thr3ads.net - Secure testing commits - [Secure-testing-commits] r17767

If this information is useful, please help other people find it:
Share via:
Helmut Grohne
2011-Dec-09 20:41 UTC
[Secure-testing-commits] r17767 - data/CVE

Author: helmut-guest
Date: 2011-12-09 20:41:00 +0000 (Fri, 09 Dec 2011)
New Revision: 17767

Modified:
   data/CVE/list
Log:
NFUs, <undetermined>, <removed>

Modified: data/CVE/list
==================================================================---
data/CVE/list	2011-12-09 09:14:21 UTC (rev 17766)
+++ data/CVE/list	2011-12-09 20:41:00 UTC (rev 17767)
@@ -2157,7 +2157,7 @@
 CVE-2010-4873 (Cross-site scripting (XSS) vulnerability in confirm.php in WeBid
0.8.5 ...)
 	NOT-FOR-US: WeBid
 CVE-2010-4872 (SQL injection vulnerability in newsroom.asp in ASPilot Pilot
Cart 7.3 ...)
-	NOT-FOR-US: SmartFTP
+	NOT-FOR-US: ASPilot Pilot Cart
 CVE-2010-4871 (Unspecified vulnerability in SmartFTP before 4.0 Build 1142
allows ...)
 	NOT-FOR-US: SmartFTP
 CVE-2010-4870 (SQL injection vulnerability in index.php in BloofoxCMS 0.3.5
allows ...)
@@ -3318,6 +3318,7 @@
 CVE-2011-3579 (server/webmail.php in IceWarp WebMail in IceWarp Mail Server
before ...)
 	NOT-FOR-US: IceWarp Mail Server
 CVE-2011-3578 (Cross-site scripting (XSS) vulnerability in ...)
+	- mantis <undetermined>
 	TODO: check, whether this was fixed in the DSA for CVE-2011-3357
 CVE-2004-2770
 	REJECTED
@@ -3860,7 +3861,7 @@
 	TODO: file bug for kolab-cyrus-imapd
 	NOTE: medium because it allows to exploit CVE-2011-3208 unauthenticated
 CVE-2011-3371 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
-	NOTE: PunBB
+	NOT-FOR-US: PunBB
 CVE-2011-3370
 	RESERVED
 CVE-2011-3369 (The add_conversation function in conversations.c in EtherApe
before ...)
@@ -4778,7 +4779,7 @@
 CVE-2011-3010 (Multiple cross-site scripting (XSS) vulnerabilities in TWiki
before ...)
 	NOT-FOR-US: Twiki
 CVE-2011-3009 (Ruby before 1.8.6-p114 does not reset the random seed upon
forking, ...)
-	TODO: check
+	- ruby1.8 <undetermined>
 CVE-2011-3008 (The default configuration of Avaya Secure Access Link (SAL)
Gateway ...)
 	NOT-FOR-US: Avaya Secure Access Link Gateway
 CVE-2008-7298 (The Android browser in Android cannot properly restrict
modifications ...)
@@ -7143,7 +7144,7 @@
 	{DSA-2271-1}
 	- curl 7.21.6-2 (high; bug #631615)
 CVE-2011-2191 (Cross-site request forgery (CSRF) vulnerability in
Cherokee-admin in ...)
-	TODO: check
+	- cherokee <undetermined>
 CVE-2011-2189 (net/core/net_namespace.c in the Linux kernel 2.6.32 and earlier
does ...)
 	- linux-2.6 2.6.35-1 (low)
 	[lenny] - linux-2.6 <no-dsa> (attacker needs elevated CAP_SYS_ADMIN
privileges to abuse this)
@@ -9641,7 +9642,7 @@
 CVE-2011-1341 (Cross-site request forgery (CSRF) vulnerability in Aimluck Aipo
before ...)
 	NOT-FOR-US: Aimluck Aipo
 CVE-2011-1340 (Cross-site scripting (XSS) vulnerability in ...)
-	TODO: check
+	- plone3 <removed>
 CVE-2011-1339 (Cross-site scripting (XSS) vulnerability in Google Search
Appliance ...)
 	NOT-FOR-US: Google Search Appliance
 CVE-2011-1338 (Untrusted search path vulnerability in XnView before 1.98.1
allows ...)
Secure testing commits - Dec 2011 - r17767 - data/CVE

[Secure-testing-commits] r17767 - data/CVE
