Secure testing commits - May 2009 - r11912 - data/CVE

Author: derevko-guest
Date: 2009-05-17 09:23:16 +0000 (Sun, 17 May 2009)
New Revision: 11912

Modified:
   data/CVE/list
Log:
NFUs
CVE-2008-6560 and CVE-2008-6552 are fixed in redhat-cluster 2.20081102-1
(2.03.09 upstream version)


Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-05-16 19:22:18 UTC (rev 11911)
+++ data/CVE/list	2009-05-17 09:23:16 UTC (rev 11912)
@@ -497,11 +497,11 @@
 CVE-2009-1467 (Multiple cross-site scripting (XSS) vulnerabilities in IceWarp
eMail ...)
 	NOT-FOR-US: IceWarp
 CVE-2009-1466 (Application Access Server (A-A-S) 2.0.48 stores (1) passwords
and (2) ...)
-	TODO: check
+	NOT-FOR-US: Application Access Server (A-A-S)
 CVE-2009-1465 (Application Access Server (A-A-S) 2.0.48 has
"wildbat" as its default ...)
-	TODO: check
+	NOT-FOR-US: Application Access Server (A-A-S)
 CVE-2009-1464 (Multiple cross-site request forgery (CSRF) vulnerabilities in
...)
-	TODO: check
+	NOT-FOR-US: Application Access Server (A-A-S)
 CVE-2009-1463 (Static code injection vulnerability in razorCMS before 0.4
allows ...)
 	NOT-FOR-US: razorCMS
 CVE-2009-1462 (The Security Manager in razorCMS before 0.4 does not verify the
...)
@@ -1849,9 +1849,10 @@
 	{DSA-1795-1}
 	- ldns 1.5.1-1
 CVE-2008-6560 (Buffer overflow in CMAN - The Cluster Manager before 2.03.09-1
on ...)
-	- redhat-cluster <unfixed>
+	- redhat-cluster 2.20081102-1
 	NOTE: This seems like a non-issue, since the config file should be under
control
 	NOTE: of the admin?
+	NOTE: Fixed in 2.03.09 upstream version.
 CVE-2008-6559 (Merge mcd in ReliantHA 1.1.4 in SCO UnixWare 7.1.4 allows local
users ...)
 	NOT-FOR-US: SCO UnixWare
 CVE-2008-6558 (Untrusted search path vulnerability in (1) hvdisp and (2) rcvm
in ...)
@@ -1867,8 +1868,9 @@
 CVE-2008-6553 (microcms-admin-home.php in Implied by Design Micro CMS
(Micro-CMS) 3.5 ...)
 	NOT-FOR-US: Micro CMS
 CVE-2008-6552 (Red Hat Cluster Project 2.x allows local users to modify or
overwrite ...)
-	- redhat-cluster <unfixed>
-	TODO: File bug
+	- redhat-cluster 2.20081102-1
+	NOTE: Fixed in 2.03.09 upstream version.
+	NOTE: Similar to CVE-2008-4192 and CVE-2008-4579
 CVE-2008-6551 (Multiple directory traversal vulnerabilities in e-Vision CMS
2.0.2 and ...)
 	NOT-FOR-US: e-vision CMS
 CVE-2008-6550 (Cross-site scripting (XSS) vulnerability in glossaire.php in
Glossaire ...)