Secure testing commits - Sep 2007 - r6532 - data/CVE

Author: nion
Date: 2007-09-07 12:57:01 +0000 (Fri, 07 Sep 2007)
New Revision: 6532

Modified:
   data/CVE/list
Log:
NFUs
tomcat5.5-webapps not prone to CVE-2007-4724, tomcat5-webapps in etch is
CVE-2007-4721 fixed in wireshark 0.99.6pre1-1
claroline CVE-2007-4718 and CVE-2007-4717 marked as itp


Modified: data/CVE/list
==================================================================---
data/CVE/list	2007-09-07 12:24:26 UTC (rev 6531)
+++ data/CVE/list	2007-09-07 12:57:01 UTC (rev 6532)
@@ -14,37 +14,39 @@
 CVE-2007-4727
 	RESERVED
 CVE-2007-4726 (Directory traversal vulnerability in Web Oddity 0.09b allows
remote ...)
-	TODO: check
+	NOT-FOR-US: Web Oddity
 CVE-2007-4725 (Stack consumption vulnerability in AkkyWareHOUSE 7-zip32.dll
before ...)
-	TODO: check
+	NOT-FOR-US: AkkyWareHOUSE
 CVE-2007-4724 (Cross-site request forgery (CSRF) vulnerability in cal2.jsp in
the ...)
-	TODO: check
+	- tomcat5.5-webapps <not-affected> (Version already ships fixed files)
+	- tomcat5-webapps <unfixed> (low; bug #441205)
+	NOTE: DSA should not be required, minor issue, jsp just present as example
 CVE-2007-4723 (Directory traversal vulnerability in Ragnarok Online Control
Panel ...)
-	TODO: check
+	NOT-FOR-US: Ragnarok
 CVE-2007-4722 (Multiple stack-based buffer overflows in the Quantum Streaming
...)
-	TODO: check
+	NOT-FOR-US: Quantum Streaming
 CVE-2007-4721 (Integer signedness error in the DNP3 dissector in Wireshark
0.99.5 and ...)
-	TODO: check
+	- wireshark 0.99.6pre1-1 (medium)
 CVE-2007-4720 (Unspecified vulnerability in the Shared Trace Service in Hitachi
...)
-	TODO: check
+	NOT-FOR-US: Hitachi
 CVE-2007-4719 (SQL injection vulnerability in read.php in 212cafeBoard 6.30
Beta ...)
-	TODO: check
+	NOT-FOR-US: 212cafeBoard
 CVE-2007-4718 (Directory traversal vulnerability in inc/lib/language.lib.php in
...)
-	TODO: check
+	- claroline <itp> (bug #386911)
 CVE-2007-4717 (Multiple cross-site scripting (XSS) vulnerabilities in Claroline
...)
-	TODO: check
+	- claroline <itp> (bug #386911)
 CVE-2007-4716 (Multiple SQL injection vulnerabilities in PHD Help Desk before
1.31 ...)
-	TODO: check
+	NOT-FOR-US: PHD Help Desk
 CVE-2007-4715 (Multiple PHP remote file inclusion vulnerabilities in
Weblogicnet ...)
-	TODO: check
+	NOT-FOR-US: Weblogicnet
 CVE-2007-4714 (SQL injection vulnerability in error_view.php in Yvora 1.0
allows ...)
-	TODO: check
+	NOT-FOR-US: Yvora
 CVE-2007-4713 (Multiple cross-site scripting (XSS) vulnerabilities in
urchin.cgi in ...)
-	TODO: check
+	NOT-FOR-US: Urchin
 CVE-2007-4712 (PHP remote file inclusion vulnerability in index.php in eNetman
1 ...)
-	TODO: check
+	NOT-FOR-US: eNetman
 CVE-2007-4711 (Multiple cross-site scripting (XSS) vulnerabilities in Toms
Gaestebuch ...)
-	TODO: check
+	NOT-FOR-US: Toms Gaestebuch
 CVE-2007-4710
 	RESERVED
 CVE-2007-4709