/git/?p=linux/kernel/git/chrisw/linux-2.6.12.y.git;a=commit;h=4717ecd49ce5c556d38e8c7b6fdc9fac5d35c00e CVE-2005-XXXX [chmlib buffer overflow] - chmlib <unfixed> (bug #335931; medium) -CVE-2005-XXXX [mantis t_core_path file inclusion] - - mantis <unfixed> (bug filed; medium) CVE-2005-XXXX [Insecure temp file usage in thttpd''s syslogtocern] - thttpd 2.23beta1-4 (low) -CVE-2005-XXXX [wordpress contains a vulnerable copy of "snoopy"] - - wordpress <unfixed> (bug #335817; high) -CVE-2005-XXXX [Insecure temp usage in mgdiff example file] - - mgdiff 1.0-28 (bug #335188; unimportant) CVE-2005-XXXX [buffer overflow in inkscape] - inkscape <unfixed> (bug #330894) CVE-2005-XXXX [phpbb2 cookie disclosure when using IE as a browser] @@ -308,10 +305,6 @@ NOT-FOR-US: versatileBulletinBoard CVE-2005-3259 (Multiple SQL injection vulnerabilities in versatileBulletinBoard (vBB) ...) NOT-FOR-US: versatileBulletinBoard -CVE-2005-XXXX [Insecure caching of user id in mantis] - - mantis <unfixed> (bug #330682; unknown) -CVE-2005-XXXX [Filter information disclosure in mantis] - - mantis <unfixed> (bug #330682; low) CVE-2005-3258 (The rfc1738_do_escape function in ftp.c for Squid 2.5 STABLE11 and ...) - squid <not-affected> (bug #334882; medium) NOTE: Bug was introduced in a patch to squid-2.5.STABLE10, @@ -474,9 +467,6 @@ - xscreensaver <unfixed> (bug #334193; low) CVE-2005-XXXX [centericq remote dos by special nmap scan] - centericq <unfixed> (bug #334089; low) -CVE-2005-XXXX [Unspecified vulnerability in zope''s docutils] - - zope2.8 2.8.1-7 (bug #334055; unknown) - - zope2.7 2.7.8-1 (bug #334055; unknown) CVE-2005-3185 (Stack-based buffer overflow in the ntlm_output function in http-ntlm.c ...) - wget 1.10.2-1 (medium) - curl 7.15.0-1 (bug #333734; medium)