thr3ads.net - Secure testing commits - [Secure-testing-commits] r2913

If this information is useful, please help other people find it:
Share via:
Moritz Muehlenhoff
2005-Dec-02 20:12 UTC
[Secure-testing-commits] r2913 - data/CVE

Author: jmm-guest
Date: 2005-12-01 10:25:23 +0000 (Thu, 01 Dec 2005)
New Revision: 2913

Modified:
   data/CVE/list
Log:
otrs CVEfied
inkscape/tmpfile CVEfied


Modified: data/CVE/list
==================================================================---
data/CVE/list	2005-12-01 10:11:15 UTC (rev 2912)
+++ data/CVE/list	2005-12-01 10:25:23 UTC (rev 2913)
@@ -135,61 +135,60 @@
 	- webmin <unfixed> (bug #341394; medium)
 CVE-2005-3911 (Multiple SQL injection vulnerabilities in calendar.php in
BosDates 4.0 ...)
 	NOT-FOR-US: BosDates
-begin claimed by jmm
 CVE-2005-3910 (merchants/index.php in Post Affiliate Pro 2.0.4 and earlier,
with ...)
-	TODO: check
+	NOT-FOR-US: Post Affiliate Pro
 CVE-2005-3909 (SQL injection vulnerability in merchants/index.php in Post
Affiliate ...)
-	TODO: check
+	NOT-FOR-US: Post Affiliate Pro
 CVE-2005-3908 (Cross-site scripting (XSS) vulnerability in search.php in ...)
-	TODO: check
+	NOT-FOR-US: GhostScripter Amazon Shop
 CVE-2005-3907 (Unspecified vulnerability in Java Runtime Environment in Java
JDK and ...)
-	TODO: check
+	NOT-FOR-US: Sun Java
 CVE-2005-3906 (Multiple unspecified vulnerabilities in reflection APIs in Java
SDK ...)
-	TODO: check
+	NOT-FOR-US: Sun Java
+	TODO: They''re speaking of API issues, check whether free JREs are
affected
 CVE-2005-3905 (Unspecified vulnerability in reflection APIs in Java SDK and JRE
...)
-	TODO: check
+	NOT-FOR-US: Sun Java
+	TODO: They''re speaking of API issues, check whether free JREs are
affected
 CVE-2005-3904 (Unspecified vulnerability in Java Management Extensions (JMX) in
Java ...)
-	TODO: check
+	NOT-FOR-US: Sun Java
 CVE-2005-3903
 	RESERVED
 CVE-2005-3902 (Cross-site scripting (XSS) vulnerability in
gui/errordocs/index.php in ...)
-	TODO: check
+	NOT-FOR-US: Virtual Hosting Control System 
 CVE-2005-3901 (Macromedia Flash Communication Server MX 1.0 and 1.5 does not
...)
-	TODO: check
+	NOT-FOR-US: Flash MX
 CVE-2005-3900 (Macromedia Breeze Communication Server and Breeze Live Server
does 5.1 ...)
-	TODO: check
+	NOT-FOR-US: Macromedia Breeze 
 CVE-2005-3899 (The automatic update feature in Google Talk allows remote
attackers to ...)
-	TODO: check
+	NOT-FOR-US: Google Talk
 CVE-2005-3898
 	REJECTED
-	TODO: check
 CVE-2005-3897 (Apple Safari 2.0.2 allows remote attackers to cause a denial of
...)
-	TODO: check
+	NOT-FOR-US: Safari
 CVE-2005-3896 (Mozilla allows remote attackers to cause a denial of service
(CPU ...)
-	TODO: check
+	TODO: File a bug against mozilla
 CVE-2005-3895 (Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0
...)
-	TODO: check
+	- otrs 2.0.4p01-1 (bug #340352; medium)
 CVE-2005-3894 (Multiple cross-site scripting (XSS) vulnerabilities in index.pl
in ...)
-	TODO: check
+	- otrs 2.0.4p01-1 (bug #340352; medium)
 CVE-2005-3893 (Multiple SQL injection vulnerabilities in index.pl in Open
Ticket ...)
-	TODO: check
+	- otrs 2.0.4p01-1 (bug #340352; medium)
 CVE-2005-3892 (Gadu-Gadu 7.20 allows remote attackers to eavesdrop on a user
via a ...)
-	TODO: check
+	NOT-FOR-US: Gadu-Gadu
 CVE-2005-3891 (Stack-based buffer overflow in Gadu-Gadu 7.20 allows remote
attackers ...)
-	TODO: check
+	NOT-FOR-US: Gadu-Gadu
 CVE-2005-3890 (Gadu-Gadu 7.20 allows remote attackers to cause a denial of
service ...)
-	TODO: check
+	NOT-FOR-US: Gadu-Gadu
 CVE-2005-3889 (Gadu-Gadu 7.20 allows remote attackers to cause a denial of
service ...)
-	TODO: check
+	NOT-FOR-US: Gadu-Gadu
 CVE-2005-3888 (Memory leak in Gadu-Gadu 7.20 allows remote attackers to cause a
...)
-	TODO: check
+	NOT-FOR-US: Gadu-Gadu
 CVE-2005-3887 (Gadu-Gadu 7.20 does not properly handle MS-DOS device names in
...)
-	TODO: check
+	NOT-FOR-US: Gadu-Gadu
 CVE-2005-3886 (Unspecified vulnerability in Cisco Security Agent (CSA) 4.5.0
and ...)
-	TODO: check
+	NOT-FOR-US: Cisco Security Agent 
 CVE-2005-3885 (The ps2epsi extension shell script (ps2epsi.sh) in Inkscape
before ...)
-	TODO: check
-end claimed by jmm
+	- inkscape 0.42-1 (bug #321501; low)
 CVE-2005-XXXX [drupal: Unspecified XSS]
 	- drupal 4.5.6-1 (unknown)
 CVE-2005-XXXX [drupal: Protect against IE interpretation flaw]
@@ -629,8 +628,6 @@
 CVE-2004-2569 (ipmenu 0.0.3 before Debian GNU/Linux ipmenu_0.0.3-5 allows local
users ...)
 	{DSA-907-1}
 	- ipmenu 0.0.3-5
-CVE-2005-XXXX [Multiple security issues in OTRS]
-	- otrs 2.0.4p01-1 (bug #340352; medium)
 CVE-2005-XXXX [Unspecified new Real/Helix createProcess() issue, no details
yet]
 	- helix-player <unfixed> (unknown)
 	NOTE: http://service.real.com/help/faq/security/security111605.html
@@ -4659,8 +4656,6 @@
 	NOT-FOR-US: Trend Micro InterScan VirusWall
 CVE-2005-XXXX [wine: Unsafe use of temporary files in winelauncher]
 	- wine 0.0.20050830-1 (bug #321470; low)
-CVE-2005-XXXX [inkscape: Unsafe temporary file handling in ps2epsi extension]
-	- inkscape 0.42 (bug #321501; low)
 CVE-2005-XXXX [DoS to users to prevent usage of showpartial through _hard_
links]
 	- metamail 2.7-48 (bug #321473; low)
 CVE-2005-XXXX [Insecure usage of temporary files in x11perfcomp and other
security issues]
Secure testing commits - Dec 2005 - r2913 - data/CVE

[Secure-testing-commits] r2913 - data/CVE
