Author: jmm-guest Date: 2005-12-30 04:07:46 +0000 (Fri, 30 Dec 2005) New Revision: 3188 Modified: data/CVE/list Log: With ethereal losing pace (0.10.14 fixes only three vulnerabilities), a promising new contestant enters the field in the run for the crap package of the month; mantis. Each new release has constant new problems, intransparent upstream security policy and a maintainer no longer using the package. Go, Mantis, go! Modified: data/CVE/list ==================================================================--- data/CVE/list 2005-12-30 03:47:59 UTC (rev 3187) +++ data/CVE/list 2005-12-30 04:07:46 UTC (rev 3188) @@ -143,19 +143,19 @@ CVE-2005-4525 (SmcGui.exe in Sygate Protection Agent 5.0 build 6144 allows local ...) NOT-FOR-US: Sygate CVE-2005-4524 (Mantis 1.0.0rc3 does not properly handle "Make note private" when a ...) - TODO: file bug + - mantis <unfixed> (bug filed) CVE-2005-4523 (Mantis 1.0.0rc3 and earlier discloses private bugs via public RSS ...) - TODO: file bug + - mantis <unfixed> (bug filed) CVE-2005-4522 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) - TODO: file bug + - mantis <unfixed> (bug filed) CVE-2005-4521 (CRLF injection vulnerability in Mantis 1.0.0rc3 and earlier allows ...) - TODO: file bug + - mantis <unfixed> (bug filed) CVE-2005-4520 (Unspecified "port injection" vulnerabilities in filters in Mantis ...) - TODO: file bug + - mantis <unfixed> (bug filed) CVE-2005-4519 (Multiple SQL injection vulnerabilities in the manage user page ...) - TODO: file bug + - mantis <unfixed> (bug filed) CVE-2005-4518 (Mantis before 0.19.4 allows remote attackers to bypass the file upload ...) - TODO: file bug + - mantis <unfixed> (bug filed) CVE-2005-4517 (SQL injection vulnerability in PHP-Fusion 6.00.200 through 6.00.300 ...) NOT-FOR-US: PHP-Fusion CVE-2005-4516 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Fusion ...) @@ -770,8 +770,7 @@ CVE-2005-4239 (Cross-site scripting (XSS) vulnerability in Search/DisplayResults.php ...) NOT-FOR-US: PHP JackKnife CVE-2005-4238 (Cross-site scripting (XSS) vulnerability in view_filters_page.php in ...) - - mantis <unfixed> - TODO: File bug + - mantis <unfixed> (bug filed) CVE-2005-4237 (Cross-site scripting (XSS) vulnerability in MySQL Auction 3.0 and ...) NOT-FOR-US: MySQL Auction CVE-2005-4236 (Cross-site scripting (XSS) vulnerability in search.php in CKGOLD ...)