Secure testing commits - Nov 2009 - r13401 - data/CVE

Author: derevko-guest
Date: 2009-11-29 12:04:15 +0000 (Sun, 29 Nov 2009)
New Revision: 13401

Modified:
   data/CVE/list
Log:
- NFUs
- CVE-2009-4070 fixed in gforge 4.7.3-2
- CVE-2009-4069 fixed in gforge 4.7.3-2
- CVE-2009-3896 fixed in nginx 0.7.62-1


Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-11-29 11:20:23 UTC (rev 13400)
+++ data/CVE/list	2009-11-29 12:04:15 UTC (rev 13401)
@@ -7,59 +7,59 @@
 	TODO: check
 	NOTE:
http://weblog.rubyonrails.org/2008/11/18/potential-circumvention-of-csrf-protection-in-rails-2-1
 CVE-2009-4073 (The printing functionality in Microsoft Internet Explorer 8
allows ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Internet Explorer 8
 CVE-2009-4072 (Unspecified vulnerability in Opera before 10.10 has unknown
impact and ...)
-	TODO: check
+	NOT-FOR-US: Opera
 CVE-2009-4071 (Opera before 10.10, when exception stacktraces are enabled,
places ...)
-	TODO: check
+	NOT-FOR-US: Opera
 CVE-2009-4070 (SQL injection vulnerability in GForge 4.5.14, 4.7.3, and
possibly ...)
-	TODO: check
+	- gforge 4.7.3-2
 CVE-2009-4069 (Multiple cross-site scripting (XSS) vulnerabilities in GForge
4.5.14, ...)
-	TODO: check
+	- gforge 4.7.3-2
 CVE-2009-4068
 	RESERVED
 CVE-2009-4067
 	RESERVED
 CVE-2009-4066 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the "My ...)
-	TODO: check
+	NOT-FOR-US: module for Drupal
 CVE-2009-4065 (Cross-site scripting (XSS) vulnerability in the settings page in
the ...)
-	TODO: check
+	NOT-FOR-US: module for Drupal
 CVE-2009-4064 (Cross-site scripting (XSS) vulnerability in the Gallery Assist
module ...)
-	TODO: check
+	NOT-FOR-US: module for Drupal
 CVE-2009-4063 (Cross-site scripting (XSS) vulnerability in the Subgroups for
Organic ...)
-	TODO: check
+	NOT-FOR-US: module for Drupal
 CVE-2009-4062 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
-	TODO: check
+	NOT-FOR-US: module for Drupal
 CVE-2009-4061 (Multiple cross-site scripting (XSS) vulnerabilities in the
Agreement ...)
-	TODO: check
+	NOT-FOR-US: module for Drupal
 CVE-2009-4060 (SQL injection vulnerability in includes/content/viewProd.inc.php
in ...)
-	TODO: check
+	NOT-FOR-US: CubeCart
 CVE-2009-4059 (SQL injection vulnerability in the JoomClip (com_joomclip)
component ...)
-	TODO: check
+	NOT-FOR-US: component for Joomla!
 CVE-2009-4058 (SQL injection vulnerability in allauctions.php in Telebid
Auction ...)
-	TODO: check
+	NOT-FOR-US: Telebid Auction Script
 CVE-2009-4057 (SQL injection vulnerability in the inertialFATE iF Portfolio
Nexus ...)
-	TODO: check
+	NOT-FOR-US: component for Joomla!
 CVE-2009-4056 (Directory traversal vulnerability in admin/popup.php in Betsy
CMS 3.5 ...)
-	TODO: check
+	NOT-FOR-US: Betsy CMS
 CVE-2009-4055
 	RESERVED
 CVE-2009-4054 (Microsoft Internet Explorer 6 and 7 allows remote attackers to
execute ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2009-4053 (Multiple directory traversal vulnerabilities in Home FTP Server
...)
-	TODO: check
+	NOT-FOR-US: Home FTP Server
 CVE-2009-4052 (Multiple cross-site scripting (XSS) vulnerabilities in the JSF
Widget ...)
-	TODO: check
+	NOT-FOR-US: IBM Rational Application Developer for WebSphere
 CVE-2009-4051 (Home FTP Server 1.10.1.139 allows remote attackers to cause a
denial ...)
-	TODO: check
+	NOT-FOR-US: Home FTP Server
 CVE-2009-4050 (Directory traversal vulnerability in get_file.php in
phpMyBackupPro ...)
-	TODO: check
+	NOT-FOR-US: phpMyBackupPro
 CVE-2009-4049 (Heap-based buffer overflow in aswRdr.sys (aka the TDI RDR
driver) in ...)
-	TODO: check
+	NOT-FOR-US: avast
 CVE-2009-4048 (Dxmsoft XM Easy Personal FTP Server 5.8.0 allows remote
authenticated ...)
-	TODO: check
+	NOT-FOR-US: Dxmsoft XM Easy Personal FTP Server
 CVE-2009-4047 (Multiple cross-site scripting (XSS) vulnerabilities in PHD Help
Desk ...)
-	TODO: check
+	NOT-FOR-US: PHD Help Desk
 CVE-2009-XXXX [Cacti priviledge scalation]
 	- cacti <unfixed> (low)
 	TODO: check
@@ -77,11 +77,11 @@
 CVE-2009-4045 (Multiple SQL injection vulnerabilities in FrontAccounting (FA)
before ...)
 	NOT-FOR-US: FrontAccounting
 CVE-2009-4044 (The Web Services module 6.x for Drupal does not perform the
expected ...)
-	TODO: check
+	NOT-FOR-US: Web Services module for Drupal
 CVE-2009-4043 (Cross-site scripting (XSS) vulnerability in the AddToAny module
5.x ...)
-	TODO: check
+	NOT-FOR-US: module for Drupal
 CVE-2009-4042 (Cross-site scripting (XSS) vulnerability in the RootCandy theme
6.x ...)
-	TODO: check
+	NOT-FOR-US: theme for Drupal
 CVE-2009-4041 (UseBB 1.0.9 before 1.0.10 allows remote attackers to cause a
denial of ...)
 	NOT-FOR-US: UseBB
 CVE-2009-4040 (Cross-site scripting (XSS) vulnerability in phpMyFAQ before
2.0.17 and ...)
@@ -89,7 +89,7 @@
 CVE-2009-4039 (Cross-site scripting (XSS) vulnerability in Piwigo before 2.0.6
allows ...)
 	NOT-FOR-US: Piwigo
 CVE-2009-4038 (Multiple cross-site scripting (XSS) vulnerabilities in NCH
Software ...)
-	TODO: check
+	NOT-FOR-US: NCH Software Axon Virtual PBX
 CVE-2009-4037 (Multiple SQL injection vulnerabilities in FrontAccounting (FA)
before ...)
 	NOT-FOR-US: FrontAccounting
 CVE-2009-4036
@@ -441,7 +441,7 @@
 	NOT-FOR-US: Sun Solaris
 CVE-2009-3896 (src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through
...)
 	{DSA-1920-1}
-	TODO: check
+	- nginx 0.7.62-1
 CVE-2009-3895 (Heap-based buffer overflow in the exif_entry_fix function (aka
the tag ...)
 	- libexif 0.6.19-1 (medium; bug #557137)
 	[lenny] - libexif <not-affected> (Only 0.6.18 is affected)