nion at alioth.debian.org
2008-Jun-06 13:36 UTC
[Secure-testing-commits] r8997 - bin data/CVE
Author: nion
Date: 2008-06-06 13:36:21 +0000 (Fri, 06 Jun 2008)
New Revision: 8997
Modified:
bin/report-vuln
data/CVE/list
Log:
NFUs
Modified: bin/report-vuln
==================================================================---
bin/report-vuln 2008-06-06 11:10:07 UTC (rev 8996)
+++ bin/report-vuln 2008-06-06 13:36:21 UTC (rev 8997)
@@ -11,8 +11,9 @@
# mutt -i $TMPFILE submit at bugs.debian.org
# rm $TMPFILE
# }
+# export http_proxy if you need to use an http proxy to report bugs
-import sys, re, httplib
+import sys, re, httplib, os
def gen_index(ids):
ret = ''''
@@ -22,18 +23,30 @@
return ret
+def do_httpconnect(id):
+ proxy =
os.getenv(''http_proxy'').lstrip(''http://'')
+ url = ''/cgi-bin/cvename.cgi?name='' + id
+ host = ''cve.mitre.org''
+ if proxy != None:
+ host = proxy
+ url = ''http://cve.mitre.org'' + url
+
+ try:
+ conn = httplib.HTTPConnection(host)
+ conn.request(''GET'', url)
+ resp = conn.getresponse()
+ except Exception, e:
+ error(''on doing HTTP request'' + str(e))
+
+ return resp
+
# this is a hack that parses the cve id description from mitre
def get_cve(id):
desc = False
r = re.compile(''.*<th\ colspan=.*>Description<.*'')
tag = re.compile(''.*</?tr>.*'')
- try:
- conn = httplib.HTTPConnection(''cve.mitre.org'')
- conn.request(''GET'',
''/cgi-bin/cvename.cgi?name='' + id)
- resp = conn.getresponse()
- ret = ''''
- except Exception, e:
- error(''on doing HTTP request'' + str(e))
+ ret = ''''
+ resp = do_httpconnect(id)
for line in resp.read().rsplit(''\n''):
if r.match(line):
Modified: data/CVE/list
==================================================================---
data/CVE/list 2008-06-06 11:10:07 UTC (rev 8996)
+++ data/CVE/list 2008-06-06 13:36:21 UTC (rev 8997)
@@ -1,15 +1,15 @@
CVE-2008-2559 (Integer overflow in Borland Interbase 2007 SP2 (8.1.0.256)
allows ...)
- TODO: check
+ NOT-FOR-US: Borland Interbase
CVE-2008-2558 (CRE Loaded 6.2.13.1 and earlier does not set the
"Secure" attribute ...)
- TODO: check
+ NOT-FOR-US: CRE Loaded
CVE-2008-2557 (Cross-site scripting (XSS) vulnerability in CRE Loaded 6.2.13.1
and ...)
- TODO: check
+ NOT-FOR-US: CRE Loaded
CVE-2008-2556 (SQL injection vulnerability in read.php in PHP Visit Counter 0.4
and ...)
- TODO: check
+ NOT-FOR-US: PHP Visit Counter
CVE-2008-2555 (SQL injection vulnerability in index.php in EasyWay CMS allows
remote ...)
- TODO: check
+ NOT-FOR-US: EasyWay CMS
CVE-2008-2554 (Multiple SQL injection vulnerabilities in BP Blog 6.0 allow
remote ...)
- TODO: check
+ NOT-FOR-US: BP Blog
CVE-2008-2553 (Cross-site scripting (XSS) vulnerability in Slashdot Like
Automated ...)
TODO: check
CVE-2008-2552 (Unspecified vulnerability in the Service Tag Registry on Sun
Solaris ...)