thr3ads.net - Secure testing commits - [Secure-testing-commits] r19672

If this information is useful, please help other people find it:
Share via:
Yves-Alexis Perez
2012-Jul-06 06:42 UTC
[Secure-testing-commits] r19672 - data/CVE

Author: corsac
Date: 2012-07-06 06:42:55 +0000 (Fri, 06 Jul 2012)
New Revision: 19672

Modified:
   data/CVE/list
Log:
fix a bunch of TODO: check (mostly NFUs)


Modified: data/CVE/list
==================================================================---
data/CVE/list	2012-07-06 06:10:55 UTC (rev 19671)
+++ data/CVE/list	2012-07-06 06:42:55 UTC (rev 19672)
@@ -2,41 +2,41 @@
 	- nginx 1.2.1-2
 	[squeeze] - nginx <not-affected> (naxsi package was introduced in
1.1.18-1)
 CVE-2012-3847 (slssvc.exe in Invensys Wonderware SuiteLink in Invensys InTouch
2012 ...)
-	TODO: check
+	NOT-FOR-US: Windows utility
 CVE-2012-3846 (Cross-site scripting (XSS) vulnerability in index.php in
PHP-pastebin ...)
-	TODO: check
+	NOT-FOR-US: php-pastebin not in Debian
 CVE-2012-3845 (Buffer overflow in LAN Messenger 1.2.28 and earlier allows
remote ...)
-	TODO: check
+	NOT-FOR-US: LAN Messenger not in Debian
 CVE-2012-3844 (Cross-site scripting (XSS) vulnerability in vBulletin 4.1.12
allows ...)
-	TODO: check
+	NOT-FOR-US: vBulletin not in Debian
 CVE-2012-3843 (Cross-site scripting (XSS) vulnerability in the registration
page in ...)
-	TODO: check
+	NOT-FOR-US: e107 not in Debian
 CVE-2012-3842 (Multiple cross-site scripting (XSS) vulnerabilities in
CMD_DOMAIN in ...)
-	TODO: check
+	NOT-FOR-US: DirectAdmin not in Debian
 CVE-2012-3841 (Untrusted search path vulnerability in KMPlayer 3.2.0.19 allows
local ...)
-	TODO: check
+	NOT-FOR-US: KMPlayer not in Debian (not the KDE interface to mplayer)
 CVE-2012-3840 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
-	TODO: check
+	NOT-FOR-US: MyClientBase not in Debian
 CVE-2012-3839 (Multiple SQL injection vulnerabilities in ...)
-	TODO: check
+	NOT-FOR-US: MyClientBase not in Debian
 CVE-2012-3838 (Gekko before 1.2.0 allows remote attackers to obtain the
installation ...)
-	TODO: check
+	NOT-FOR-US: Baby Gekko not in Debian
 CVE-2012-3837 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
-	TODO: check
+	NOT-FOR-US: Baby Gekko not in Debian
 CVE-2012-3836 (Multiple cross-site scripting (XSS) vulnerabilities in Baby
Gekko ...)
-	TODO: check
+	NOT-FOR-US: Baby Gekko not in Debian
 CVE-2012-3835 (Multiple cross-site scripting (XSS) vulnerabilities in
AlienVault Open ...)
-	TODO: check
+	NOT-FOR-US: OSSIM not in Debian (different from Open Source Software Image
Map)
 CVE-2012-3834 (SQL injection vulnerability in forensics/base_qry_main.php in
...)
-	TODO: check
+	NOT-FOR-US: OSSIM not in Debian (different from Open Source Software Image
Map)
 CVE-2012-3833 (Cross-site scripting (XSS) vulnerability in the default index
page in ...)
-	TODO: check
+	NOT-FOR-US: Quick.CMS not in Debian
 CVE-2012-3832 (Cross-site scripting (XSS) vulnerability in decoda/Decoda.php in
...)
-	TODO: check
+	NOT-FOR-US: Decoda not in Debian
 CVE-2012-3831 (Cross-site scripting (XSS) vulnerability in
decoda/templates/video.php ...)
-	TODO: check
+	NOT-FOR-US: Decoda not in Debian
 CVE-2012-3830 (Cross-site scripting (XSS) vulnerability in
decoda/templates/video.php ...)
-	TODO: check
+	NOT-FOR-US: Decoda not in Debian
 CVE-2012-3829 (Joomla! 2.5.3 allows remote attackers to obtain the installation
path ...)
 	- joomla <itp> (bug #571794)
 CVE-2012-3828 (Cross-site scripting (XSS) vulnerability in Joomla! 2.5.3 allows
...)
@@ -44,7 +44,7 @@
 CVE-2012-3827
 	RESERVED
 CVE-2011-5096 (Stack-based buffer overflow in cstore.exe in the Media
Application ...)
-	TODO: check
+	NOT-FOR-US: Not in Debian
 CVE-2012-3826 (Multiple integer underflows in Wireshark 1.4.x before 1.4.13 and
1.6.x ...)
 	- wireshark 1.6.8-1 (unimportant)
 	[squeeze] - wireshark <not-affected> (vulnerable code appeared in
1.4/1.6)
@@ -92,7 +92,7 @@
 	RESERVED
 	- asterisk <unfixed>
 CVE-2012-3811 (Unrestricted file upload vulnerability in ImageUpload.ashx in
the ...)
-	TODO: check
+	NOT-FOR-US: Not in Debian
 CVE-2012-3810
 	RESERVED
 CVE-2012-3809
@@ -1752,7 +1752,7 @@
 CVE-2012-3008
 	RESERVED
 CVE-2012-3007 (Stack-based buffer overflow in slssvc.exe before 58.x in
Invensys ...)
-	TODO: check
+	NOT-FOR-US: Not in Debian
 CVE-2012-3006 (The Innominate mGuard Smart HW before HW-101130 and BD before
...)
 	NOT-FOR-US: Innominate mGuard Smart
 CVE-2012-3005
@@ -2754,9 +2754,9 @@
 CVE-2012-2561 (HP Business Service Management (BSM) 9.12 does not properly
restrict ...)
 	NOT-FOR-US: HP Business Service Management
 CVE-2012-2560 (Directory traversal vulnerability in WellinTech KingView 6.53
allows ...)
-	TODO: check
+	NOT-FOR-US: Not in Debian
 CVE-2012-2559 (WellinTech KingHistorian 3.0 allows remote attackers to execute
...)
-	TODO: check
+	NOT-FOR-US: Not in Debian
 CVE-2012-2558
 	RESERVED
 CVE-2012-2557
@@ -2842,9 +2842,9 @@
 CVE-2012-2517
 	RESERVED
 CVE-2012-2516 (An ActiveX control in KeyHelp.ocx in KeyWorks KeyHelp Module
(aka the ...)
-	TODO: check
+	NOT-FOR-US: KeyWorks not in Debian
 CVE-2012-2515 (Multiple stack-based buffer overflows in the KeyHelp.KeyCtrl.1
ActiveX ...)
-	TODO: check
+	NOT-FOR-US: KeyWorks not in Debian
 CVE-2012-2514 (The DiagiEventSource function in disp+work.exe 7010.29.15.58313
and ...)
 	NOT-FOR-US: SAP NetWeaver
 CVE-2012-2513 (The Diaginput function in disp+work.exe 7010.29.15.58313 and
...)
@@ -3808,7 +3808,7 @@
 CVE-2012-2182
 	RESERVED
 CVE-2012-2181 (Directory traversal vulnerability in the Dojo module in IBM
WebSphere ...)
-	TODO: check
+	NOT-FOR-US: IBM WebSphere not in Debian
 CVE-2012-2180 (The chaining functionality in the Distributed Relational
Database ...)
 	NOT-FOR-US: IBM DB2
 CVE-2012-2179 (libodm.a in IBM AIX 5.3, 6.1, and 7.1 allows local users to
overwrite ...)
@@ -4680,11 +4680,11 @@
 CVE-2012-1833
 	RESERVED
 CVE-2012-1832 (WellinTech KingView 6.53 allows remote attackers to execute
arbitrary ...)
-	TODO: check
+	NOT-FOR-US: WellinTech KingView not in Debian
 CVE-2012-1831 (Heap-based buffer overflow in WellinTech KingView 6.53 allows
remote ...)
-	TODO: check
+	NOT-FOR-US: WellinTech KingView not in Debian
 CVE-2012-1830 (Stack-based buffer overflow in WellinTech KingView 6.53 allows
remote ...)
-	TODO: check
+	NOT-FOR-US: WellinTech KingView not in Debian
 CVE-2012-1829 (Multiple cross-site scripting (XSS) vulnerabilities in AutoFORM
PDM ...)
 	NOT-FOR-US: AutoFORM PDM Archive
 CVE-2012-1828 (The administrative functions in AutoFORM PDM Archive before 7.1
do not ...)
@@ -11052,7 +11052,7 @@
 CVE-2011-4409 (The Ubuntu One Client for Ubuntu 10.04 LTS, 11.04, 11.10, and
12.04 ...)
 	NOT-FOR-US: Ubuntu One
 CVE-2011-4408 (The Single Sign On Client (ubuntu-sso-client) for Ubuntu 11.04
and ...)
-	TODO: check
+	- ubuntu-sso-client <unfixed>
 CVE-2011-4407 [apt-add-repository does not perform ssl verification where it
*needs* to]
 	RESERVED
 	- software-properties 0.76.7debian2+nmu2
@@ -13391,6 +13391,9 @@
 	RESERVED
 CVE-2011-3671 (Use-after-free vulnerability in the nsHTMLSelectElement function
in ...)
 	TODO: check
+	- icedove <unfixed>
+	- iceweasel <unfixed>
+	- iceape <unfixed>
 CVE-2011-3670 (Mozilla Firefox before 3.6.26 and 4.x through 6.0, Thunderbird
before ...)
 	{DSA-2406-1 DSA-2402-1 DSA-2400-1}
 	- icedove 7.0-1
Secure testing commits - Jul 2012 - r19672 - data/CVE

[Secure-testing-commits] r19672 - data/CVE
