thr3ads.net - Secure testing commits - [Secure-testing-commits] r11232

If this information is useful, please help other people find it:
Share via:
white at alioth.debian.org
2009-Feb-18 10:30 UTC
[Secure-testing-commits] r11232 - data/CVE

Author: white
Date: 2009-02-18 10:30:36 +0000 (Wed, 18 Feb 2009)
New Revision: 11232

Modified:
   data/CVE/list
Log:
NFUs; libpam-heimdal/libpam-krb5 issues fixed in sid

Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-02-18 09:14:11 UTC (rev 11231)
+++ data/CVE/list	2009-02-18 10:30:36 UTC (rev 11232)
@@ -1,9 +1,9 @@
 CVE-2009-0604 (SQL injection vulnerability in index.php in PHP Director 0.21
and ...)
-	TODO: check
+	NOT-FOR-US: PHP Director
 CVE-2009-0603 (Cross-site scripting (XSS) vulnerability in index.php in the
Link ...)
-	TODO: check
+	NOT-FOR-US: Link drupal module
 CVE-2009-0602 (Unrestricted file upload vulnerability in upload.php in
WikkiTikkiTavi ...)
-	TODO: check
+	NOT-FOR-US: WikkiTikkiTavi
 CVE-2009-0601 (Format string vulnerability in Wireshark 0.99.8 through 1.0.5 on
...)
 	TODO: check
 CVE-2009-0600 (Wireshark 0.99.6 through 1.0.5 allows user-assisted remote
attackers ...)
@@ -11,49 +11,49 @@
 CVE-2009-0599 (Buffer overflow in wiretap/netscreen.c in Wireshark 0.99.7
through ...)
 	TODO: check
 CVE-2009-0598 (SQL injection vulnerability in index.php in PhpMesFilms 1.0 and
1.8 ...)
-	TODO: check
+	NOT-FOR-US: PhpMesFilms
 CVE-2009-0597 (SQL injection vulnerability in admin/index.php in w3b&gt;cms
(aka ...)
-	TODO: check
+	NOT-FOR-US: w3b>cms
 CVE-2009-0596 (Directory traversal vulnerability in skysilver/login.tpl.php in
...)
-	TODO: check
+	NOT-FOR-US: phpSkelSite
 CVE-2009-0595 (PHP remote file inclusion vulnerability in
skysilver/login.tpl.php in ...)
-	TODO: check
+	NOT-FOR-US: phpSkelSite
 CVE-2009-0594 (Cross-site scripting (XSS) vulnerability in index.php in
phpSkelSite ...)
-	TODO: check
+	NOT-FOR-US: phpSkelSite
 CVE-2009-0593 (SQL injection vulnerability in members.php in plx Auto Reminder
3.7 ...)
-	TODO: check
+	NOT-FOR-US: plx Auto Reminder
 CVE-2009-0592 (Multiple directory traversal vulnerabilities in PNphpBB2 1.2i
and ...)
-	TODO: check
+	NOT-FOR-US: PNphpBB2
 CVE-2008-6156 (SQL injection vulnerability in editCampaign.php in AdMan
1.1.20070907 ...)
-	TODO: check
+	NOT-FOR-US: AdMan
 CVE-2008-6155 (SQL injection vulnerability in index.php in Hispah Text Links
Ads 1.1 ...)
-	TODO: check
+	NOT-FOR-US: Hispah Text Links Ads
 CVE-2008-6154 (SQL injection vulnerability in index.php in Hispah Text Links
Ads 1.1 ...)
-	TODO: check
+	NOT-FOR-US: Hispah Text Links Ads
 CVE-2008-6153 (SQL injection vulnerability in Photo.asp in Jay Patel Pixel8 Web
Photo ...)
-	TODO: check
+	NOT-FOR-US: Jay Patel Pixel8 Web Photo
 CVE-2008-6152 (SQL injection vulnerability in deptdisplay.asp in SepCity
Faculty ...)
-	TODO: check
+	NOT-FOR-US: SepCity Faculty Portal
 CVE-2008-6151 (SQL injection vulnerability in shpdetails.asp in SepCity
Shopping Mall ...)
-	TODO: check
+	NOT-FOR-US: SepCity Faculty Portal
 CVE-2008-6150 (SQL injection vulnerability in classdis.asp in SepCity
Classified Ads ...)
-	TODO: check
+	NOT-FOR-US: SepCity Faculty Portal
 CVE-2008-6149 (SQL injection vulnerability in the mDigg (com_mdigg) component
2.2.8 ...)
-	TODO: check
+	NOT-FOR-US: Joomla
 CVE-2008-6148 (SQL injection vulnerability in the Live Ticker (com_liveticker)
module ...)
-	TODO: check
+	NOT-FOR-US: Joomla
 CVE-2008-6147 (ForumApp 3.3 stores sensitive information under the web root
with ...)
-	TODO: check
+	NOT-FOR-US: ForumApp
 CVE-2008-6146 (SQL injection vulnerability in pm.php in DeluxeBB 1.2 and
earlier, ...)
-	TODO: check
+	NOT-FOR-US: DeluxeBB
 CVE-2008-6145 (Multiple SQL injection vulnerabilities in the WEC Discussion
Forum ...)
-	TODO: check
+	NOT-FOR-US: WEC Discussion Forum (wec_discussion) extension TYPO3
 CVE-2008-6144 (Multiple cross-site scripting (XSS) vulnerabilities in the WEC
...)
-	TODO: check
+	NOT-FOR-US: WEC Discussion Forum (wec_discussion) extension TYPO3
 CVE-2008-6143 (OwenPoll 1.0 allows remote attackers to bypass authentication
and ...)
-	TODO: check
+	NOT-FOR-US: OwenPoll
 CVE-2008-6142 (Multiple SQL injection vulnerabilities in admin/usercheck.php in
...)
-	TODO: check
+	NOT-FOR-US: FlexPHPic
 CVE-2009-0591
 	RESERVED
 CVE-2009-0590
@@ -87,19 +87,19 @@
 CVE-2009-0576 (Unspecified vulnerability in Sun Java System Directory Server
5.2 p6 ...)
 	TODO: check
 CVE-2009-0575 (Cross-site scripting (XSS) vulnerability in the ...)
-	TODO: check
+	NOT-FOR-US: Views Bulk Operations
 CVE-2009-0574 (SQL injection vulnerability in index.php in Easy CafeEngine
allows ...)
-	TODO: check
+	NOT-FOR-US: Easy CafeEngine
 CVE-2009-0573 (Multiple cross-site scripting (XSS) vulnerabilities in FotoWeb
6.0 ...)
-	TODO: check
+	NOT-FOR-US: FotoWeb
 CVE-2009-0572 (PHP remote file inclusion vulnerability in include/flatnux.php
in ...)
-	TODO: check
+	NOT-FOR-US: FlatnuX CMS
 CVE-2009-0571 (admin.php in Ninja Designs Mailist 3.0 stores backup copies of
...)
-	TODO: check
+	NOT-FOR-US: Ninja Designs Mailist
 CVE-2009-0570 (Directory traversal vulnerability in send.php in Ninja Designs
Mailist ...)
-	TODO: check
+	NOT-FOR-US: Ninja Designs Mailist
 CVE-2009-0569 (Buffer overflow in Becky! Internet Mail 2.48.02 and earlier
allows ...)
-	TODO: check
+	NOT-FOR-US: Becky! Internet Mail
 CVE-2009-0568
 	RESERVED
 CVE-2009-0567
@@ -141,15 +141,15 @@
 CVE-2009-0549
 	RESERVED
 CVE-2009-0548 (Cross-site scripting (XSS) vulnerability in the Additional
Report ...)
-	TODO: check
+	NOT-FOR-US: Additional Report Settings interface in ESET Remote Administrator
 CVE-2009-0547 (Evolution 2.22.3.1 checks S/MIME signatures against a copy of
the ...)
 	TODO: check
 CVE-2009-0546 (Stack-based buffer overflow in NewsGator FeedDemon 2.7 and
earlier ...)
-	TODO: check
+	NOT-FOR-US: NewsGator FeedDemon
 CVE-2009-0545 (cgi-bin/kerbynet in ZeroShell 1.0beta11 and earlier allows
remote ...)
-	TODO: check
+	NOT-FOR-US: ZeroShell
 CVE-2009-0544 (Buffer overflow in the PyCrypto ARC2 module 2.0.1 allows remote
...)
-	TODO: check
+	NOT-FOR-US: PyCrypto ARC2 module
 CVE-2009-0543 (ProFTPD Server 1.3.1, with NLS support enabled, allows remote
...)
 	TODO: check
 CVE-2009-0542 (SQL injection vulnerability in ProFTPD Server 1.3.1 through
1.3.2rc2 ...)
@@ -165,61 +165,61 @@
 CVE-2009-0537
 	RESERVED
 CVE-2009-0536 (at in bos.rte.cron on IBM AIX 5.2.0, 5.3.0 through 5.3.9, and
6.1.0 ...)
-	TODO: check
+	NOT-FOR-US: IBM AIX
 CVE-2009-0535 (Directory traversal vulnerability in export.php in Thyme 1.3 and
...)
-	TODO: check
+	NOT-FOR-US: Thyme
 CVE-2009-0534 (SQL injection vulnerability in FlexCMS allows remote attackers
to ...)
-	TODO: check
+	NOT-FOR-US: FlexCMS
 CVE-2009-0533 (Cross-site scripting (XSS) vulnerability in password.php in
Scripts ...)
-	TODO: check
+	NOT-FOR-US: Sites EZ Reminder
 CVE-2009-0532 (Cross-site scripting (XSS) vulnerability in password.php in
Scripts ...)
-	TODO: check
+	NOT-FOR-US: Scripts For Sites (SFS) EZ Baby
 CVE-2009-0531 (SQL injection vulnerability in gallery/view.asp in A Better ...)
-	TODO: check
+	NOT-FOR-US: A Better Member-Based ASP Photo Gallery
 CVE-2009-0530 (Multiple PHP remote file inclusion vulnerabilities in
SnippetMaster ...)
-	TODO: check
+	NOT-FOR-US: SnippetMaster
 CVE-2009-0529 (Cross-site scripting (XSS) vulnerability in index.php in
SnippetMaster ...)
-	TODO: check
+	NOT-FOR-US: SnippetMaster
 CVE-2009-0528 (SQL injection vulnerability in frame.php in Rhadrix If-CMS 2.07
and ...)
-	TODO: check
+	NOT-FOR-US: Rhadrix If-CMS
 CVE-2009-0527 (PHP remote file inclusion vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: AdaptCMS
 CVE-2009-0526 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
in ...)
-	TODO: check
+	NOT-FOR-US: AdaptCMS
 CVE-2009-0525 (Cross-site scripting (XSS) vulnerability in the
sajax_get_common_js ...)
-	TODO: check
+	NOT-FOR-US: Sajax
 CVE-2008-6141 (Unspecified vulnerability in Avaya IP Softphone 6.0 SP4 and
6.01.85 ...)
-	TODO: check
+	NOT-FOR-US: Avaya IP Softphone
 CVE-2008-6140 (Unspecified vulnerability in the Session Initiation Protocol
(SIP) ...)
-	TODO: check
+	NOT-FOR-US: Avaya one-X Desktop Edition
 CVE-2008-6139 (Directory traversal vulnerability in faqsupport/wce.download.php
in ...)
-	TODO: check
+	NOT-FOR-US: WebBiscuits Modules Controller
 CVE-2008-6138 (PHP remote file inclusion vulnerability in adminhead.php in ...)
-	TODO: check
+	NOT-FOR-US: WebBiscuits Modules Controller
 CVE-2008-6137 (EveryBlog 5.x and 6.x, a module for Drupal, allows remote
attackers to ...)
-	TODO: check
+	NOT-FOR-US: EveryBlog
 CVE-2008-6136 (Unspecified vulnerability in EveryBlog 5.x and 6.x, a module for
...)
-	TODO: check
+	NOT-FOR-US: EveryBlog
 CVE-2008-6135 (Cross-site scripting (XSS) vulnerability in EveryBlog 5.x and
6.x, a ...)
-	TODO: check
+	NOT-FOR-US: EveryBlog
 CVE-2008-6134 (SQL injection vulnerability in EveryBlog 5.x and 6.x, a module
for ...)
-	TODO: check
+	NOT-FOR-US: EveryBlog
 CVE-2008-6133 (SQL injection vulnerability in arsaprint.php in Full PHP Emlak
Script ...)
-	TODO: check
+	NOT-FOR-US: Full PHP Emlak Script
 CVE-2008-6132 (Eval injection vulnerability in reserve.php in phpScheduleIt
1.2.10 ...)
-	TODO: check
+	NOT-FOR-US: phpScheduleIt
 CVE-2008-6131 (Session fixation vulnerability in moziloWiki 1.0.1 and earlier
allows ...)
-	TODO: check
+	NOT-FOR-US: moziloWiki
 CVE-2008-6130 (Cross-site scripting (XSS) vulnerability in index.php in
moziloWiki ...)
-	TODO: check
+	NOT-FOR-US: moziloWiki
 CVE-2008-6129 (Directory traversal vulnerability in print.php in moziloWiki
1.0.1 and ...)
-	TODO: check
+	NOT-FOR-US: moziloWiki
 CVE-2008-6128 (Session fixation vulnerability in moziloCMS 1.10.2 and earlier
allows ...)
-	TODO: check
+	NOT-FOR-US: moziloCMS
 CVE-2008-6127 (Multiple cross-site scripting (XSS) vulnerabilities in moziloCMS
...)
-	TODO: check
+	NOT-FOR-US: moziloCMS
 CVE-2008-6126 (Multiple directory traversal vulnerabilities in moziloCMS 1.10.2
and ...)
-	TODO: check
+	NOT-FOR-US: moziloCMS
 CVE-2008-6125 (Unspecified vulnerability in the user editing interface in
Moodle ...)
 	TODO: check
 CVE-2008-6124 (SQL injection vulnerability in the
hotpot_delete_selected_attempts ...)
@@ -227,29 +227,29 @@
 CVE-2008-6123 (The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in
net-snmp ...)
 	TODO: check
 CVE-2008-6122 (The web management interface in Netgear WGR614v9 allows remote
...)
-	TODO: check
+	NOT-FOR-US: Netgear WGR614v9
 CVE-2008-6121 (CRLF injection vulnerability in SocialEngine (SE) 2.7 and
earlier ...)
-	TODO: check
+	NOT-FOR-US: SocialEngine
 CVE-2008-6120 (SQL injection vulnerability in profile_comments.php in
SocialEngine ...)
-	TODO: check
+	NOT-FOR-US: SocialEngine
 CVE-2008-6119 (Static code injection vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: Goople CMS
 CVE-2008-6118 (win/content/upload.php in Goople CMS 1.7 allows remote attackers
to ...)
-	TODO: check
+	NOT-FOR-US: Goople CMS
 CVE-2008-6117 (SQL injection vulnerability in homepage.php in PG Job Site Pro
allows ...)
-	TODO: check
+	NOT-FOR-US: PG Job Site Pro
 CVE-2008-6116 (SQL injection vulnerability in the EXtrovert Software Thyme ...)
-	TODO: check
+	NOT-FOR-US: Joomla
 CVE-2008-6115 (SQL injection vulnerability in directory.php in Prozilla Hosting
Index ...)
-	TODO: check
+	NOT-FOR-US: Prozilla Hosting Index
 CVE-2008-6114 (SQL injection vulnerability in product_details.php in the
Mytipper ...)
-	TODO: check
+	NOT-FOR-US: Mytipper Zogo-shop
 CVE-2008-6113 (Cross-site scripting (XSS) vulnerability in SemanticScuttle
before ...)
-	TODO: check
+	NOT-FOR-US: SemanticScuttle
 CVE-2008-6112 (Multiple directory traversal vulnerabilities in Ez Ringtone
Manager ...)
-	TODO: check
+	NOT-FOR-US: Ez Ringtone Manager
 CVE-2008-6111 (SQL injection vulnerability in blog.php in NetArt Media Vlog
System ...)
-	TODO: check
+	NOT-FOR-US: NetArt Media Vlog System
 CVE-2009-XXXX [nautilus: potential exploits via application launchers]
 	- nautilus <unfixed> (low; bug #515104)
 	NOTE: need to submit a request for CVE id
@@ -314,7 +314,7 @@
 CVE-2009-0504
 	RESERVED
 CVE-2009-0503 (IBM WebSphere Message Broker 6.1.x before 6.1.0.2 writes a
database ...)
-	TODO: check
+	NOT-FOR-US: IBM WebSphere
 CVE-2008-6110 (Unspecified vulnerability in SemanticScuttle before 0.90 has
unknown ...)
 	NOT-FOR-US: SemanticScuttle
 CVE-2008-6109 (Robin Rawson-Tetley Animal Shelter Manager (ASM) before 2.2.2
does not ...)
@@ -868,10 +868,10 @@
 	- fail2ban 0.8.3-2sid1 (low; bug #514163)
 CVE-2009-0361 (Russ Allbery pam-krb5 before 3.13, as used by libpam-heimdal, su
in ...)
 	{DSA-1722-1 DSA-1721-1}
-	TODO: check
+	- libpam-heimdal 3.10-2.1
 CVE-2009-0360 (Russ Allbery pam-krb5 before 3.13, when linked against MIT
Kerberos, ...)
 	{DSA-1721-1}
-	TODO: check
+	- libpam-krb5 3.13-2
 CVE-2009-0359 [Cross-site scripting via missing input sanitising]
 	RESERVED
 	{DTSA-194-1}
Secure testing commits - Feb 2009 - r11232 - data/CVE

[Secure-testing-commits] r11232 - data/CVE
