Secure testing commits - May 2009 - r11846 - data/CVE

Author: derevko-guest
Date: 2009-05-09 10:05:18 +0000 (Sat, 09 May 2009)
New Revision: 11846

Modified:
   data/CVE/list
Log:
NFUs
CVE-2008-6800: samba in oldstable is affected
CVE-2008-6792: system-tools-backends, Ubuntu specific issue


Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-05-08 21:14:12 UTC (rev 11845)
+++ data/CVE/list	2009-05-09 10:05:18 UTC (rev 11846)
@@ -1,37 +1,38 @@
 CVE-2009-1587 (index.php in PHP Site Lock 2.0 allows remote attackers to bypass
...)
-	TODO: check
+	NOT-FOR-US: PHP Site Lock
 CVE-2009-1586 (Stack-based buffer overflow in the NZB importer feature in
GrabIt ...)
-	TODO: check
+	NOT-FOR-US: GrabIt
 CVE-2009-1585 (Multiple SQL injection vulnerabilities in TemaTres 1.031, when
...)
-	TODO: check
+	NOT-FOR-US: TemaTres
 CVE-2009-1584 (Multiple SQL injection vulnerabilities in TemaTres 1.0.3 and
1.031, ...)
-	TODO: check
+	NOT-FOR-US: TemaTres
 CVE-2009-1583 (Multiple cross-site scripting (XSS) vulnerabilities in TemaTres
1.0.3 ...)
-	TODO: check
+	NOT-FOR-US: TemaTres
 CVE-2009-1582 (Million Dollar Text Links 1.0 does not properly restrict
administrator ...)
-	TODO: check
+	NOT-FOR-US: Million Dollar Text Links
 CVE-2008-6802 (Multiple SQL injection vulnerabilities in index.php in
phPhotoGallery ...)
-	TODO: check
+	NOT-FOR-US: phPhotoGallery
 CVE-2008-6801 (Cross-site request forgery (CSRF) vulnerability in Vivvo CMS
before ...)
-	TODO: check
+	NOT-FOR-US: Vivvo CMS
 CVE-2008-6800 (Race condition in the winbind daemon (aka winbindd) in Samba
before ...)
-	TODO: check
+	- samba 3.2.0~pre2-1 (low; bug #527894)
 CVE-2008-6799 (connection.php in FlashChat 5.0.8 allows remote attackers to
bypass ...)
-	TODO: check
+	NOT-FOR-US: FlashChat
 CVE-2008-6798 (Multiple SQL injection vulnerabilities in login.php in Pre
Projects ...)
-	TODO: check
+	NOT-FOR-US: Pre Real Estate Listings
 CVE-2008-6797 (The server in Mitel NuPoint Messenger R11 and R3 sends usernames
and ...)
-	TODO: check
+	NOT-FOR-US: Mitel NuPoint Messenger
 CVE-2008-6796 (SQL injection vulnerability in manager/login.php in Pre Projects
Pre ...)
-	TODO: check
+	NOT-FOR-US: Pre Real Estate Listings
 CVE-2008-6795 (SQL injection vulnerability in view_news.php in nicLOR ...)
-	TODO: check
+	NOT-FOR-US: nicLOR Vibro-School-CMS
 CVE-2008-6794 (SQL injection vulnerability in directory.php in Scripts For
Sites ...)
-	TODO: check
+	NOT-FOR-US: Scripts For Sites (SFS)
 CVE-2008-6793 (The get_file_type function in lib/file_content.php in DFLabs PTK
0.1, ...)
-	TODO: check
+	NOT-FOR-US: DFLabs
 CVE-2008-6792 (system-tools-backends before 2.6.0-1ubuntu1.1 in Ubuntu 8.10, as
used ...)
-	TODO: check
+	- system-tools-backends <not-affected> (Ubuntu specific issue)
+	NOTE:
https://bugs.launchpad.net/ubuntu/+source/system-tools-backends/+bug/287134
 CVE-2009-XXXX [opensc: insecure due to wrong public exponent]
 	- opensc 0.11.8 (high; bug #527640)
 CVE-2009-1581