thr3ads.net - Secure testing commits - [Secure-testing-commits] r10838

If this information is useful, please help other people find it:
Share via:
sf at alioth.debian.org
2009-Jan-03 11:46 UTC
[Secure-testing-commits] r10838 - bin data/CVE

Author: sf
Date: 2009-01-03 11:46:47 +0000 (Sat, 03 Jan 2009)
New Revision: 10838

Modified:
   bin/check-new-issues
   data/CVE/list
Log:
do not escape spaces when calling apt-cache search

Modified: bin/check-new-issues
==================================================================---
bin/check-new-issues	2009-01-03 11:34:00 UTC (rev 10837)
+++ bin/check-new-issues	2009-01-03 11:46:47 UTC (rev 10838)
@@ -287,7 +287,8 @@
 		$prog = $1;
 	}
 	if ($prog) {
-		my $prog_esc = quotemeta($prog);
+		my $prog_esc =$prog;
+		$prog_esc =~ tr{a-zA-Z0-9_@/-}{ }cs;
 		print "doing apt-cache search...";
 		my @ac=`apt-cache search $prog_esc`;
 		if (scalar @ac > $auto_display_limit || scalar @ac == 0) {

Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-01-03 11:34:00 UTC (rev 10837)
+++ data/CVE/list	2009-01-03 11:46:47 UTC (rev 10838)
@@ -1,59 +1,59 @@
 CVE-2008-5807 (Multiple cross-site scripting (XSS) vulnerabilities in TestLink
before ...)
-	TODO: check
+	NOT-FOR-US: TestLink
 CVE-2008-5806 (SQL injection vulnerability in login.php in DeltaScripts PHP
...)
-	TODO: check
+	NOT-FOR-US: DeltaScripts PHP Classifieds
 CVE-2008-5805 (SQL injection vulnerability in detail.php in DeltaScripts PHP
...)
-	TODO: check
+	NOT-FOR-US: DeltaScripts PHP Classifieds
 CVE-2008-5804 (SQL injection vulnerability in admin/admin_catalog.php in
e-topbiz ...)
-	TODO: check
+	NOT-FOR-US: e-topbiz Number Links 1 Php Script
 CVE-2008-5803 (SQL injection vulnerability in admin/login.php in E-topbiz
Online ...)
-	TODO: check
+	NOT-FOR-US: E-topbiz
 CVE-2008-5802 (SQL injection vulnerability in index.php in E-topbiz Online
Store 1.0 ...)
-	TODO: check
+	NOT-FOR-US: E-topbiz
 CVE-2008-5801 (Unspecified vulnerability in the Dictionary (rtgdictionary)
extension ...)
-	TODO: check
+	NOT-FOR-US: Dictionary (rtgdictionary) extension for TYPO3
 CVE-2008-5800 (SQL injection vulnerability in the Wir ber uns [sic]
(fsmi_people) ...)
-	TODO: check
+	NOT-FOR-US: fsmi_people extension for TYPO3
 CVE-2008-5799 (Cross-site scripting (XSS) vulnerability in the Wir ber uns
[sic] ...)
-	TODO: check
+	NOT-FOR-US: fsmi_people extension for TYPO3
 CVE-2008-5798 (SQL injection vulnerability in the CMS Poll system (cms_poll)
...)
-	TODO: check
+	NOT-FOR-US: CMS Poll system for TYPO3
 CVE-2008-5797 (SQL injection vulnerability in the advCalendar extension 0.3.1
and ...)
-	TODO: check
+	NOT-FOR-US: advCalendar extension for TYPO3
 CVE-2008-5796 (SQL injection vulnerability in the eluna Page Comments ...)
-	TODO: check
+	NOT-FOR-US: Page Comments extension for TYPO3
 CVE-2008-5795 (Cross-site scripting (XSS) vulnerability in the eluna Page
Comments ...)
-	TODO: check
+	NOT-FOR-US: Page Comments extension for TYPO3
 CVE-2008-5794 (Directory traversal vulnerability in system/admin/images.php in
...)
-	TODO: check
+	NOT-FOR-US: LoveCMS
 CVE-2008-5793 (Multiple PHP remote file inclusion vulnerabilities in the
Clickheat - ...)
-	TODO: check
+	NOT-FOR-US: Clickheat - Heatmap stats (com_clickheat) component 1.0.1 for
Joomla!
 CVE-2008-5792 (PHP remote file inclusion vulnerability in show_joined.php in
...)
-	TODO: check
+	NOT-FOR-US: Indiscripts Enthusiast
 CVE-2008-5791 (Multiple unspecified vulnerabilities in PrestaShop e-Commerce
Solution ...)
-	TODO: check
+	NOT-FOR-US: PrestaShop e-Commerce Solution
 CVE-2008-5790 (Multiple PHP remote file inclusion vulnerabilities in the ...)
-	TODO: check
+	NOT-FOR-US: Recly!Competitions (com_competitions) component 1.0 for Joomla!
 CVE-2008-5789 (Multiple PHP remote file inclusion vulnerabilities in the Recly
...)
-	TODO: check
+	NOT-FOR-US: Recly Interactive Feederator (com_feederator) component 1.0.5 for
Joomla!
 CVE-2008-5788 (SQL injection vulnerability in index.php in Domain Seller Pro
1.5 ...)
-	TODO: check
+	NOT-FOR-US: Domain Seller
 CVE-2008-5787 (Directory traversal vulnerability in mod.php in Arab Portal 2.1
on ...)
-	TODO: check
+	NOT-FOR-US: Arab Portal
 CVE-2008-5786 (Cross-site scripting (XSS) vulnerability in the Silva Find
extension ...)
-	TODO: check
+	NOT-FOR-US: Silva Find
 CVE-2008-5785 (SQL injection vulnerability in V3 Chat - Profiles/Dating Script
3.0.2 ...)
-	TODO: check
+	NOT-FOR-US: V3 Chat - Profiles/Dating Script
 CVE-2008-5784 (V3 Chat - Profiles/Dating Script 3.0.2 allows remote attackers
to ...)
-	TODO: check
+	NOT-FOR-US: V3 Chat - Profiles/Dating Script
 CVE-2008-5783 (admin/index.php in V3 Chat Live Support 3.0.4 allows remote
attackers ...)
-	TODO: check
+	NOT-FOR-US: V3 Chat
 CVE-2008-5782 (SQL injection vulnerability in bannerclick.php in ZeeMatri 3.0
allows ...)
-	TODO: check
+	NOT-FOR-US: ZeeMatri
 CVE-2008-5781 (SQL injection vulnerability in right.php in Cant Find A Gaming
CMS ...)
-	TODO: check
+	NOT-FOR-US: Cant Find A Gaming CMS (CFAGCMS)
 CVE-2008-5780 (Forest Blog 1.3.2 stores sensitive information under the web
root with ...)
-	TODO: check
+	NOT-FOR-US: Forest Blog
 CVE-2008-5779 (SQL injection vulnerability in lpro.php in Free Links Directory
Script ...)
 	TODO: check
 CVE-2008-5778 (SQL injection vulnerability in report.php in Free Links
Directory ...)
Secure testing commits - Jan 2009 - r10838 - bin data/CVE

[Secure-testing-commits] r10838 - bin data/CVE
