Secure testing commits - Jan 2006 - r3227 - data/CVE

Author: jmm-guest
Date: 2006-01-04 16:09:31 +0000 (Wed, 04 Jan 2006)
New Revision: 3227

Modified:
   data/CVE/list
Log:
mantis fixed
some updates


Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-01-04 13:30:23 UTC (rev 3226)
+++ data/CVE/list	2006-01-04 16:09:31 UTC (rev 3227)
@@ -277,19 +277,19 @@
 CVE-2005-4525 (SmcGui.exe in Sygate Protection Agent 5.0 build 6144 allows
local ...)
 	NOT-FOR-US: Sygate 
 CVE-2005-4524 (Mantis 1.0.0rc3 does not properly handle "Make note
private" when a ...)
-	- mantis <unfixed> (bug #345288)
+	- mantis 0.19.4-1 (bug #345288)
 CVE-2005-4523 (Mantis 1.0.0rc3 and earlier discloses private bugs via public
RSS ...)
-	- mantis <unfixed> (bug #345288)
+	- mantis 0.19.4-1 (bug #345288)
 CVE-2005-4522 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
-	- mantis <unfixed> (bug #345288)
+	- mantis 0.19.4-1 (bug #345288)
 CVE-2005-4521 (CRLF injection vulnerability in Mantis 1.0.0rc3 and earlier
allows ...)
-	- mantis <unfixed> (bug #345288)
+	- mantis 0.19.4-1 (bug #345288)
 CVE-2005-4520 (Unspecified &quot;port injection&quot; vulnerabilities
in filters in Mantis ...)
-	- mantis <unfixed> (bug #345288)
+	- mantis 0.19.4-1 (bug #345288)
 CVE-2005-4519 (Multiple SQL injection vulnerabilities in the manage user page
...)
-	- mantis <unfixed> (bug #345288)
+	- mantis 0.19.4-1 (bug #345288)
 CVE-2005-4518 (Mantis before 0.19.4 allows remote attackers to bypass the file
upload ...)
-	- mantis <unfixed> (bug #345288)
+	- mantis 0.19.4-1 (bug #345288)
 CVE-2005-4517 (SQL injection vulnerability in PHP-Fusion 6.00.200 through
6.00.300 ...)
 	NOT-FOR-US: PHP-Fusion
 CVE-2005-4516 (Multiple cross-site scripting (XSS) vulnerabilities in
PHP-Fusion ...)
@@ -906,7 +906,7 @@
 CVE-2005-4239 (Cross-site scripting (XSS) vulnerability in
Search/DisplayResults.php ...)
 	NOT-FOR-US: PHP JackKnife
 CVE-2005-4238 (Cross-site scripting (XSS) vulnerability in
view_filters_page.php in ...)
-	- mantis <unfixed> (bug filed)
+	- mantis 0.19.4-1 (bug #345288)
 CVE-2005-4237 (Cross-site scripting (XSS) vulnerability in MySQL Auction 3.0
and ...)
 	NOT-FOR-US: MySQL Auction 
 CVE-2005-4236 (Cross-site scripting (XSS) vulnerability in search.php in CKGOLD
...)
@@ -3461,6 +3461,7 @@
 	- mantis 0.19.3-0.1 (bug #335938; medium)
 CVE-2005-3334 (Cross-site scripting (XSS) vulnerability in index.php in
Flyspray ...)
 	- flyspray 0.9.8-4 (bug #335997; low)
+	NOTE: Sarge is confirmed vulnerable
 CVE-2005-3333 (SQL injection vulnerability in eBASEweb 3.0 allows remote
attackers to ...)
 	NOT-FOR-US: eBASEweb
 CVE-2005-3332 (PHP remote file include vulnerability in admin/define.inc.php in
...)
@@ -15183,8 +15184,7 @@
 	- linux-2.6 <not-affected> (Fixed before upload into archive)
 	- kernel-source-2.4.27 <not-affected> (intlen and outlen are unsigned in
2.4)
 CVE-2005-0179 (Linux kernel 2.4.x and 2.6.x allows local users to cause a
denial of ...)
-	[sarge] - kernel-source-2.6.8 <not-affected>
-	TODO: Check 2.4
+	[sarge] - kernel-source-2.6.8 <not-affected> (Vulnerable code was only
introduced in 2.6.9)
 	TODO: Check, when this was fixed in 2.6
 CVE-2005-0178 (Race condition in the setsid function in Linux before 2.6.8.1
allows ...)
 	- kernel-source-2.4.27 <not-affected> (v2.4 is safe because back there
current->signal was not shared.)