Author: nion Date: 2009-04-20 21:57:47 +0000 (Mon, 20 Apr 2009) New Revision: 11672 Modified: data/CVE/list Log: - CVE-2008-6505 doesn''t affect struts in Debian - NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-04-20 21:14:20 UTC (rev 11671) +++ data/CVE/list 2009-04-20 21:57:47 UTC (rev 11672) @@ -11,15 +11,15 @@ CVE-2009-1336 RESERVED CVE-2009-1335 (Microsoft Internet Explorer 7 and 8 on Windows XP and Vista allows ...) - TODO: check + NOT-FOR-US: Microsoft Internet Explorer CVE-2009-1334 (Cross-site scripting (XSS) vulnerability in login/FilepathLogin.html ...) - TODO: check + NOT-FOR-US: IBM Tivoli Continuous Data Protection CVE-2009-1333 (Cross-site scripting (XSS) vulnerability in refresh_rate.htm in the ...) - TODO: check + NOT-FOR-US: HP Deskjet CVE-2009-1332 (The Online Help feature in Sun Java System Directory Server 5.2 and ...) - TODO: check + NOT-FOR-US: Sun Java System Directory Server CVE-2009-1331 (Integer overflow in Microsoft Windows Media Player (WMP) ...) - TODO: check + NOT-FOR-US: Windows Media Player CVE-2009-XXXX [linux-2.6: /dev/mem rootkit vulnerability] - linux-2.6 2.6.29-1 (low; bug #524373) NOTE: according to the kernel team (see bug report), they have no interest in backporting a @@ -1245,7 +1245,8 @@ CVE-2008-6507 (Unspecified vulnerability in phpBB before 3.0.4 allows attackers to ...) - phpbb3 3.0.2-4 CVE-2008-6505 (Multiple directory traversal vulnerabilities in Apache Struts 2.0.x ...) - TODO: check + - libstruts1.2-java <not-affected> (Vulnerable code not present) + NOTE: looks like this was introduced in 2.x, see upstream trunk r688095 CVE-2008-6504 (ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and ...) NOT-FOR-US: OpenSymphony XWork CVE-2009-1040 (Buffer overflow in WinAsm Studio 5.1.5.0 allows user-assisted remote ...)