Secure testing commits - Jul 2010 - r15080 - data/CVE

Author: jmm-guest
Date: 2010-07-31 15:15:43 +0000 (Sat, 31 Jul 2010)
New Revision: 15080

Modified:
   data/CVE/list
Log:
- hsolink removed
- libmikmod was incompletely fixed, new CVE ID
- separate CVE ID for remaining mydms issue
- NFUs


Modified: data/CVE/list
==================================================================---
data/CVE/list	2010-07-31 14:26:07 UTC (rev 15079)
+++ data/CVE/list	2010-07-31 15:15:43 UTC (rev 15080)
@@ -1,5 +1,5 @@
 CVE-2010-2913 (The Citibank Citi Mobile app before 2.0.3 for iOS stores account
data ...)
-	TODO: check
+	NOT-FOR-US: Citibank Citi Mobile app
 CVE-2010-2912 (SQL injection vulnerability in index.php in Kayako eSupport
3.70.02 ...)
 	NOT-FOR-US: Kayako eSupport
 CVE-2010-2911 (SQL injection vulnerability in index.php in Kayako eSupport
3.70.02 ...)
@@ -651,19 +651,19 @@
 CVE-2010-2653
 	RESERVED
 CVE-2009-4935 (SQL injection vulnerability in ogp_show.php in Online Guestbook
Pro ...)
-	TODO: check
+	NOT-FOR-US: Online Guestbook Pro
 CVE-2009-4934 (Cross-site scripting (XSS) vulnerability in index.php in Online
Photo ...)
-	TODO: check
+	NOT-FOR-US: Online Photo Pro
 CVE-2009-4933 (Multiple SQL injection vulnerabilities in login.php in EZ
Webitor ...)
-	TODO: check
+	NOT-FOR-US: EZ Webitor
 CVE-2009-4932 (Stack-based buffer overflow in 1by1 1.67 (aka 1.6.7.0) allows
remote ...)
-	TODO: check
+	NOT-FOR-US: 1by1
 CVE-2009-4931 (Stack-based buffer overflow in Groovy Media Player 1.1.0 allows
remote ...)
-	TODO: check
+	NOT-FOR-US: Groovy Media Player 
 CVE-2009-4930 (Cross-site scripting (XSS) vulnerability in the ...)
-	TODO: check
+	NOT-FOR-US: SunGard Banner Student System 
 CVE-2009-4929 (admin/manage_users.php in TotalCalendar 2.4 does not require
...)
-	TODO: check
+	NOT-FOR-US: TotalCalendar 
 CVE-2009-4928 (PHP remote file inclusion vulnerability in config.php in
TotalCalendar ...)
 	TODO: check
 CVE-2009-4927 (WB News 2.1.2 allows remote attackers to bypass authentication
and ...)
@@ -924,8 +924,9 @@
 	RESERVED
 	{DSA-2076-1}
 	- gnupg2 2.0.14-2
-CVE-2010-2546
+CVE-2010-2546 [incomplete fix for CVE-2009-3995]
 	RESERVED
+	- libmikmod 3.1.11-6.3
 CVE-2010-2545
 	RESERVED
 CVE-2010-2544
@@ -2302,7 +2303,7 @@
 	- mysql-5.1 5.1.48-1
 	- mysql-dfsg-5.0 <removed>
 CVE-2010-2007 (Multiple cross-site request forgery (CSRF) vulnerabilities in
LetoDMS ...)
-	- mydms <unfixed> (bug #582587; medium)
+	- mydms <unfixed> (bug #590904; medium)
 	NOTE: seems to have changed name to letoDMS
 CVE-2010-2006 (Directory traversal vulnerability in op/op.Login.php in LetoDMS
...)
 	- mydms <unfixed> (bug #582587; medium)
@@ -3171,7 +3172,7 @@
 	RESERVED
 CVE-2010-1671 [hsolink local root exploit]
 	RESERVED
-	- hsolink <unfixed> (bug #590670)
+	- hsolink <removed> (bug #590670)
 CVE-2010-1670 (Mahara before 1.0.15, 1.1.x before 1.1.9, and 1.2.x before 1.2.5
has ...)
 	{DSA-2067-1}
 	- mahara 1.2.5-1