Author: nion
Date: 2008-01-09 13:47:55 +0000 (Wed, 09 Jan 2008)
New Revision: 7863
Modified:
data/CVE/list
Log:
NFUs
CVE-2007-5965 fixed in qt4-x11 4.3.3-1, does not affect qt3
Modified: data/CVE/list
==================================================================---
data/CVE/list 2008-01-09 13:09:13 UTC (rev 7862)
+++ data/CVE/list 2008-01-09 13:47:55 UTC (rev 7863)
@@ -134,27 +134,28 @@
[etch] - asterisk <not-affected> (Only Asterisk 1.4.x affected)
[sarge] - asterisk <not-affected> (Only Asterisk 1.4.x affected)
CVE-2008-0094 (Multiple directory traversal vulnerabilities in MODx Content
...)
- TODO: check
+ NOT-FOR-US: MODx Content Management System
CVE-2008-0093 (Multiple cross-site scripting (XSS) vulnerabilities in
newticket.php ...)
- TODO: check
+ NOT-FOR-US: eTicket
CVE-2007-6676 (The default configuration of Uber Uploader (UU) 5.3.6 and
earlier does ...)
- TODO: check
+ NOT-FOR-US: Uber Uploader
CVE-2007-6675 (The b_system_comments_show function in ...)
- TODO: check
+ NOT-FOR-US: XOOPS
CVE-2007-6674 (Cross-site scripting (XSS) vulnerability in Default.asp in
RapidShare ...)
- TODO: check
+ NOT-FOR-US: RapidShare Database
CVE-2007-6673 (Cross-site scripting (XSS) vulnerability in Makale Scripti
allows ...)
- TODO: check
+ NOT-FOR-US: Makale Scripti
CVE-2007-6672 (Directory traversal vulnerability in Mortbay Jetty 6.1.5 and
6.1.6 ...)
TODO: check
+ NOTE: poked upstream if this does affect jetty 5 as well
CVE-2007-6671 (SQL injection vulnerability in login_form.asp in Instant
Softwares ...)
- TODO: check
+ NOT-FOR-US: Instant Softwares Dating Site
CVE-2007-6670 (SQL injection vulnerability in search.php in PHCDownload 1.1.0
allows ...)
- TODO: check
+ NOT-FOR-US: PHCDownload
CVE-2007-6669 (Cross-site scripting (XSS) vulnerability in search.php in
PHCDownload ...)
- TODO: check
+ NOT-FOR-US: PHCDownload
CVE-2007-6668 (admin/uploadgames.php in MySpace Content Zone (MCZ) 3.x does not
...)
- TODO: check
+ NOT-FOR-US: MySpace Content Zone
CVE-2008-XXXX [splitvt fails to drop group utmp priviledges]
- splitvt 1.6.6-4
CVE-2008-XXXX [wordpress information leak]
@@ -1984,7 +1985,8 @@
{DSA-1436-1}
- linux-2.6 2.6.23-2
CVE-2007-5965 (QSslSocket in Trolltech Qt 4.3.0 through 4.3.2 does not properly
...)
- TODO: check
+ - qt4-x11 4.3.3-1
+ - qt-x11-free <not-affected> (Vulnerable code not present)
CVE-2007-5964 (The default configuration of autofs 5 in Red Hat Enterprise
Linux ...)
- autofs 3.1.4-8 (medium)
- autofs5 <unfixed>
@@ -2518,7 +2520,7 @@
CVE-2007-5762
RESERVED
CVE-2007-5761 (The NantSys device 5.0.0.115 in Motorola netOctopus 5.1.2 build
1011 ...)
- TODO: check
+ NOT-FOR-US: Motorola netOctopus
CVE-2007-5760
RESERVED
CVE-2007-5759
@@ -3052,7 +3054,7 @@
CVE-2007-5666
RESERVED
CVE-2007-5665 (STEngine.exe 3.5.0.20 in Novell ZENworks Endpoint Security
Management ...)
- TODO: check
+ NOT-FOR-US: Novell ZENworks Endpoint Security Management
CVE-2007-5664
RESERVED
CVE-2007-5663
@@ -4241,7 +4243,7 @@
CVE-2007-5353
RESERVED
CVE-2007-5352 (Unspecified vulnerability in Local Security Authority Subsystem
...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows
CVE-2007-5351 (Unspecified vulnerability in Server Message Block Version 2
(SMBv2) ...)
NOT-FOR-US: Microsoft Vista
CVE-2007-5350 (Unspecified vulnerability in the Windows Advanced Local
Procedure Call ...)
@@ -17495,13 +17497,13 @@
CVE-2007-0070
RESERVED
CVE-2007-0069 (Unspecified vulnerability in the kernel in Microsoft Windows XP
SP2, ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows
CVE-2007-0068 (IBM Lotus Domino 7.0.x before 7.0.3 does not revalidate the
signature ...)
NOT-FOR-US: IBM Lotus Domino
CVE-2007-0067 (Unspecified vulnerability in the Lotus Domino Web Server 6.0,
6.5.x ...)
NOT-FOR-US: Lotus Domino Server
CVE-2007-0066 (Unspecified vulnerability in the kernel in Microsoft Windows
2000 SP4, ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows
CVE-2007-0065
RESERVED
CVE-2007-0064 (Heap-based buffer overflow in Windows Media Format Runtime 7.1,
9, ...)