Secure testing commits - Nov 2005 - r2830 - data/CVE

Author: stef-guest
Date: 2005-11-22 20:49:06 +0000 (Tue, 22 Nov 2005)
New Revision: 2830

Modified:
   data/CVE/list
Log:
some NFUs, claim squid

Modified: data/CVE/list
==================================================================---
data/CVE/list	2005-11-22 20:23:49 UTC (rev 2829)
+++ data/CVE/list	2005-11-22 20:49:06 UTC (rev 2830)
@@ -358,7 +358,7 @@
 CVE-2005-3592 (index.php CuteNews 1.4.0 and earlier allows remote attackers to
obtain ...)
 	NOT-FOR-US: CuteNews
 CVE-2005-3591 (Macromedia Flash plugin (1) Flash.ocx 7.0.19.0 (Windows) and
earlier ...)
-	- flashplugin-nonfree (bug #339290; high)
+	- flashplugin-nonfree <unfixed> (bug #339290; high)
 CVE-2005-3589 (Buffer overflow in FileZilla Server Terminal 0.9.4d may allow
remote ...)
 	NOT-FOR-US: FileZilla
 CVE-2005-3588 (SQL injection vulnerability in admin.php in Advanced Guestbook
2.2 ...)
@@ -522,7 +522,7 @@
 CVE-2005-3509 (Multiple SQL injection vulnerabilities in JPortal allow remote
...)
 	NOT-FOR-US: JPortal
 CVE-2005-3508 (SQL injection vulnerability in showGallery.php in Gallery
(Galerie) ...)
-	TODO: check
+	NOT-FOR-US: Tonio gallery (not the one in the gallery debian package)
 CVE-2005-3507 (Directory traversal vulnerability in CuteNews 1.4.1 allows
remote ...)
 	NOT-FOR-US: CuteNews
 CVE-2005-3506 (Cross-site scripting (XSS) vulnerability in proxy.asp in Sambar
Server ...)
@@ -672,9 +672,9 @@
 CVE-2003-1234 (Integer overflow in the f_count counter in FreeBSD before 4.2
through ...)
 	NOT-FOR-US: Old FreeBSD bug, should be fixed wrt the KFreeBSD port
 CVE-2002-2207 (Buffer overflow in ssldump 0.9b2 and earlier, when running in
...)
-	TODO: check
+	- ssldump 0.9b3
 CVE-2002-2206 (The POP3 proxy service (POPROXY.EXE) in Norton AntiVirus 2001
allows ...)
-	TODO: check
+	NOT-FOR-US: Norton AntiVirus
 CVE-2002-2205 (Buffer overflow in Webresolve 0.1.0 and earlier allows remote
...)
 	TODO: check
 CVE-2002-2204 (The default --checksig setting in RPM Package Manager 4.0.4
checks ...)
@@ -1252,8 +1252,10 @@
 CVE-2005-3323 (docutils in Zope 2.6, 2.7 before 2.7.8, and 2.8 before 2.8.2
allows ...)
 	- zope2.8 2.8.1-7 (bug #334055; bug #334054; high)
 	- zope2.7 2.7.8-1 (bug #334055; bug #334054; high)
+begin claimed-by stef-guest
 CVE-2005-3322 (Unspecified vulnerability in Squid on SUSE Linux 9.0 allows
remote ...)
 	TODO: check
+end claimed-by stef-guest
 CVE-2005-3321 (chkstat in SuSE Linux 9.0 through 10.0 allows local users to
modify ...)
 	NOT-FOR-US: SuSE-specific tool
 CVE-2005-3320 (Cross-site scripting (XSS) vulnerability in SiteTurn Domain
Manager ...)