Browse code

merge old multidetections and update joomla,bugzilla,drupal,typo3,mantis,phpmyadmin

Hanno Böck authored on 12/12/2019 09:10:29
Showing 2 changed files
... ...
@@ -41,45 +41,30 @@
41 41
     ]
42 42
   },
43 43
   {
44
-    "name": "Drupal6",
44
+    "name": "Drupal",
45 45
     "url": "https://www.drupal.org/",
46
-    "safe": "7.67",
47
-    "vuln": "https://www.drupal.org/sa-core-2019-007",
46
+    "safe": "8.7.4",
47
+    "old_safe": "8.6.16,7.67",
48
+    "vuln": "CVE-2019-6342",
48 49
     "latest": "7.67",
49 50
     "detection": [
50 51
       {
51 52
         "file": "system.module",
52 53
         "variable": "define('VERSION'",
53
-        "subdir": 2
54
-      }
55
-    ]
56
-  },
57
-  {
58
-    "name": "Drupal7",
59
-    "url": "https://www.drupal.org/",
60
-    "safe": "7.67",
61
-    "vuln": "https://www.drupal.org/sa-core-2019-007",
62
-    "latest": "7.67",
63
-    "detection": [
54
+        "subdir": 2,
55
+        "note": "6.x and older"
56
+      },
64 57
       {
65 58
         "file": "bootstrap.inc",
66 59
         "variable": "define('VERSION'",
67
-        "subdir": 1
68
-      }
69
-    ]
70
-  },
71
-  {
72
-    "name": "Drupal8",
73
-    "url": "https://www.drupal.org/",
74
-    "safe": "8.7.1",
75
-    "old_safe": "8.6.16",
76
-    "vuln": "https://www.drupal.org/sa-core-2019-007",
77
-    "latest": "8.7.1",
78
-    "detection": [
60
+        "subdir": 1,
61
+        "note": "7.x"
62
+      },
79 63
       {
80 64
         "file": "Drupal.php",
81 65
         "variable": "const VERSION",
82
-        "subdir": 2
66
+        "subdir": 2,
67
+        "note": "8.x"
83 68
       }
84 69
     ]
85 70
   },
... ...
@@ -99,26 +84,18 @@
99 84
     ]
100 85
   },
101 86
   {
102
-    "name": "Typo3",
87
+    "name": "TYPO3",
103 88
     "url": "https://typo3.org/",
104
-    "safe": "9.5.6",
105
-    "old_safe": "8.7.25",
106
-    "vuln": "https://typo3.org/article/typo3-956-and-8725-security-releases-published/",
89
+    "safe": "9.5.8",
90
+    "old_safe": "8.7.27",
91
+    "vuln": "CVE-2019-12747",
107 92
     "detection": [
108 93
       {
109 94
         "file": "config_default.php",
110 95
         "variable": "$TYPO_VERSION",
111
-        "subdir": 1
112
-      }
113
-    ]
114
-  },
115
-  {
116
-    "name": "typo3-6",
117
-    "url": "https://typo3.org/",
118
-    "safe": "9.5.6",
119
-    "old_safe": "8.7.25",
120
-    "vuln": "https://typo3.org/article/typo3-956-and-8725-security-releases-published/",
121
-    "detection": [
96
+        "subdir": 1,
97
+        "note": "4.x and older"
98
+      },
122 99
       {
123 100
         "file": "SystemEnvironmentBuilder.php",
124 101
         "variable": "define('TYPO3_version",
... ...
@@ -127,7 +104,7 @@
127 104
     ]
128 105
   },
129 106
   {
130
-    "name": "Joomla-1",
107
+    "name": "Joomla",
131 108
     "url": "https://www.joomla.org/",
132 109
     "safe": "3.9.13",
133 110
     "vuln": "CVE-2019-18674",
... ...
@@ -136,16 +113,9 @@
136 113
         "file": "CHANGELOG.php",
137 114
         "variable": "---------------",
138 115
         "subdir": 0,
139
-        "extra_match": "Joomla! is free software."
140
-      }
141
-    ]
142
-  },
143
-  {
144
-    "name": "Joomla",
145
-    "url": "https://www.joomla.org/",
146
-    "safe": "3.9.13",
147
-    "vuln": "CVE-2019-18674",
148
-    "detection": [
116
+        "extra_match": "Joomla! is free software.",
117
+        "note": "1.5 and older"
118
+      },
149 119
       {
150 120
         "file": "joomla.xml",
151 121
         "variable": "<version>",
... ...
@@ -1,6 +1,6 @@
1 1
 [
2 2
   {
3
-    "name": "phpMyAdmin-veryold",
3
+    "name": "phpMyAdmin",
4 4
     "url": "https://www.phpmyadmin.net/",
5 5
     "safe": "4.9.2",
6 6
     "vuln": "CVE-2019-18622",
... ...
@@ -8,30 +8,16 @@
8 8
       {
9 9
         "file": "Config.class.php",
10 10
         "variable": "PMA_VERSION",
11
-        "subdir": 1
12
-      }
13
-    ]
14
-  },
15
-  {
16
-    "name": "phpMyAdmin-old",
17
-    "url": "https://www.phpmyadmin.net/",
18
-    "safe": "4.9.2",
19
-    "vuln": "CVE-2019-18622",
20
-    "detection": [
11
+        "subdir": 1,
12
+        "note": "4.5.x and older"
13
+      },
21 14
       {
22 15
         "file": "Config.php",
23 16
         "variable": "PMA_VERSION",
24 17
         "subdir": 1,
25
-        "extra_match": "namespace PMA\\libraries;"
26
-      }
27
-    ]
28
-  },
29
-  {
30
-    "name": "phpMyAdmin",
31
-    "url": "https://www.phpmyadmin.net/",
32
-    "safe": "4.9.2",
33
-    "vuln": "CVE-2019-18622",
34
-    "detection": [
18
+        "extra_match": "namespace PMA\\libraries;",
19
+        "note": "4.6.x/4.7.x"
20
+      },
35 21
       {
36 22
         "file": "Config.php",
37 23
         "variable": "PMA_VERSION",
... ...
@@ -55,24 +41,16 @@
55 41
     ]
56 42
   },
57 43
   {
58
-    "name": "Mantis-deprecated",
44
+    "name": "Mantis",
59 45
     "url": "https://mantisbt.org/",
60
-    "safe": "2.22.1",
61
-    "vuln": "CVE-2019-15715",
46
+    "safe": "2.23.0",
47
+    "vuln": "CVE-2017-18214",
62 48
     "detection": [
63 49
       {
64 50
         "file": "config_defaults_inc.php",
65 51
         "variable": "$g_mantis_version",
66 52
         "subdir": 0
67
-      }
68
-    ]
69
-  },
70
-  {
71
-    "name": "Mantis",
72
-    "url": "https://mantisbt.org/",
73
-    "safe": "2.22.1",
74
-    "vuln": "CVE-2019-15715",
75
-    "detection": [
53
+      },
76 54
       {
77 55
         "file": "constant_inc.php",
78 56
         "variable": "MANTIS_VERSION",
... ...
@@ -81,30 +59,29 @@
81 59
     ]
82 60
   },
83 61
   {
84
-    "name": "Bugzilla3",
62
+    "name": "Bugzilla",
85 63
     "url": "https://www.bugzilla.org/",
86
-    "safe": "4.4.7",
87
-    "old_safe": "4.2.12,4.0.16",
88
-    "vuln": "CVE-2011-2379",
64
+    "safe": "5.0.4",
65
+    "old_safe": "4.4.13",
66
+    "vuln": "CVE-2018-5123",
89 67
     "detection": [
90 68
       {
91
-        "file": "Constants.pm",
92
-        "variable": "BUGZILLA_VERSION",
93
-        "subdir": 1
94
-      }
95
-    ]
96
-  },
97
-  {
98
-    "name": "Bugzilla2",
99
-    "url": "https://www.bugzilla.org/",
100
-    "safe": "4.4.7",
101
-    "old_safe": "4.2.12,4.0.16",
102
-    "vuln": "CVE-2011-2379",
103
-    "detection": [
69
+        "file": "globals.pl",
70
+        "variable": "$::param{'version'}",
71
+        "subdir": 0,
72
+        "note": "2.14.x and older"
73
+      },
104 74
       {
105 75
         "file": "Config.pm",
106 76
         "variable": "$Bugzilla::Config::VERSION",
107
-        "subdir": 1
77
+        "subdir": 1,
78
+        "note": "2.16.x - 2.23.x"
79
+      },
80
+      {
81
+        "file": "Constants.pm",
82
+        "variable": "BUGZILLA_VERSION",
83
+        "subdir": 1,
84
+        "note": "3.x and newer"
108 85
       }
109 86
     ]
110 87
   },