Author: stef-guest Date: 2006-12-01 23:53:26 +0100 (Fri, 01 Dec 2006) New Revision: 5042 Modified: data/CVE/list Log: remove some more 2002 TODOs Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-12-01 22:39:30 UTC (rev 5041) +++ data/CVE/list 2006-12-01 22:53:26 UTC (rev 5042) @@ -17368,7 +17368,6 @@ NOT-FOR-US: Macromedia JRun CVE-2002-2185 (The Internet Group Management Protocol (IGMP) allows local users to ...) NOTE: fixed in IRIX.. - TODO: check CVE-2002-2184 (Digi-Net Technologies DigiChat 3.5 allows chat users to obtain the IP ...) NOT-FOR-US: DigiChat CVE-2002-2183 (phpShare.php in phpShare before 0.6 beta 3 allows remote attackers to ...) @@ -20754,7 +20753,7 @@ CVE-2002-2088 (The MOSIX Project clump/os 5.4 creates a default VNC account without a ...) NOT-FOR-US: clump/os CVE-2002-2087 (Buffer overflow in Borland InterBase 6.0 allows local users to execute ...) - TODO: check firebird as it''s based on InterBase 6.0 + NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1580 (Directory traversal vulnerability in ScriptEase viewcode.jse for ...) NOT-FOR-US: ScriptEase CVE-2001-1579 (The timed program (in.timed) in UnixWare 7 and OpenUnix 8.0.0 does not ...) @@ -21628,13 +21627,13 @@ CVE-2002-2014 (Lotus Domino 5.0.8 web server returns different error messages when a ...) NOT-FOR-US: Lotus Domino CVE-2002-2013 (Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote ...) - TODO: Check this, Mozilla is in the archive + NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2012 (Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for ...) NOT-FOR-US: Apache CVE-2002-2011 (Cross-site scripting (XSS) vulnerability in the fom CGI program ...) NOT-FOR-US: faqomatic CVE-2002-2010 (Cross-site scripting (XSS) vulnerability in htsearch.cgi in htdig ...) - TODO: Check this, htdig is in the archive + NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2009 (Apache Tomcat 4.0.1 allows remote attackers to obtain the web root ...) NOT-FOR-US: Tomcat CVE-2002-2008 (Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the ...) @@ -35642,9 +35641,6 @@ - openssl 0.9.6g-1 CVE-2002-1567 (Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows ...) NOTE: tomcat4 cross-site scripting vuln - NOTE: not sure if it''s a problem or not - NOTE: contacted package maintainers, they think it''s not vulnerable. - TODO: waiting for further information. CVE-2002-1566 (netris 0.5, and possibly other versions before 0.52, when running with ...) - netris 0.52-1 CVE-2002-1565 (Buffer overflow in url_filename function for wget 1.8.1 allows ...) @@ -35820,7 +35816,6 @@ NOT-FOR-US: HP CVE-2002-1423 (tmp_view.php in FUDforum before 2.2.0 allows remote attackers to read ...) - phpgroupware <not-affected> (Issue in fudforum 2.2.0. fudforum in phpgroupware-fudforum is 2.5.x) - TODO: Check egroupware for this and CVE-2002-1422 and CVE-2004-1421 CVE-2002-1422 (admbrowse.php in FUDforum before 2.2.0 allows remote attackers to ...) - phpgroupware <not-affected> (Issue in fudforum 2.2.0. fudforum in phpgroupware-fudforum is 2.5.x) CVE-2002-1421 (SQL injection vulnerabilities in FUDforum before 2.2.0 allow remote ...) @@ -35921,7 +35916,6 @@ RESERVED CVE-2002-1345 (Directory traversal vulnerabilities in multiple FTP clients on UNIX ...) NOTE: multiple ftp client issues - TODO: check wget, ftp, ncftp, etc. CVE-2002-1344 (Directory traversal vulnerability in wget before 1.8.2-4 allows a ...) {DSA-209} - wget 1.8.2-8 @@ -36203,7 +36197,6 @@ - purity 1-16 CVE-2002-1121 (SMTP content filter engines, including (1) GFI MailSecurity for ...) NOTE: Some SMTP mailscanners can be bypassed by fragmenting messages. - TODO: check Debian mailscanners, if any. CVE-2002-1120 (Buffer overflow in Savant Web Server 3.1 and earlier allows remote ...) NOT-FOR-US: Savant Web Server CVE-2002-1115 (Mantis 0.17.4a and earlier allows remote attackers to view private ...) @@ -37463,7 +37456,6 @@ CVE-2002-1265 (The Sun RPC functionality in multiple libc implementations does not ...) NOTE: don''t know which version of glibc fix this NOTE: I''ve mailed maintainers. - TODO: check CVE-2002-1264 (Buffer overflow in Oracle iSQL*Plus web application of the Oracle 9 ...) NOT-FOR-US: oracle CVE-2002-1260 (The Java Database Connectivity (JDBC) APIs in Microsoft Virtual ...)