From bd9b6759b13c83e4aa11b5cbe9a66f212761e214 Mon Sep 17 00:00:00 2001 From: GeorgeAnAltx Date: Tue, 5 Mar 2024 10:42:11 +0300 Subject: [PATCH 1/2] fix version intervals for CVE-2004-0452 --- cpansa/CPANSA-File-Path.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cpansa/CPANSA-File-Path.yml b/cpansa/CPANSA-File-Path.yml index 897c090..d0d72ed 100644 --- a/cpansa/CPANSA-File-Path.yml +++ b/cpansa/CPANSA-File-Path.yml @@ -149,7 +149,7 @@ - https://usn.ubuntu.com/94-1/ reported: 2005-05-02 severity: ~ -- affected_versions: ">=1.404,<=1.06" +- affected_versions: "<=1.404,>=1.06" cves: - CVE-2004-0452 description: > From ae95b782d522c5894bf72189c03ceb4eec07a00c Mon Sep 17 00:00:00 2001 From: GeorgeAnAltx Date: Thu, 7 Mar 2024 11:13:20 +0300 Subject: [PATCH 2/2] remove a repeat for CVE-2013-0209 --- cpansa/CPANSA-MT.yml | 22 ---------------------- 1 file changed, 22 deletions(-) diff --git a/cpansa/CPANSA-MT.yml b/cpansa/CPANSA-MT.yml index e6770b7..0f68317 100644 --- a/cpansa/CPANSA-MT.yml +++ b/cpansa/CPANSA-MT.yml @@ -480,28 +480,6 @@ - http://seclists.org/oss-sec/2013/q2/560 reported: 2015-03-27 severity: ~ -- affected_versions: - - '>=4.20,<4.38' - cves: - - CVE-2013-0209 - description: > - lib/MT/Upgrade.pm in mt-upgrade.cgi in Movable Type 4.2x and 4.3x - through 4.38 does not require authentication for requests to - database-migration functions, which allows remote attackers to conduct - eval injection and SQL injection attacks via crafted parameters, as - demonstrated by an eval injection attack against the - core_drop_meta_for_table function, leading to execution of arbitrary - Perl code. - distribution: MT - fixed_versions: ~ - id: CPANSA-MT-2013-0209 - references: - - http://www.sec-1.com/blog/wp-content/uploads/2013/01/movabletype_upgrade_exec.rb_.txt - - http://www.movabletype.org/2013/01/movable_type_438_patch.html - - http://openwall.com/lists/oss-security/2013/01/22/3 - - http://www.sec-1.com/blog/?p=402 - reported: 2013-01-23 - severity: ~ - affected_versions: "=5.13" cves: - CVE-2012-1503