thr3ads.net - Secure testing commits - [Secure-testing-commits] r2573

If this information is useful, please help other people find it:
Share via:
Micah Anderson
2005-Oct-25 21:39 UTC
[Secure-testing-commits] r2573 - data/CVE

Author: micah
Date: 2005-10-25 21:38:40 +0000 (Tue, 25 Oct 2005)
New Revision: 2573

Modified:
   data/CVE/list
Log:
Replace all the remaining NFUs with:
NOTE: not-for-us (\(.*\)) with NOT-FOR-US: \1


Modified: data/CVE/list
==================================================================---
data/CVE/list	2005-10-25 21:26:13 UTC (rev 2572)
+++ data/CVE/list	2005-10-25 21:38:40 UTC (rev 2573)
@@ -18080,46 +18080,46 @@
 	TODO: check
 	- gallery 1.3-3
 CVE-2004-0356 (Stack-based buffer overflow in Supervisor Report Center in SL
Mail Pro ...)
-	NOTE: not-for-us (windows mta)
+	NOT-FOR-US: windows mta
 CVE-2004-0347 (Cross-site scripting (XSS) vulnerability in delhomepage.cgi in
...)
-	NOTE: not-for-us (juniper router)
+	NOT-FOR-US: juniper router
 CVE-2004-0336 (LAN SUITE Web Mail 602Pro allows remote attackers to gain
sensitive ...)
-	NOTE: not-for-us (windows mta)
+	NOT-FOR-US: windows mta
 CVE-2004-0320 (Unknown vulnerability in nCipher Hardware Security Modules (HSM)
...)
-	NOTE: not-for-us (ncipher hardware)
+	NOT-FOR-US: ncipher hardware
 CVE-2004-0309 (Stack-based buffer overflow in the SMTP service support in
vsmon.exe ...)
-	NOTE: not-for-us (windows firewall)
+	NOT-FOR-US: windows firewall
 CVE-2004-0307 (Cisco ONS 15327 before 4.1(3), ONS 15454 before 4.6(1), and ONS
15454 ...)
-	NOTE: not-for-us (cisco)
+	NOT-FOR-US: cisco
 CVE-2004-0306 (Cisco ONS 15327 before 4.1(3), ONS 15454 before 4.6(1), ONS
15454 SD ...)
-	NOTE: not-for-us (cisco)
+	NOT-FOR-US: cisco
 CVE-2004-0297 (Buffer overflow in the Lightweight Directory Access Protocol
(LDAP) ...)
-	NOTE: not-for-us (windows mta)
+	NOT-FOR-US: windows mta
 CVE-2004-0276 (The get_real_string function in Monkey HTTP Daemon (monkeyd)
0.8.1 and ...)
-	NOTE: not-for-us (monkeyd, not in debian)
+	NOT-FOR-US: monkeyd, not in debian
 CVE-2004-0274 (Share.mod in Eggheads Eggdrop IRC bot 1.6.10 through 1.6.15 can
...)
 	- eggdrop 1.6.17
 CVE-2004-0273 (Directory traversal vulnerability in RealOne Player, RealOne
Player ...)
-	NOTE: not-for-us (realone player)
+	NOT-FOR-US: realone player
 CVE-2004-0270 (libclamav in Clam AntiVirus 0.65 allows remote attackers to
cause a ...)
 	- libclamav1 0.80
 CVE-2004-0263 (PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak
global ...)
 	- libapache-mod-php4 4.3.9
 CVE-2004-0261 (oj.cgi in OpenJournal 2.0 through 2.0.5 allows remote attackers
to ...)
-	NOTE: not-for-us (openjournal, not in debian)
+	NOT-FOR-US: openjournal, not in debian
 CVE-2004-0257 (OpenBSD 3.4 and NetBSD 1.6 and 1.6.1 allow remote attackers to
cause a ...)
-	NOTE: not-for-us (open/netbsd)
+	NOT-FOR-US: open/netbsd
 CVE-2004-0256 (GNU libtool before 1.5.2, during compile time, allows local
users to ...)
 	- libtool 1.5.6
 CVE-2004-0194 (Stack-based buffer overflow in the OutputDebugString function
for ...)
-	NOTE: not-for-us (acroread)
+	NOT-FOR-US: acroread
 CVE-2004-0193 (Heap-based buffer overflow in the ISS Protocol Analysis Module
(PAM), ...)
-	NOTE: not-for-us (realsecure/blackice)
+	NOT-FOR-US: realsecure/blackice
 CVE-2004-0191 (Mozilla before 1.4.2 executes Javascript events in the context
of a ...)
 	- mozilla-browser 2:1.7.3
 	TODO: test
 CVE-2004-0190 (Symantec FireWall/VPN Appliance model 200 records a cleartext
...)
-	NOTE: not-for-us (symantec)
+	NOT-FOR-US: symantec
 CVE-2004-0189 (The &quot;%xx&quot; URL decoding function in Squid
2.5STABLE4 and earlier allows ...)
 	{DSA-474}
 CVE-2004-0188 (Heap-based buffer overflow in Calife 2.8.5 and earlier may allow
local ...)
@@ -18131,15 +18131,15 @@
 	{DSA-457}
 	- wu-ftpd 2.6.2-17.2
 CVE-2004-0173 (Directory traversal vulnerability in Apache 1.3.29 and earlier,
and ...)
-	NOTE: not-for-us (apache/cygwin)
+	NOT-FOR-US: apache/cygwin
 CVE-2004-0171 (FreeBSD 5.1 and earlier, and Mac OS X before 10.3.4, allows
remote ...)
-	NOTE: not-for-us (freebsd/os x)
+	NOT-FOR-US: freebsd/os x
 CVE-2004-0169 (QuickTime Streaming Server in MacOS X 10.2.8 and 10.3.2 allows
remote ...)
-	NOTE: not-for-us (os x)
+	NOT-FOR-US: os x
 CVE-2004-0167 (DiskArbitration in Mac OS X 10.2.8 and 10.3.2 does not properly
...)
-	NOTE: not-for-us (os x)
+	NOT-FOR-US: os x
 CVE-2004-0165 (Format string vulnerability in Point-to-Point Protocol (PPP)
daemon ...)
-	NOTE: not-for-us (os x)
+	NOT-FOR-US: os x
 CVE-2004-0160 (Synaesthesia 2.2 and earlier allows local users to execute
arbitrary ...)
 	{DSA-446}
 CVE-2004-0159 (Format string vulnerability in hsftp 1.11 allows remote
authenticated ...)
@@ -18150,21 +18150,21 @@
 	{DSA-457}
 	- wu-ftpd 2.6.2-17.2
 CVE-2004-0131 (The rad_print_request function in logger.c for GNU Radius daemon
...)
-	NOTE: not-for-us (gnu radiusd, not in debian)
+	NOT-FOR-US: gnu radiusd, not in debian
 CVE-2004-0129 (Directory traversal vulnerability in export.php in phpMyAdmin
2.5.5 ...)
 	- phpmyadmin 2:2.6.0-pl2
 CVE-2004-0128 (PHP remote code injection vulnerability in the GEDCOM
configuration ...)
-	NOTE: not-for-us (phpgedview, not in debian)
+	NOT-FOR-US: phpgedview, not in debian
 CVE-2004-0126 (The jail_attach system call in FreeBSD 5.1 and 5.2 changes the
...)
-	NOTE: not-for-us (freebsd)
+	NOT-FOR-US: freebsd
 CVE-2004-0122 (Microsoft MSN Messenger 6.0 and 6.1 does not properly handle
certain ...)
-	NOTE: not-for-us (microsoft)
+	NOT-FOR-US: microsoft
 CVE-2004-0121 (Argument injection vulnerability in Microsoft Outlook 2002 does
not ...)
-	NOTE: not-for-us (microsoft)
+	NOT-FOR-US: microsoft
 CVE-2004-0115 (VirtualPC_Services in Microsoft Virtual PC for Mac 6.0 through
6.1 ...)
-	NOTE: not-for-us (microsoft)
+	NOT-FOR-US: microsoft
 CVE-2004-0114 (The shmat system call in the System V Shared Memory interface
for ...)
-	NOTE: not-for-us (bsd)
+	NOT-FOR-US: bsd
 CVE-2004-0113 (Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before
2.0.49 ...)
 	- apache2 2.0.52
 CVE-2004-0111 (gdk-pixbuf before 0.20 allows attackers to cause a denial of
service ...)
@@ -18172,22 +18172,22 @@
 CVE-2004-0108 (The isag utility, which processes sysstat data, allows local
users to ...)
 	{DSA-460}
 CVE-2004-0099 (mksnap_ffs in FreeBSD 5.1 and 5.2 only sets the snapshot flag
when ...)
-	NOTE: not-for-us (freebsd)
+	NOT-FOR-US: freebsd
 CVE-2004-0096 (Unknown vulnerability in mod_python 2.7.9 allows remote
attackers to ...)
 	- libapache-mod-python 2:2.7.10
 CVE-2004-0095 (McAfee ePolicy Orchestrator agent allows remote attackers to
cause a ...)
-	NOTE: not-for-us (mcafee)
+	NOT-FOR-US: mcafee
 CVE-2004-0094 (Integer signedness errors in XFree86 4.1.0 allow remote
attackers to ...)
 	{DSA-443}
 CVE-2004-0093 (XFree86 4.1.0 allows remote attackers to cause a denial of
service and ...)
 	{DSA-443}
 CVE-2004-0089 (Buffer overflow in TruBlueEnvironment in Mac OS X 10.3.x and
10.2.x ...)
-	NOTE: not-for-us (os x)
+	NOT-FOR-US: os x
 CVE-2004-0082 (The mksmbpasswd shell script (mksmbpasswd.sh) in Samba 3.0.0 and
...)
 	- samba 3.0.7
 	TODO: test
 CVE-2004-0080 (The login program in util-linux 2.11 and earlier uses a pointer
after ...)
-	NOTE: not-for-us (debian uses different login)
+	NOT-FOR-US: debian uses different login
 CVE-2004-0078 (Buffer overflow in the index menu code (menu_pad_string of
menu.c) for ...)
 	- mutt 1.5.6-20040722+1
 	TODO: test
@@ -18198,30 +18198,30 @@
 	NOTE: fixed in 2.4.26-pre3
 	TODO: test
 CVE-2004-0070 (PHP remote code injection vulnerability in module.php for
ezContents ...)
-	NOTE: not-for-us (ezcontents, commercial)
+	NOT-FOR-US: ezcontents, commercial
 CVE-2004-0068 (PHP remote code injection vulnerability in config.php for PhpDig
1.6.5 ...)
-	NOTE: not-for-us (phpdig, not in debian)
+	NOT-FOR-US: phpdig, not in debian
 CVE-2004-0063 (The SPP_VerifyPVV function in nCipher payShield SPP library
1.3.12, ...)
-	NOTE: not-for-us (ncipher hsm)
+	NOT-FOR-US: ncipher hsm
 CVE-2004-0049 (Helix Universal Server/Proxy 9 and Mobile Server 10 allow remote
...)
-	NOTE: not-for-us (real helix)
+	NOT-FOR-US: real helix
 CVE-2004-0045 (Buffer overflow in the ARTpost function in art.c in the control
...)
 	- inn2 2.4.1+20040820
 	TODO: test
 CVE-2004-0044 (Cisco Personal Assistant 1.4(1) and 1.4(2) disables password
...)
-	NOTE: not-for-us (cisco)
+	NOT-FOR-US: cisco
 CVE-2004-0040 (Stack-based buffer overflow in Check Point VPN-1 Server 4.1
through ...)
-	NOTE: not-for-us (checkpoint)
+	NOT-FOR-US: checkpoint
 CVE-2004-0036 (SQL injection vulnerability in calendar.php for vBulletin Forum
2.3.x ...)
-	NOTE: not-for-us (vbulletin, commercial)
+	NOT-FOR-US: vbulletin, commercial
 CVE-2004-0035 (SQL injection vulnerability in register.php for Phorum 3.4.5 and
...)
-	NOTE: not-for-us (phorum, not in debian)
+	NOT-FOR-US: phorum, not in debian
 CVE-2004-0033 (admin.php in PHPGEDVIEW 2.61 allows remote attackers to obtain
...)
-	NOTE: not-for-us (phpgedview, not in debian)
+	NOT-FOR-US: phpgedview, not in debian
 CVE-2004-0032 (Cross-site scripting (XSS) vulnerability in search.php in
PHPGEDVIEW ...)
-	NOTE: not-for-us (phpgedview, not in debian)
+	NOT-FOR-US: phpgedview, not in debian
 CVE-2004-0031 (PHPGEDVIEW 2.61 allows remote attackers to reinstall the
software and ...)
-	NOTE: not-for-us (phpgedview, not in debian)
+	NOT-FOR-US: phpgedview, not in debian
 CVE-2004-0028 (jitterbug 1.6.2 does not properly sanitize inputs, which allows
remote ...)
 	{DSA-420}
 CVE-2004-0016 (The calendar module for phpgroupware 0.9.14 does not enforce the
&quot;save ...)
@@ -18236,20 +18236,20 @@
 	- apache-ssl 1.3.31
 	TODO: test
 CVE-2004-0004 (The libCheckSignature function in crypto-utils.lib for OpenCA
0.9.1.6 ...)
-	NOTE: not-for-us (openca, not in debian)
+	NOT-FOR-US: openca, not in debian
 CVE-2004-0001 (Unknown vulnerability in the eflags checking in the 32-bit
ptrace ...)
 	- kernel-image-2.6.8-9-amd64-generic
 	TODO: what version?
 	TODO: test?
 CVE-2003-1328 (The showHelp() function in Microsoft Internet Explorer 5.01,
5.5, and ...)
-	NOTE: not-for-us (windows)
+	NOT-FOR-US: windows
 CVE-2003-1326 (Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers
...)
-	NOTE: not-for-us (windows)
+	NOT-FOR-US: windows
 CVE-2003-1022 (Directory traversal vulnerability in fsp before 2.81.b18 allows
remote ...)
 	{DSA-416}
 	- fsp 2.81.b18-1
 CVE-2003-0994 (The GUI functionality for an interactive session in Symantec
...)
-	NOTE: not-for-us (norton)
+	NOT-FOR-US: norton
 CVE-2003-0993 (mod_access in Apache 1.3 before 1.3.30, when running big-endian
64-bit ...)
 	- apache 1.3.29.0.2-4
 CVE-2003-0991 (Unknown vulnerability in the mail command handler in Mailman
before ...)
@@ -18266,16 +18266,16 @@
 	{DSA-411}
 	- mpg321 0.2.10.3
 CVE-2003-0966 (Buffer overflow in the frm command in elm 2.5.6 and earlier, and
...)
-	NOTE: not-for-us (elm)
+	NOT-FOR-US: elm
 CVE-2003-0924 (netpbm 9.25 and earlier does not properly create temporary
files, ...)
 	{DSA-426}
 	- netpbm-free 2:9.25-9
 CVE-2003-0905 (Unknown vulnerability in Windows Media Station Service and
Windows ...)
-	NOTE: not-for-us (microsoft)
+	NOT-FOR-US: microsoft
 CVE-2003-0903 (Buffer overflow in a component of Microsoft Data Access
Components ...)
-	NOTE: not-for-us (microsoft)
+	NOT-FOR-US: microsoft
 CVE-2003-0825 (The Windows Internet Naming Service (WINS) for Microsoft Windows
...)
-	NOTE: not-for-us (microsoft)
+	NOT-FOR-US: microsoft
 CVE-2003-0145 (Unknown vulnerability in tcpdump before 3.7.2 related to an
inability ...)
 	{DSA-261}
 	- tcpdump 3.7.2-1
@@ -18283,13 +18283,13 @@
 	{DSA-259}
 	- qpopper 4.0.4-9
 CVE-2003-0125 (Buffer overflow in the web interface for SOHO Routefinder 550
before ...)
-	NOTE: not-for-us (SOHO Routefinder)
+	NOT-FOR-US: SOHO Routefinder
 CVE-2003-0124 (man before 1.51 allows attackers to execute arbitrary code via a
...)
-	NOTE: not-for-us (man before 1.51)
+	NOT-FOR-US: man before 1.51
 CVE-2003-0123 (Buffer overflow in Web Retriever client for Lotus Notes/Domino
R4.5 ...)
-	NOTE: not-for-us (lotus notes)
+	NOT-FOR-US: lotus notes
 CVE-2003-0122 (Buffer overflow in Notes server before Lotus Notes R4, R5 before
...)
-	NOTE: not-for-us (lotus notes)
+	NOT-FOR-US: lotus notes
 CVE-2003-0120 (adb2mhc in the mhc-utils package before 0.25+20010625-7.1 allows
local ...)
 	{DSA-256}
 	- mhc 0.25+20030224-1
@@ -18299,39 +18299,39 @@
 CVE-2003-0107 (Buffer overflow in the gzprintf function in zlib 1.1.4, when
zlib is ...)
 	- zlib 1:1.1.4-10	
 CVE-2003-0104 (Directory traversal vulnerability in PeopleTools 8.10 through
8.18, ...)
-	NOTE: not-for-us (peopletools)
+	NOT-FOR-US: peopletools
 CVE-2003-0103 (Format string vulnerability in Nokia 6210 handset allows remote
...)
-	NOTE: not-for-us (nokia handset)
+	NOT-FOR-US: nokia handset
 CVE-2003-0102 (Buffer overflow in tryelf() in readelf.c of the file command
allows ...)
 	{DSA-260}
 	- file 3.40-1.1
 CVE-2003-0100 (Buffer overflow in Cisco IOS 11.2.x to 12.0.x allows remote
attackers ...)
-	NOTE: not-for-us (cisco)
+	NOT-FOR-US: cisco
 CVE-2003-0097 (Unknown vulnerability in CGI module for PHP 4.3.0 allows
attackers to ...)
 	- php4 4:4.3.2+rc3-1
 CVE-2003-0095 (Buffer overflow in ORACLE.EXE for Oracle Database Server 9i, 8i,
...)
-	NOTE: not-for-us (oracle)
+	NOT-FOR-US: oracle
 CVE-2003-0094 (A patch for mcookie in the util-linux package for Mandrake Linux
8.2 ...)
-	NOTE: not-for-us (mandrake specific)
+	NOT-FOR-US: mandrake specific
 CVE-2003-0093 (The RADIUS decoder in tcpdump 3.6.2 and earlier allows remote
...)
 	{DSA-261}
 	- tcpdump 3.7.1-1
 CVE-2003-0088 (TruBlueEnvironment for MacOS 10.2.3 and earlier allows local
users to ...)
-	NOTE: not-for-us (macosX)
+	NOT-FOR-US: macosX
 CVE-2003-0087 (Buffer overflow in libIM library (libIM.a) for National Language
...)
-	NOTE: not-for-us (AIX)
+	NOT-FOR-US: AIX
 CVE-2003-0081 (Format string vulnerability in packet-socks.c of the SOCKS
dissector ...)
 	{DSA-258}
 	- ethereal 0.9.9-2
 CVE-2003-0079 (The DEC UDK processing feature in the hanterm (hanterm-xf)
terminal ...)
-	NOTE: not-for-us (hanterm before 2.0.5)
+	NOT-FOR-US: hanterm before 2.0.5
 CVE-2003-0078 (ssl3_get_record in s3_pkt.c for OpenSSL before 0.9.7a and 0.9.6
before ...)
 	{DSA-253}
 	- openssl 0.9.7a-1
 CVE-2003-0077 (The hanterm (hanterm-xf) terminal emulator 2.0.5 and earlier,
and ...)
-	NOTE: not-for-us (hanterm before 2.0.5)
+	NOT-FOR-US: hanterm before 2.0.5
 CVE-2003-0075 (Integer signedness error in the myFseek function of samplein.c
for ...)
-	NOTE: not-for-us (blade encoder not in Debian)
+	NOT-FOR-US: blade encoder not in Debian
 CVE-2003-0073 (Double-free vulnerability in mysqld for MySQL before 3.23.55
allows ...)
 	{DSA-303}
 	- mysql 4.0.12-2
@@ -18354,32 +18354,32 @@
 	- rxvt 1:2.6.4-6.1 (bug #244810)
 	NOTE: woody version is still vulnerable
 CVE-2003-0065 (The uxterm terminal emulator allows attackers to modify the
window ...)
-	NOTE: not-for-us (uxterm not in Debian)
+	NOT-FOR-US: uxterm not in Debian
 CVE-2003-0064 (The dtterm terminal emulator allows attackers to modify the
window ...)
-	NOTE: not-for-us (dtterm not in Debian)
+	NOT-FOR-US: dtterm not in Debian
 CVE-2003-0063 (The xterm terminal emulator in XFree86 4.2.0 and earlier allows
...)
 	{DSA-380}
 	- xfree86 4.2.1-11
 CVE-2003-0062 (Buffer overflow in Eset Software NOD32 for UNIX before 1.013
allows ...)
-	NOTE: not-for-us (NOD32 not in Debian)
+	NOT-FOR-US: NOD32 not in Debian
 CVE-2003-0059 (Unknown vulnerability in the chk_trans.c of the libkrb5 library
for ...)
 	- krb5 1.2.5-1
 CVE-2003-0058 (MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5
allows ...)
 	- krb5 1.2.5-1
 CVE-2003-0055 (Buffer overflow in the MP3 broadcasting module of Apple Darwin
...)
-	NOTE: not-for-us (apple)
+	NOT-FOR-US: apple
 CVE-2003-0054 (Apple Darwin Streaming Administration Server 4.1.2 and QuickTime
...)
-	NOTE: not-for-us (apple)
+	NOT-FOR-US: apple
 CVE-2003-0053 (Cross-site scripting (XSS) vulnerability in parse_xml.cgi in
Apple ...)
-	NOTE: not-for-us (apple)
+	NOT-FOR-US: apple
 CVE-2003-0052 (parse_xml.cgi in Apple Darwin Streaming Administration Server
4.1.2 ...)
-	NOTE: not-for-us (apple)
+	NOT-FOR-US: apple
 CVE-2003-0051 (parse_xml.cgi in Apple Darwin Streaming Administration Server
4.1.2 ...)
-	NOTE: not-for-us (apple)
+	NOT-FOR-US: apple
 CVE-2003-0050 (parse_xml.cgi in Apple Darwin Streaming Administration Server
4.1.2 ...)
-	NOTE: not-for-us (apple)
+	NOT-FOR-US: apple
 CVE-2003-0045 (Jakarta Tomcat before 3.3.1a on certain Windows systems may
allow ...)
-	NOTE: not-for-us (windows)
+	NOT-FOR-US: windows
 CVE-2003-0043 (Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or
earlier, ...)
 	{DSA-246}
 	- tomcat 3.3.1a-1
@@ -18396,7 +18396,7 @@
 	{DSA-228}
 	- libmcrypt 2.5.5-1
 CVE-2003-0027 (Directory traversal vulnerability in Sun Kodak Color Management
System ...)
-	NOTE: not-for-us (sun)
+	NOT-FOR-US: sun
 CVE-2003-0024 (The menuBar feature in aterm 0.42 allows attackers to modify
menu ...)
 	NOTE: I have mailed Goran Weinholt <weinholt@debian.org> about this. 
 	NOTE: Goran Weinholt <weinholt@debian.org> tell me that aterm 0.4.2 was 
@@ -18414,14 +18414,14 @@
 	- apache2 2.0.49
 	- apache 1.3.29.0.2-4
 CVE-2003-0019 (uml_net in the kernel-utils package for Red Hat Linux 8.0 has
...)
-	NOTE: not-for-us (redhat 8.0 only)
+	NOT-FOR-US: redhat 8.0 only
 CVE-2003-0018 (Linux kernel 2.4.10 through 2.4.21-pre4 does not properly handle
the ...)
 	{DSA-423 DSA-358}
 	NOTE: fixed after 2.6/2.4.21 kernel
 CVE-2003-0017 (Apache 2.0 before 2.0.44 on Windows platforms allows remote
attackers ...)
-	NOTE: not-for-us (apache on windows)
+	NOT-FOR-US: apache on windows
 CVE-2003-0016 (Apache before 2.0.44, when running on unpatched Windows 9x and
Me ...)
-	NOTE: not-for-us (apache on windows)
+	NOT-FOR-US: apache on windows
 CVE-2003-0015 (Double-free vulnerabiity in CVS 1.11.4 and earlier allows remote
...)
 	{DSA-233}
 	- cvs 1.11.2-5.1
@@ -18432,37 +18432,37 @@
 	{DSA-230}
 	- bugzilla 2.16.2-1
 CVE-2003-0009 (Cross-site scripting (XSS) vulnerability in Help and Support
Center ...)
-	NOTE: not-for-us (windows)
+	NOT-FOR-US: windows
 CVE-2003-0007 (Microsoft Outlook 2002 does not properly handle requests to
encrypt ...)
-	NOTE: not-for-us (windows)
+	NOT-FOR-US: windows
 CVE-2003-0004 (Buffer overflow in the Windows Redirector function in Microsoft
...)
-	NOTE: not-for-us (windows)
+	NOT-FOR-US: windows
 CVE-2003-0003 (Buffer overflow in the RPC Locator service for Microsoft Windows
NT ...)
-	NOTE: not-for-us (windows)
+	NOT-FOR-US: windows
 CVE-2003-0002 (Cross-site scripting vulnerability (XSS) in ManualLogin.asp
script for ...)
-	NOTE: not-for-us (windows)
+	NOT-FOR-US: windows
 CVE-2002-1574 (Buffer overflow in the ixj telephony card driver in Linux before
...)
 	NOTE: fixed after 2.6/2.4.20 kernel
 CVE-2002-1560 (index.php in gBook 1.4 allows remote attackers to bypass ...)
-	NOTE: not-for-us (gbook not in Debian)
+	NOT-FOR-US: gbook not in Debian
 CVE-2002-1552 (Novell eDirectory (eDir) 8.6.2 and Netware 5.1 eDir 85.x allows
users ...)
-	NOTE: not-for-us (novell)
+	NOT-FOR-US: novell
 CVE-2002-1550 (dump_smutil.sh in IBM AIX allows local users to overwrite
arbitrary ...)
-	NOTE: not-for-us (AIX)
+	NOT-FOR-US: AIX
 CVE-2002-1549 (Buffer overflow in Light HTTPd (lhttpd) 0.1 allows remote
attackers to ...)
-	NOTE: not-for-us (lhttpd not in Debian)
+	NOT-FOR-US: lhttpd not in Debian
 CVE-2002-1548 (Unknown vulnerability in autofs on AIX 4.3.0, when using
executable ...)
-	NOTE: not-for-us (AIX)
+	NOT-FOR-US: AIX
 CVE-2002-1547 (Netscreen running ScreenOS 4.0.0r6 and earlier allows remote
attackers ...)
-	NOTE: not-for-us (Netscreen)
+	NOT-FOR-US: Netscreen
 CVE-2002-1543 (Buffer overflow in trek on NetBSD 1.5 through 1.5.3 allows local
users ...)
-	NOTE: not-for-us (NetBSD)
+	NOT-FOR-US: NetBSD
 CVE-2002-1541 (BadBlue 1.7 allows remote attackers to bypass password
protections for ...)
-	NOTE: not-for-us (BadBlue not in Debian)
+	NOT-FOR-US: BadBlue not in Debian
 CVE-2002-1540 (The client for Symantec Norton AntiVirus Corporate Edition 7.5.x
...)
-	NOTE: not-for-us (norton)
+	NOT-FOR-US: norton
 CVE-2002-1538 (Acuma Acusend 4, and possibly earlier versions, allows remote
...)
-	NOTE: not-for-us (acusend not in Debian)
+	NOT-FOR-US: acusend not in Debian
 CVE-2002-1537 (admin_ug_auth.php in phpBB 2.0.0 allows local users to gain ...)
 	- phpbb2 2.0.6c-1
 	NOTE: according to http://www.securityfocus.com/archive/1/297419
@@ -18472,57 +18472,57 @@
 	NOTE: see: http://www.securityfocus.com/archive/1/294206
 	TODO: check
 CVE-2002-1532 (The administrative web interface (STEMWADM) for SurfControl
SuperScout ...)
-	NOTE: not-for-us (surfcontrol)
+	NOT-FOR-US: surfcontrol
 CVE-2002-1531 (The administrative web interface (STEMWADM) for SurfControl
SuperScout ...)
-	NOTE: not-for-us (surfcontrol)
+	NOT-FOR-US: surfcontrol
 CVE-2002-1530 (The administrative web interface (STEMWADM) for SurfControl
SuperScout ...)
-	NOTE: not-for-us (surfcontrol)
+	NOT-FOR-US: surfcontrol
 CVE-2002-1529 (Cross-site scripting (XSS) vulnerability in msgError.asp for the
...)
-	NOTE: not-for-us (surfcontrol)
+	NOT-FOR-US: surfcontrol
 CVE-2002-1528 (MsmMask.exe in MondoSearch 4.4 allows remote attackers to obtain
the ...)
-	NOTE: not-for-us (mondosearch)
+	NOT-FOR-US: mondosearch
 CVE-2002-1524 (Buffer overflow in XML parser in wsabi.dll of Winamp 3
(1.0.0.488) ...)
-	NOTE: not-for-us (winamp)
+	NOT-FOR-US: winamp
 CVE-2002-1521 (Web Server 4D (WS4D) 3.6 stores passwords in plaintext in the
Ws4d.4DD ...)
-	NOTE: not-for-us (webserver 4D)
+	NOT-FOR-US: webserver 4D
 CVE-2002-1520 (The CLI interface for WatchGuard Firebox Vclass 3.2 and earlier,
and ...)
-	NOTE: not-for-us (WatchGuard)
+	NOT-FOR-US: WatchGuard
 CVE-2002-1519 (Format string vulnerability in the CLI interface for WatchGuard
...)
-	NOTE: not-for-us (WatchGuard)
+	NOT-FOR-US: WatchGuard
 CVE-2002-1518 (mv in IRIX 6.5 creates a directory with world-writable
permissions ...)
-	NOTE: not-for-us (IRIX)
+	NOT-FOR-US: IRIX
 CVE-2002-1517 (fsr_efs in IRIX 6.5 allows local users to conduct unauthorized
file ...)
-	NOTE: not-for-us (IRIX)
+	NOT-FOR-US: IRIX
 CVE-2002-1516 (rpcbind in SGI IRIX, when using the -w command line switch,
allows ...)
-	NOTE: not-for-us (IRIX)
+	NOT-FOR-US: IRIX
 CVE-2002-1514 (gds_lock_mgr in Borland InterBase allows local users to
overwrite ...)
-	NOTE: not-for-us (interbase)
+	NOT-FOR-US: interbase
 CVE-2002-1513 (The UCX POP server in HP TCP/IP services for OpenVMS 4.2 through
5.3 ...)
-	NOTE: not-for-us (OpenVMS)
+	NOT-FOR-US: OpenVMS
 CVE-2002-1511 (The vncserver wrapper for vnc before 3.3.3r2-21 uses the rand()
...)
 	- vnc 3.3.3r2-21
 CVE-2002-1510 (xdm, with the authComplain variable set to false, allows
arbitrary ...)
 	- xfree86 4.1.0-7
 CVE-2002-1509 (A patch for shadow-utils 20000902 causes the useradd command to
create ...)
-	NOTE: not-for-us (redhat and mandrake only)
+	NOT-FOR-US: redhat and mandrake only
 CVE-2002-1505 (SQL injection vulnerability in board.php for WoltLab Burning
Board ...)
-	NOTE: not-for-us (WoltLab Burning Board not in Debian)
+	NOT-FOR-US: WoltLab Burning Board not in Debian
 CVE-2002-1502 (Symbolic link vulnerability in xbreaky before 0.5.5 allows local
users ...)
-	NOTE: not-for-us (xbreaky not in Debian)
+	NOT-FOR-US: xbreaky not in Debian
 CVE-2002-1501 (The MPS functionality in Enterasys SSR8000 (Smart Switch Router)
...)
-	NOTE: not-for-us (Enterasys)
+	NOT-FOR-US: Enterasys
 CVE-2002-1497 (Cross-site scripting (XSS) vulnerability in Null HTTP Server
0.5.0 and ...)
-	NOTE: not-for-us (Null HTTP Server not in Debian)
+	NOT-FOR-US: Null HTTP Server not in Debian
 CVE-2002-1496 (Heap-based buffer overflow in Null HTTP Server 0.5.0 and earlier
...)
-	NOTE: not-for-us (Null HTTP Server not in Debian)
+	NOT-FOR-US: Null HTTP Server not in Debian
 CVE-2002-1494 (Cross-site scripting (XSS) vulnerabilities in Aestiva HTML/OS
allows ...)
-	NOTE: not-for-us (Aestiva)
+	NOT-FOR-US: Aestiva
 CVE-2002-1493 (Cross-site scripting (XSS) vulnerability in Lycos HTMLGear
guestbook ...)
-	NOTE: not-for-us (Lycos)
+	NOT-FOR-US: Lycos
 CVE-2002-1491 (The Cisco VPN 5000 Client for MacOS before 5.2.2 records the
most ...)
-	NOTE: not-for-us (Cisco VPN 5000 Client for MacOS)
+	NOT-FOR-US: Cisco VPN 5000 Client for MacOS
 CVE-2002-1490 (NetBSD 1.4 through 1.6 beta allows local users to cause a denial
of ...)
-	NOTE: not-for-us (NetBSD)
+	NOT-FOR-US: NetBSD
 CVE-2002-1479 (Cacti before 0.6.8 stores a MySQL username and password in
plaintext ...)
 	- cacti 0.6.8-1
 CVE-2002-1478 (Cacti before 0.6.8 allows attackers to execute arbitrary
commands via ...)
@@ -18532,7 +18532,7 @@
 	{DSA-164}
 	- cacti 0.6.8a-2
 CVE-2002-1476 (Buffer overflow in setlocale in libc on NetBSD 1.4.x through
1.6, and ...)
-	NOTE: not-for-us (NetBSD)
+	NOT-FOR-US: NetBSD
 CVE-2002-1472 (libX11.so in xfree86, when used in setuid or setgid programs,
allows ...)
 	- xfree86 4.2.1-1
 	NOTE: Accordong to http://www.securityfocus.com/bid/5735/info/
@@ -18547,46 +18547,46 @@
 	NOTE: according to http://sublimation.org/scponly/ (scponly home page)
 	NOTE: only versions of scponly older than scponly-2.4 are affected
 CVE-2002-1468 (Buffer overflow in errpt in AIX 4.3.3 allows local users to
execute ...)
-	NOTE: not-for-us (AIX)
+	NOT-FOR-US: AIX
 CVE-2002-1463 (Symantec Raptor Firewall 6.5 and 6.5.3, Enterprise Firewall
6.5.2 and ...)
-	NOTE: not-for-us (symantec)
+	NOT-FOR-US: symantec
 CVE-2002-1448 (An undocumented SNMP read/write community string
(''NoGaH$@!'') in Avaya ...)
-	NOTE: not-for-us (Avaya P330, P130, and M770-ATM Cajun products)
+	NOT-FOR-US: Avaya P330, P130, and M770-ATM Cajun products
 CVE-2002-1447 (Buffer overflow in the vpnclient program for UNIX VPN Client
before ...)
-	NOTE: not-for-us (Cisco vpn client for UNIX)
+	NOT-FOR-US: Cisco vpn client for UNIX
 CVE-2002-1446 (The error checking routine used for the C_Verify call on a
symmetric ...)
-	NOTE: not-for-us (nCipher PKCS#11 library)
+	NOT-FOR-US: nCipher PKCS#11 library
 CVE-2002-1443 (The Google toolbar 1.1.58 and earlier allows remote web sites to
...)
-	NOTE: not-for-us (Google toolbar)
+	NOT-FOR-US: Google toolbar
 CVE-2002-1438 (The web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare
6 ...)
-	NOTE: not-for-us (Perl on Novell)
+	NOT-FOR-US: Perl on Novell
 CVE-2002-1437 (Directory traversal vulnerability in the web handler for Perl
5.003 on ...)
-	NOTE: not-for-us (Perl on Novell)
+	NOT-FOR-US: Perl on Novell
 CVE-2002-1436 (The web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare
6 ...)
-	NOTE: not-for-us (Perl on Novell)
+	NOT-FOR-US: Perl on Novell
 CVE-2002-1435 (class.atkdateattribute.js.php in Achievo 0.7.0 through 0.9.1,
except ...)
-	NOTE: not-for-us (Achievo not in Debian)
+	NOT-FOR-US: Achievo not in Debian
 CVE-2002-1430 (Unknown vulnerability in Sympoll 1.2 allows remote attackers to
read ...)
-	NOTE: not-for-us (Sympoll not in Debian)
+	NOT-FOR-US: Sympoll not in Debian
 CVE-2002-1425 (Directory traversal vulnerability in munpack in mpack 1.5 and
earlier ...)
 	{DSA-141}
 	- mpack 1.5-9
 CVE-2002-1424 (Buffer overflow in munpack in mpack 1.5 and earlier allows
remote ...)
 	- mpack 1.5-9
 CVE-2002-1420 (Integer signedness error in select() on OpenBSD 3.1 and earlier
allows ...)
-	NOTE: not-for-us (OpenBSD)
+	NOT-FOR-US: OpenBSD
 CVE-2002-1419 (The upgrade of IRIX on Origin 3000 to 6.5.13 through 6.5.16
changes ...)
-	NOTE: not-for-us (IRIX on Origin)
+	NOT-FOR-US: IRIX on Origin
 CVE-2002-1418 (Buffer overflow in the interpreter for Novell NetBasic Scripting
...)
-	NOTE: not-for-us (Novell NetBasic Scripting Server)
+	NOT-FOR-US: Novell NetBasic Scripting Server
 CVE-2002-1417 (Directory traversal vulnerability in Novell NetBasic Scripting
Server ...)
-	NOTE: not-for-us (Novell NetBasic Scripting Server)
+	NOT-FOR-US: Novell NetBasic Scripting Server
 CVE-2002-1414 (Buffer overflow in qmailadmin allows local users to gain
privileges ...)
 	- qmailadmin 1.0.6-1
 CVE-2002-1413 (RCONAG6 for Novell Netware SP2, while running RconJ in secure
mode, ...)
-	NOTE: not-for-us (RCONAG6 for Novell Netware SP2)
+	NOT-FOR-US: RCONAG6 for Novell Netware SP2
 CVE-2002-1407 (TinySSL 1.02 and earlier does not verify the Basic Constraints
for an ...)
-	NOTE: not-for-us (TinySSL not in Debian)
+	NOT-FOR-US: TinySSL not in Debian
 CVE-2002-1405 (CRLF injection vulnerability in Lynx 2.8.4 and earlier allows
remote ...)
 	{DSA-210}
 	- lynx 2.8.4.1b-4
@@ -18683,14 +18683,14 @@
 	- micq 0.4.9.4-1
 	NOTE: micq not in sarge
 CVE-2002-1361 (overflow.cgi CGI script in Sun Cobalt RaQ 4 with the SHP
(Security ...)
-	NOTE: not-for-us (sun)
+	NOT-FOR-US: sun
 CVE-2002-1350 (The BGP decoding routines in tcpdump 3.6.x before 3.7 do not
properly ...)
 	{DSA-206}
 	- tcpdump 3.7.1-1
 	NOTE: 3.7.1-1.2 fixes a different issue.
 	NOTE: The fix from 3.6.2-2.2 was not upload to unstable.
 CVE-2002-1349 (Buffer overflow in pop3trap.exe for PC-cillin 2000, 2002, and
2003 ...)
-	NOTE: not-for-us (PC-cillin)
+	NOT-FOR-US: PC-cillin
 CVE-2002-1348 (w3m before 0.3.2.2 does not properly escape HTML tags in the ALT
...)
 	{DSA-251 DSA-250 DSA-249}
 	- w3mmee 0.3.p24.17-3
@@ -18702,14 +18702,14 @@
 CVE-2002-1336 (TightVNC before 1.2.6 generates the same challenge string for
multiple ...)
 	- tightvnc 1.2.6-1
 CVE-2002-1327 (Buffer overflow in the Windows Shell function in Microsoft
Windows XP ...)
-	NOTE: not-for-us (windows)
+	NOT-FOR-US: windows
 CVE-2002-1325 (Microsoft Virtual Machine (VM) build 5.0.3805 and earlier allows
...)
-	NOTE: not-for-us (windows)
+	NOT-FOR-US: windows
 CVE-2002-1323 (Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier,
may ...)
 	{DSA-208}
 	- perl 5.8.0-14
 CVE-2002-1320 (Pine 4.44 and earlier allows remote attackers to cause a denial
of ...)
-	NOTE: not-for-us (pine not in Debian)
+	NOT-FOR-US: pine not in Debian
 CVE-2002-1319 (The Linux kernel 2.4.20 and earlier, and 2.5.x, when running on
x86 ...)
 	NOTE: fixed after 2.4.20 kernel (2.6 not vulnerable)
 CVE-2002-1318 (Buffer overflow in samba 2.2.2 through 2.2.6 allows remote
attackers ...)
@@ -18717,7 +18717,7 @@
 	- samba 2.99.cvs.20020713-1
 	NOTE: Problem in Samba 2, sarge uses Samba 3.
 CVE-2002-1317 (Buffer overflow in Dispatch() routine for XFS font server
(fs.auto) on ...)
-	NOTE: not-for-us (solaris)
+	NOT-FOR-US: solaris
 CVE-2002-1313 (nullmailer 1.00RC5 and earlier allows local users to cause a
denial of ...)
 	{DSA-198}
 	- nullmailer 1.00RC5-17
@@ -18731,7 +18731,7 @@
 	{DSA-199}
 	- mhonarc 2.5.13-1
 CVE-2002-1296 (Directory traversal vulnerability in priocntl system call in
Solaris ...)
-	NOTE: not-for-us (Solaris)
+	NOT-FOR-US: Solaris
 CVE-2002-1284 (The wizard in KGPG 0.6 through 0.8.2 does not properly provide
the ...)
 	- kdeutils 4:3.2.1-1
 CVE-2002-1278 (The mailconf module in Linuxconf 1.24, and other versions before
1.28, ...)
@@ -18740,61 +18740,61 @@
 	{DSA-190}
 	- wmaker 0.80.1-1
 CVE-2002-1272 (Alcatel OmniSwitch 7700/7800 switches running AOS 5.1.1 contains
a ...)
-	NOTE: not-for-us (Alcatel)
+	NOT-FOR-US: Alcatel
 CVE-2002-1271 (The Mail::Mailer Perl module in the perl-MailTools package 1.47
and ...)
 	{DSA-386}
 	- libmailtools-perl 1.51
 CVE-2002-1270 (Mac OS X 10.2.2 allows local users to read files that only allow
write ...)
-	NOTE: not-for-us (Mac OS X)
+	NOT-FOR-US: Mac OS X
 CVE-2002-1268 (Mac OS X 10.2.2 allows local users to gain privileges via a
mounted ...)
-	NOTE: not-for-us (Mac OS X)
+	NOT-FOR-US: Mac OS X
 CVE-2002-1267 (Mac OS X 10.2.2 allows remote attackers to cause a denial of
service ...)
-	NOTE: not-for-us (Mac OS X)
+	NOT-FOR-US: Mac OS X
 CVE-2002-1266 (Mac OS X 10.2.2 allows local users to gain privileges by
mounting a ...)
-	NOTE: not-for-us (Mac OS X)
+	NOT-FOR-US: Mac OS X
 CVE-2002-1265 (The Sun RPC functionality in multiple libc implementations does
not ...)
 	NOTE: don''t know which version of glibc fix this
 	NOTE: I''ve mailed maintainers.
 	TODO: check
 CVE-2002-1264 (Buffer overflow in Oracle iSQL*Plus web application of the
Oracle 9 ...)
-	NOTE: not-for-us (oracle)
+	NOT-FOR-US: oracle
 CVE-2002-1260 (The Java Database Connectivity (JDBC) APIs in Microsoft Virtual
...)
-	NOTE: not-for-us (Microsoft JVM)
+	NOT-FOR-US: Microsoft JVM
 CVE-2002-1257 (Microsoft Virtual Machine (VM) up to and including build
5.0.3805 ...)
-	NOTE: not-for-us (Microsoft JVM)
+	NOT-FOR-US: Microsoft JVM
 CVE-2002-1256 (The SMB signing capability in the Server Message Block (SMB)
protocol ...)
-	NOTE: not-for-us (Microsoft Windows)
+	NOT-FOR-US: Microsoft Windows
 CVE-2002-1255 (Microsoft Outlook 2002 allows remote attackers to cause a denial
of ...)
-	NOTE: not-for-us (Microsoft Outlook)
+	NOT-FOR-US: Microsoft Outlook
 CVE-2002-1253 (Abuse 2.00 and earlier allows local users to gain privileges via
...)
-	NOTE: not-for-us (Abuse 2.00 not in Debian)
+	NOT-FOR-US: Abuse 2.00 not in Debian
 CVE-2002-1252 (The Application Messaging Gateway for PeopleTools 8.1x before
8.19, as ...)
-	NOTE: not-for-us (PeopleSoft)
+	NOT-FOR-US: PeopleSoft
 CVE-2002-1251 (Buffer overflow in log2mail before 0.2.5.1 allows remote
attackers to ...)
 	{DSA-186}
 	- log2mail 0.2.6-1
 CVE-2002-1250 (Buffer overflow in Abuse 2.00 and earlier allows local users to
gain ...)
-	NOTE: not-for-us (Abuse 2.00 not in Debian)
+	NOT-FOR-US: Abuse 2.00 not in Debian
 CVE-2002-1248 (Northern Solutions Xeneo Web Server 2.1.0.0, 2.0.759.6, and
other ...)
-	NOTE: not-for-us (Xeneo Web Server)
+	NOT-FOR-US: Xeneo Web Server
 CVE-2002-1245 (Maped in LuxMan 0.41 uses the user-provided search path to find
and ...)
 	{DSA-189}
 	- luxman 0.41-19
 CVE-2002-1244 (Format string vulnerability in Pablo FTP Server 1.5, 1.3, and
possibly ...)
-	NOTE: not-for-us (Pablo FTP Server)
+	NOT-FOR-US: Pablo FTP Server
 CVE-2002-1242 (SQL injection vulnerability in PHP-Nuke before 6.0 allows remote
...)
-	NOTE: not-for-us (PHP-Nuke not in Debian)
+	NOT-FOR-US: PHP-Nuke not in Debian
 CVE-2002-1239 (QNX Neutrino RTOS 6.2.0 uses the PATH environment variable to
find and ...)
-	NOTE: not-for-us (QNX)
+	NOT-FOR-US: QNX
 CVE-2002-1236 (The remote management web server for Linksys BEFSR41 EtherFast
...)
-	NOTE: not-for-us (Linksys)
+	NOT-FOR-US: Linksys
 CVE-2002-1232 (Memory leak in ypdb_open in yp_db.c for ypserv before 2.5 in the
NIS ...)
 	{DSA-180}
 	- nis 3.9-6.2
 CVE-2002-1231 (SCO UnixWare 7.1.1 and Open UNIX 8.0.0 allows local users to
cause a ...)
-	NOTE: not-for-us (SCO)
+	NOT-FOR-US: SCO
 CVE-2002-1230 (NetDDE Agent on Windows NT 4.0, 4.0 Terminal Server Edition,
Windows ...)
-	NOTE: not-for-us (Windows NT)
+	NOT-FOR-US: Windows NT
 CVE-2002-1227 (PAM 0.76 treats a disabled password as if it were an empty
(null) ...)
 	{DSA-177}
 	- pam 0.76-6
@@ -18803,7 +18803,7 @@
 CVE-2002-1223 (Buffer overflow in DSC 3.0 parser from GSview, as used in
KGhostView ...)
 	- kdegraphics 4:3.1.0-1
 CVE-2002-1222 (Buffer overflow in the embedded HTTP server for Cisco Catalyst
...)
-	NOTE: not-for-us (CISCO)
+	NOT-FOR-US: CISCO
 CVE-2002-1221 (BIND 8.x through 8.3.3 allows remote attackers to cause a denial
of ...)
 	{DSA-196}
 	- bind 1:8.3.3-3
@@ -18816,12 +18816,12 @@
 CVE-2002-1214 (Buffer overflow in Microsoft PPTP Service on Windows XP and
Windows ...)
 	NOT-FOR-US: Microsoft
 CVE-2002-1211 (Prometheus 6.0 and earlier allows remote attackers to execute
...)
-	NOTE: not-for-us (Prometheus not in Debian)
+	NOT-FOR-US: Prometheus not in Debian
 CVE-2002-1200 (Balabit Syslog-NG 1.4.x before 1.4.15, and 1.5.x before 1.5.20,
when ...)
 	{DSA-175}
 	- syslog-ng 1.5.21-1
 CVE-2002-1199 (The getdbm procedure in ypxfrd allows local users to read
arbitrary ...)
-	NOTE: not-for-us (ypxfrd not in Debian)
+	NOT-FOR-US: ypxfrd not in Debian
 CVE-2002-1198 (Bugzilla 2.16.x before 2.16.1 does not properly filter
apostrophes ...)
 	- bugzilla 2.16.1-1
 	NOTE: woody seems to be vulnerable, bug #282500
@@ -18839,7 +18839,7 @@
 	{DSA-172}
 	NOTE: tkmail not in testing/unstable
 CVE-2002-1189 (The default configuration of Cisco Unity 2.x and 3.x does not
block ...)
-	NOTE: not-for-us (CISCO)
+	NOT-FOR-US: CISCO
 CVE-2002-1188 (Internet Explorer 5.01 through 6.0 allows remote attackers to
identify ...)
 	NOT-FOR-US: Microsoft
 CVE-2002-1187 (Cross-site scripting vulnerability (XSS) in Internet Explorer
5.01 ...)
@@ -18863,9 +18863,9 @@
 CVE-2002-1170 (The handle_var_requests function in snmp_agent.c for the SNMP
daemon ...)
 	- net-snmp 5.0.6
 CVE-2002-1169 (IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before
...)
-	NOTE: not-for-us (IBM Web Traffic Express Caching Proxy Server)
+	NOT-FOR-US: IBM Web Traffic Express Caching Proxy Server
 CVE-2002-1160 (The default configuration of the pam_xauth module forwards ...)
-	NOTE: not-for-us (pam_xauth)
+	NOT-FOR-US: pam_xauth
 CVE-2002-1159 (Canna 3.6 and earlier does not properly validate requests, which
...)
 	{DSA-224}
 CVE-2002-1158 (Buffer overflow in the irw_through function for Canna 3.5b2 and
...)
@@ -18877,7 +18877,7 @@
 CVE-2002-1154 (anlgform.pl in Analog before 5.23 does not restrict access to
the ...)
 	- analog 2:5.23
 CVE-2002-1153 (IBM Websphere 4.0.3 allows remote attackers to cause a denial of
...)
-	NOTE: not-for-us (IBM Websphere)
+	NOT-FOR-US: IBM Websphere
 CVE-2002-1152 (Konqueror in KDE 3.0 through 3.0.2 does not properly detect the
...)
 	- konqueror 3.03
 CVE-2002-1151 (The cross-site scripting protection for Konqueror in KDE 2.2.2
and 3.0 ...)
@@ -18885,7 +18885,7 @@
 CVE-2002-1148 (The default servlet
(org.apache.catalina.servlets.DefaultServlet) in ...)
 	{DSA-170}
 CVE-2002-1147 (The HTTP administration interface for HP Procurve 4000M Switch
...)
-	NOTE: not-for-us (HP Procurve 4000M Switch firmware)
+	NOT-FOR-US: HP Procurve 4000M Switch firmware
 CVE-2002-1146 (The BIND 4 and BIND 8.2.x stub resolver libraries, and other
libraries ...)
 	NOTE: see http://www.kb.cert.org/vuls/id/AAMN-5D28K6 (glibc)
 	NOTE: see http://www.kb.cert.org/vuls/id/AAMN-5D287U (bind)
@@ -18894,9 +18894,9 @@
 CVE-2002-1142 (Heap-based buffer overflow in the Remote Data Services (RDS)
component ...)
 	NOT-FOR-US: Microsoft
 CVE-2002-1141 (An input validation error in the Sun Microsystems RPC library
Services ...)
-	NOTE: not-for-us (Sun Microsystems RPC library Services for Unix 3.0 Interix
SD, as implemented on Microsoft Windows NT4, 2000, and XP)
+	NOT-FOR-US: Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as
implemented on Microsoft Windows NT4, 2000, and XP
 CVE-2002-1140 (The Sun Microsystems RPC library Services for Unix 3.0 Interix
SD, as ...)
-	NOTE: not-for-us (Sun Microsystems RPC library Services for Unix 3.0 Interix
SD, as implemented on Microsoft Windows NT4, 2000, and XP)
+	NOT-FOR-US: Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as
implemented on Microsoft Windows NT4, 2000, and XP
 CVE-2002-1139 (The Compressed Folders feature in Microsoft Windows 98 with
Plus! ...)
 	NOT-FOR-US: Microsoft
 CVE-2002-1138 (Microsoft SQL Server 7.0 and 2000, including Microsoft Data
Engine ...)
@@ -18904,7 +18904,7 @@
 CVE-2002-1137 (Buffer overflow in the Database Console Command (DBCC) that
handles ...)
 	NOT-FOR-US: Microsoft
 CVE-2002-1135 (modsecurity.php 1.10 and earlier, in phpWebSite 0.8.2 and
earlier, ...)
-	NOTE: not-for-us (phpWebSite)
+	NOT-FOR-US: phpWebSite
 CVE-2002-1132 (SquirrelMail 1.2.7 and earlier allows remote attackers to
determine ...)
 	{DSA-191}
 CVE-2002-1126 (Mozilla 1.1 and earlier, and Mozilla-based browsers such as
Netscape ...)
@@ -18916,9 +18916,9 @@
 CVE-2002-1119 (os._execvpe from os.py in Python 2.2.1 and earlier creates
temporary ...)
 	{DSA-159}
 CVE-2002-1118 (TNS Listener in Oracle Net Services for Oracle 9i 9.2.x and
9.0.x, and ...)
-	NOTE: not-for-us (Oracle)
+	NOT-FOR-US: Oracle
 CVE-2002-1117 (Veritas Backup Exec 8.5 and earlier requires that the ...)
-	NOTE: not-for-us (Veritas Backup Exec)
+	NOT-FOR-US: Veritas Backup Exec
 CVE-2002-1116 (The &quot;View Bugs&quot; page (view_all_bug_page.php)
in Mantis 0.17.4a and ...)
 	{DSA-161}
 CVE-2002-1113 (summary_graph_functions.php in Mantis 0.17.3 and earlier allows
remote ...)
@@ -18930,53 +18930,53 @@
 CVE-2002-1109 (securetar, as used in AMaViS shell script 0.2.1 and earlier,
allows ...)
 	NOTE: old amavis shell script
 CVE-2002-1108 (Cisco Virtual Private Network (VPN) Client software 2.x.x, and
3.x ...)
-	NOTE: not-for-us (Cisco)
+	NOT-FOR-US: Cisco
 CVE-2002-1107 (Cisco Virtual Private Network (VPN) Client software 2.x.x, and
3.x ...)
-	NOTE: not-for-us (Cisco)
+	NOT-FOR-US: Cisco
 CVE-2002-1106 (Cisco Virtual Private Network (VPN) Client software 2.x.x, and
3.x ...)
-	NOTE: not-for-us (Cisco)
+	NOT-FOR-US: Cisco
 CVE-2002-1105 (Cisco Virtual Private Network (VPN) Client software 2.x.x, and
3.x ...)
-	NOTE: not-for-us (Cisco)
+	NOT-FOR-US: Cisco
 CVE-2002-1104 (Cisco Virtual Private Network (VPN) Client software 2.x.x and
3.x ...)
-	NOTE: not-for-us (Cisco)
+	NOT-FOR-US: Cisco
 CVE-2002-1102 (The LAN-to-LAN IPSEC capability for Cisco VPN 3000 Concentrator
2.2.x, ...)
-	NOTE: not-for-us (Cisco)
+	NOT-FOR-US: Cisco
 CVE-2002-1099 (Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, allows
remote ...)
-	NOTE: not-for-us (Cisco)
+	NOT-FOR-US: Cisco
 CVE-2002-1098 (Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, adds an
...)
-	NOTE: not-for-us (Cisco)
+	NOT-FOR-US: Cisco
 CVE-2002-1097 (Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.2, allows
...)
-	NOTE: not-for-us (Cisco)
+	NOT-FOR-US: Cisco
 CVE-2002-1096 (Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.1, allows
...)
-	NOTE: not-for-us (Cisco)
+	NOT-FOR-US: Cisco
 CVE-2002-1095 (Cisco VPN 3000 Concentrator before 2.5.2(F), with encryption
enabled, ...)
-	NOTE: not-for-us (Cisco)
+	NOT-FOR-US: Cisco
 CVE-2002-1093 (HTML interface for Cisco VPN 3000 Concentrator 2.x.x and 3.x.x
before ...)
-	NOTE: not-for-us (Cisco)
+	NOT-FOR-US: Cisco
 CVE-2002-1092 (Cisco VPN 3000 Concentrator 3.6(Rel) and earlier, and 2.x.x,
when ...)
-	NOTE: not-for-us (Cisco)
+	NOT-FOR-US: Cisco
 CVE-2002-1091 (Netscape 6.2.3 and earlier, and Mozilla 1.0.1, allow remote
attackers ...)
 	- mozilla 2:1.0.2
 CVE-2002-1088 (Buffer overflow in Novell GroupWise 6.0.1 Support Pack 1 allows
remote ...)
-	NOTE: not-for-us (Novell GroupWise)
+	NOT-FOR-US: Novell GroupWise
 CVE-2002-1081 (The Administration console for Abyss Web Server 1.0.3 allows
remote ...)
-	NOTE: not-for-us (Abyss Web Server)
+	NOT-FOR-US: Abyss Web Server
 CVE-2002-1079 (Directory traversal vulnerability in Abyss Web Server 1.0.3
allows ...)
-	NOTE: not-for-us (Abyss Web Server)
+	NOT-FOR-US: Abyss Web Server
 CVE-2002-1076 (Buffer overflow in the Web Messaging daemon for Ipswitch IMail
before ...)
-	NOTE: not-for-us (Ipswitch IMail)
+	NOT-FOR-US: Ipswitch IMail
 CVE-2002-1060 (Cross-site scripting (XSS) vulnerability in CacheFlow CacheOS
4.1.06 ...)
-	NOTE: not-for-us (CacheFlow CacheOS)
+	NOT-FOR-US: CacheFlow CacheOS
 CVE-2002-1059 (Buffer overflow in Van Dyke SecureCRT SSH client before 3.4.6,
and 4.x ...)
-	NOTE: not-for-us (Van Dyke SecureCRT SSH client)
+	NOT-FOR-US: Van Dyke SecureCRT SSH client
 CVE-2002-1057 (Buffer overflow in SmartMax MailMax POP3 daemon (popmax) 4.8
allows ...)
-	NOTE: not-for-us (SmartMax MailMax POP3 daemon)
+	NOT-FOR-US: SmartMax MailMax POP3 daemon
 CVE-2002-1056 (Microsoft Outlook 2000 and 2002, when configured to use
Microsoft Word ...)
 	NOT-FOR-US: Microsoft
 CVE-2002-1054 (Directory traversal vulnerability in Pablo FTP server 1.0 build
9 and ...)
-	NOTE: not-for-us (Pablo FTP server)
+	NOT-FOR-US: Pablo FTP server
 CVE-2002-1053 (Cross-site scripting (XSS) vulnerability in W3C Jigsaw Proxy
Server ...)
-	NOTE: not-for-us (W3C Jigsaw Proxy Server)
+	NOT-FOR-US: W3C Jigsaw Proxy Server
 CVE-2002-1051 (Format string vulnerability in TrACESroute 6.0 GOLD (aka NANOG
...)
 	{DSA-254}
 CVE-2002-1050 (Buffer overflow in HylaFAX faxgetty before 4.1.3 allows remote
...)
@@ -18986,43 +18986,43 @@
 	{DSA-148}
 	TODO: check
 CVE-2002-1046 (Dynamic VPN Configuration Protocol service (DVCP) in Watchguard
...)
-	NOTE: not-for-us (Watchguard Firebox firmware)
+	NOT-FOR-US: Watchguard Firebox firmware
 CVE-2002-1039 (Directory traversal vulnerability in Double Choco Latte (DCL)
before ...)
 	- dcl 20020706
 CVE-2002-1035 (Omnicron OmniHTTPd 2.09 allows remote attackers to cause a
denial of ...)
-	NOTE: not-for-us (Omnicron OmniHTTPd)
+	NOT-FOR-US: Omnicron OmniHTTPd
 CVE-2002-1031 (KeyFocus (KF) web server 1.0.2 allows remote attackers to list
...)
-	NOTE: not-for-us (KeyFocus (KF) web server)
+	NOT-FOR-US: KeyFocus (KF) web server
 CVE-2002-1030 (Race condition in Performance Pack in BEA WebLogic Server and
Express ...)
-	NOTE: not-for-us (BEA WebLogic Server and Express)
+	NOT-FOR-US: BEA WebLogic Server and Express
 CVE-2002-1025 (JRun 3.0 through 4.0 allows remote attackers to read JSP source
code ...)
-	NOTE: not-for-us (JRun)
+	NOT-FOR-US: JRun
 CVE-2002-1024 (Cisco IOS 12.0 through 12.2, when supporting SSH, allows remote
...)
-	NOTE: not-for-us (Cisco)
+	NOT-FOR-US: Cisco
 CVE-2002-1015 (RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold
...)
-	NOTE: not-for-us (Real)
+	NOT-FOR-US: Real
 CVE-2002-1014 (Buffer overflow in RealJukebox 2 1.0.2.340 and 1.0.2.379, and
RealOne ...)
-	NOTE: not-for-us (Real)
+	NOT-FOR-US: Real
 CVE-2002-1013 (Buffer overflow in traffic_manager for Inktomi Traffic Server
4.0.18 ...)
-	NOTE: not-for-us (Inktomi)
+	NOT-FOR-US: Inktomi
 CVE-2002-1006 (Cross-site scripting (XSS) vulnerability in BBC Education Text
to ...)
-	NOTE: not-for-us (Betsie)
+	NOT-FOR-US: Betsie
 CVE-2002-1004 (Directory traversal vulnerability in webmail feature of ArGoSoft
Mail ...)
-	NOTE: not-for-us (ArGoSoft Mail Server)
+	NOT-FOR-US: ArGoSoft Mail Server
 CVE-2002-1002 (Buffer overflow in Novell iManager (eMFrame 1.2.1) allows remote
...)
-	NOTE: not-for-us (Novell)
+	NOT-FOR-US: Novell
 CVE-2002-1000 (Buffer overflow in AnalogX SimpleServer:Shout 1.0 allows remote
...)
-	NOTE: not-for-us (AnalogX SimpleServer:Shout)
+	NOT-FOR-US: AnalogX SimpleServer:Shout
 CVE-2002-0995 (login.php for PHPAuction allows remote attackers to gain
privileges ...)
-	NOTE: not-for-us (PHPAuction)
+	NOT-FOR-US: PHPAuction
 CVE-2002-0990 (The web proxy component in Symantec Enterprise Firewall (SEF)
6.5.2 ...)
-	NOTE: not-for-us (Symantec)
+	NOT-FOR-US: Symantec
 CVE-2002-0989 (The URL handler in the manual browser option for Gaim before
0.59.1 ...)
 	{DSA-158}
 CVE-2002-0988 (Buffer overflow in X server (Xsco) in OpenUNIX 8.0.0 and
UnixWare ...)
-	NOTE: not-for-us (Xsco)
+	NOT-FOR-US: Xsco
 CVE-2002-0987 (X server (Xsco) in OpenUNIX 8.0.0 and UnixWare 7.1.1 does not
drop ...)
-	NOTE: not-for-us (Xsco)
+	NOT-FOR-US: Xsco
 CVE-2002-0986 (The mail function in PHP 4.x to 4.2.2 does not filter ASCII
control ...)
 	{DSA-168}
 CVE-2002-0985 (Argument injection vulnerability in the mail function for PHP
4.x to ...)
@@ -19030,37 +19030,37 @@
 CVE-2002-0984 (The IRC script included in Light 2.7.x before 2.7.30p5, and
2.8.x ...)
 	{DSA-156}
 CVE-2002-0981 (Buffer overflow in ndcfg command for UnixWare 7.1.1 and Open
UNIX ...)
-	NOTE: not-for-us (ndcfg)
+	NOT-FOR-US: ndcfg
 CVE-2002-0974 (Help and Support Center for Windows XP allows remote attackers
to ...)
-	NOTE: not-for-us (Help and Support Center for Windows XP)
+	NOT-FOR-US: Help and Support Center for Windows XP
 CVE-2002-0970 (The SSL capability for Konqueror in KDE 3.0.2 and earlier does
not ...)
 	{DSA-155}
 CVE-2002-0969 (Buffer overflow in MySQL daemon (mysqld) before 3.23.50, and 4.0
beta ...)
 	NOTE: mysql problem only affects Windows
 CVE-2002-0968 (Buffer overflow in AnalogX SimpleServer:WWW 1.16 and earlier
allows ...)
-	NOTE: not-for-us (AnalogX SimpleServer:WWW)
+	NOT-FOR-US: AnalogX SimpleServer:WWW
 CVE-2002-0967 (Buffer overflow in eDonkey 2000 35.16.60 and earlier allows
remote ...)
-	NOTE: not-for-us (eDonkey)
+	NOT-FOR-US: eDonkey
 CVE-2002-0965 (Buffer overflow in TNS Listener for Oracle 9i Database Server on
...)
-	NOTE: not-for-us (Oracle)
+	NOT-FOR-US: Oracle
 CVE-2002-0964 (Half-Life Server 1.1.1.0 and earlier allows remote attackers to
cause ...)
-	NOTE: not-for-us (Half Life)
+	NOT-FOR-US: Half Life
 CVE-2002-0958 (Cross-site scripting vulnerability in browse.php for
PHP(Reactor) ...)
-	NOTE: not-for-us (PHP Reactor)
+	NOT-FOR-US: PHP Reactor
 CVE-2002-0953 (globals.php in PHP Address before 0.2f, with the PHP
allow_url_fopen ...)
-	NOTE: not-for-us (PHP Address)
+	NOT-FOR-US: PHP Address
 CVE-2002-0952 (Cisco ONS15454 optical transport platform running ONS 3.1.0 to
3.2.0 ...)
-	NOTE: not-for-us (Cisco)
+	NOT-FOR-US: Cisco
 CVE-2002-0947 (Buffer overflow in rwcgi60 CGI program for Oracle Reports Server
...)
-	NOTE: not-for-us (Oracle)
+	NOT-FOR-US: Oracle
 CVE-2002-0946 (Directory traversal vulnerability in SeaNox Devwex before
1.2002.0601 ...)
-	NOTE: not-for-us (SeaNox Devwex)
+	NOT-FOR-US: SeaNox Devwex
 CVE-2002-0945 (Buffer overflow in SeaNox Devwex allows remote attackers to
cause a ...)
-	NOTE: not-for-us (SeaNox Devwex)
+	NOT-FOR-US: SeaNox Devwex
 CVE-2002-0941 (The ConsoleCallBack class for nCipher running under JRE 1.4.0
and ...)
-	NOTE: not-for-us (Java on Windows)
+	NOT-FOR-US: Java on Windows
 CVE-2002-0938 (Cross-site scripting vulnerability in CiscoSecure ACS 3.0 allows
...)
-	NOTE: not-for-us (Cisco)
+	NOT-FOR-US: Cisco
 CVE-2002-0935 (Apache Tomcat 4.0.3, and possibly other versions before 4.1.3
beta, ...)
 	- tomcat4 4.1.9-1
 CVE-2002-0916 (Format string vulnerability in the allowuser code for the
Stellar-X ...)
@@ -19068,27 +19068,27 @@
 CVE-2002-0914 (Double Precision Courier e-mail MTA allows remote attackers to
cause a ...)
 	- courier-mta 0.46
 CVE-2002-0911 (Caldera Volution Manager 1.1 stores the Directory Administrator
...)
-	NOTE: not-for-us (Caldera Volution Manager)
+	NOT-FOR-US: Caldera Volution Manager
 CVE-2002-0906 (Buffer overflow in Sendmail before 8.12.5, when configured to
use a ...)
 	- sendmail 8.12.5
 CVE-2002-0904 (SayText function in Kismet 2.2.1 and earlier allows remote
attackers ...)
 	- kismet 2.2.2-1
 CVE-2002-0900 (Buffer overflow in pks PGP public key web server before 0.9.5
allows ...)
-	NOTE: not-for-us (pks)
+	NOT-FOR-US: pks
 CVE-2002-0898 (Opera 6.0.1 and 6.0.2 allows a remote web site to upload
arbitrary ...)
-	NOTE: not-for-us (Opera)
+	NOT-FOR-US: Opera
 CVE-2002-0897 (LocalWEB2000 2.1.0 web server allows remote attackers to bypass
access ...)
-	NOTE: not-for-us (LocalWEB2000)
+	NOT-FOR-US: LocalWEB2000
 CVE-2002-0895 (Buffer overflow in MatuFtpServer 1.1.3.0 (1.1.3) allows remote
...)
-	NOTE: not-for-us (MatuFtpServer)
+	NOT-FOR-US: MatuFtpServer
 CVE-2002-0892 (The default configuration of NewAtlanta ServletExec ISAPI 4.1
allows ...)
-	NOTE: not-for-us (NewAtlanta ServletExec ISAPI)
+	NOT-FOR-US: NewAtlanta ServletExec ISAPI
 CVE-2002-0891 (The web interface (WebUI) of NetScreen ScreenOS before 2.6.1r8,
and ...)
-	NOTE: not-for-us (NetScreen ScreenOS)
+	NOT-FOR-US: NetScreen ScreenOS
 CVE-2002-0889 (Buffer overflow in Qpopper (popper) 4.0.4 and earlier allows
local ...)
 	- qpopper 4.0.5-1
 CVE-2002-0887 (scoadmin for Caldera/SCO OpenServer 5.0.5 and 5.0.6 allows local
users ...)
-	NOTE: not-for-us (scoadmin)
+	NOT-FOR-US: scoadmin
 CVE-2002-0875 (Vulnerability in FAM 2.6.8, 2.6.6, and other versions allows
...)
 	{DSA-154}
 CVE-2002-0873 (Vulnerability in l2tpd 0.67 allows remote attackers to overwrite
the ...)
@@ -19110,22 +19110,22 @@
 CVE-2002-0859 (Buffer overflow in the OpenDataSource function of the Jet engine
on ...)
 	NOT-FOR-US: Microsoft
 CVE-2002-0856 (SQL*NET listener for Oracle Net Oracle9i 9.0.x and 9.2 allows
remote ...)
-	NOTE: not-for-us (Oracle)
+	NOT-FOR-US: Oracle
 CVE-2002-0853 (Cisco Virtual Private Network (VPN) Client 3.5.4 and earlier
allows ...)
-	NOTE: not-for-us (Cisco)
+	NOT-FOR-US: Cisco
 CVE-2002-0851 (Format string vulnerability in ISDN Point to Point Protocol
(PPP) ...)
 	- isdnutils 1:3.2
 CVE-2002-0850 (Buffer overflow in PGP Corporate Desktop 7.1.1 allows remote
attackers ...)
-	NOTE: not-for-us (PGP corporate desktop)
+	NOT-FOR-US: PGP corporate desktop
 CVE-2002-0848 (Cisco VPN 5000 series concentrator hardware 6.0.21.0002 and
earlier, ...)
-	NOTE: not-for-us (Cisco)
+	NOT-FOR-US: Cisco
 CVE-2002-0847 (tinyproxy HTTP proxy 1.5.0, 1.4.3, and earlier allows remote
attackers ...)
 	{DSA-145}
 	TODO: check
 CVE-2002-0846 (The decoder for Macromedia Shockwave Flash allows remote
attackers to ...)
 	- flashplugin-nonfree 6.0.47
 CVE-2002-0845 (Buffer overflow in Sun ONE / iPlanet Web Server 4.1 and 6.0
allows ...)
-	NOTE: not-for-us (Sun ONE)
+	NOT-FOR-US: Sun ONE
 CVE-2002-0844 (Off-by-one overflow in the CVS PreservePermissions of rcs.c for
CVSD ...)
 	- cvs 1:1.11.2
 CVE-2002-0842 (Format string vulnerability in certain third party modifications
to ...)
@@ -19138,20 +19138,20 @@
 CVE-2002-0836 (dvips converter for Postscript files in the tetex package calls
the ...)
 	{DSA-207}
 CVE-2002-0835 (Preboot eXecution Environment (PXE) server allows remote
attackers to ...)
-	NOTE: not-for-us (RedHat/Intel PXE daemon)
+	NOT-FOR-US: RedHat/Intel PXE daemon
 	NOTE: this is not the one in Debian
 CVE-2002-0831 (The kqueue mechanism in FreeBSD 4.3 through 4.6 STABLE allows
local ...)
-	NOTE: not-for-us (FreeBSD)
+	NOT-FOR-US: FreeBSD
 CVE-2002-0830 (Network File System (NFS) in FreeBSD 4.6.1 RELEASE-p7 and
earlier, ...)
-	NOTE: not-for-us (BSD/NFS)
+	NOT-FOR-US: BSD/NFS
 CVE-2002-0829 (Integer overflow in the Berkeley Fast File System (FFS) in
FreeBSD ...)
-	NOTE: not-for-us (FreeBSD)
+	NOT-FOR-US: FreeBSD
 CVE-2002-0826 (Buffer overflow in WS_FTP FTP Server 3.1.1 allows remote
authenticated ...)
-	NOTE: not-for-us (WS FTP server)
+	NOT-FOR-US: WS FTP server
 CVE-2002-0824 (BSD pppd allows local users to change the permissions of
arbitrary ...)
-	NOTE: not-for-us (BSD/pppd)
+	NOT-FOR-US: BSD/pppd
 CVE-2002-0823 (Buffer overflow in Winhlp32.exe allows remote attackers to
execute ...)
-	NOTE: not-for-us (Windows)
+	NOT-FOR-US: Windows
 CVE-2002-0818 (wwwoffled in World Wide Web Offline Explorer (WWWOFFLE) allows
remote ...)
 	{DSA-144}
 	TODO: check
@@ -19159,11 +19159,11 @@
 	{DSA-139}
 	TODO: check
 CVE-2002-0816 (Buffer overflow in su in Tru64 Unix 5.x allows local users to
gain ...)
-	NOTE: not-for-us (HP Tru64)
+	NOT-FOR-US: HP Tru64
 CVE-2002-0814 (Buffer overflow in VMware Authorization Service for VMware GSX
Server ...)
-	NOTE: not-for-us (VMware)
+	NOT-FOR-US: VMware
 CVE-2002-0813 (Heap-based buffer overflow in the TFTP server capability in
Cisco IOS ...)
-	NOTE: not-for-us (Cisco)
+	NOT-FOR-US: Cisco
 CVE-2002-0810 (Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, directs
error ...)
 	- bugzilla 2.16.0
 CVE-2002-0809 (Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, does not
...)
@@ -19179,57 +19179,57 @@
 CVE-2002-0802 (The multibyte support in PostgreSQL 6.5.x with SQL_ASCII
encoding ...)
 	- postgresql 7.2
 CVE-2002-0801 (Buffer overflow in the ISAPI DLL filter for Macromedia JRun 3.1
allows ...)
-	NOTE: not-for-us (Macromedia / Windows)
+	NOT-FOR-US: Macromedia / Windows
 CVE-2002-0795 (The rc system startup script for FreeBSD 4 through 4.5 allows
local ...)
-	NOTE: not-for-us (FreeBSD)
+	NOT-FOR-US: FreeBSD
 CVE-2002-0794 (The accept_filter mechanism in FreeBSD 4 through 4.5 does not
properly ...)
-	NOTE: not-for-us (FreeBSD)
+	NOT-FOR-US: FreeBSD
 CVE-2002-0790 (clchkspuser and clpasswdremote in AIX expose an encrypted
password in ...)
-	NOTE: not-for-us (AIX)
+	NOT-FOR-US: AIX
 CVE-2002-0789 (Buffer overflow in search.cgi in mnoGoSearch 3.1.19 and earlier
allows ...)
 	- mnogosearch 3.1.19-3
 CVE-2002-0788 (An interaction between PGP 7.0.3 with the &quot;wipe deleted
files&quot; option, ...)
-	NOTE: not-for-us (windows)
+	NOT-FOR-US: windows
 CVE-2002-0785 (AOL Instant Messenger (AIM) allows remote attackers to cause a
denial ...)
-	NOTE: not-for-us (AOL AIM)
+	NOT-FOR-US: AOL AIM
 CVE-2002-0778 (The default configuration of the proxy for Cisco Cache Engine
and ...)
-	NOTE: not-for-us (CISCO)
+	NOT-FOR-US: CISCO
 CVE-2002-0777 (Buffer overflow in the LDAP component of Ipswitch IMail 7.1 and
...)
-	NOTE: not-for-us (Ipswitch not in Debian)
+	NOT-FOR-US: Ipswitch not in Debian
 CVE-2002-0776 (getuserdesc.asp in Hosting Controller 2002 allows remote
attackers to ...)
-	NOTE: not-for-us (Hosting Controller 2002)
+	NOT-FOR-US: Hosting Controller 2002
 CVE-2002-0768 (Buffer overflow in lukemftp FTP client in SuSE 6.4 through 8.0,
and ...)
 	- lukemftp 1.5-7
 CVE-2002-0766 (OpenBSD 2.9 through 3.1 allows local users to cause a denial of
...)
-	NOTE: not-for-us (OpenBSD)
+	NOT-FOR-US: OpenBSD
 CVE-2002-0765 (sshd in OpenSSH 3.2.2, when using YP with netgroups and under
certain ...)
 	- openssh 1:3.3p1-0.0woody1
 CVE-2002-0762 (shadow package in SuSE 8.0 allows local users to destroy the
...)
-	NOTE: not-for-us (SUSE specific)
+	NOT-FOR-US: SUSE specific
 CVE-2002-0761 (bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and
...)
-	NOTE: not-for-us (FreeBSD and OpenLinux)
+	NOT-FOR-US: FreeBSD and OpenLinux
 CVE-2002-0760 (Race condition in bzip2 before 1.0.2 in FreeBSD 4.5 and earlier,
...)
-	NOTE: not-for-us (FreeBSD and OpenLinux)
+	NOT-FOR-US: FreeBSD and OpenLinux
 CVE-2002-0759 (bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and
...)
-	NOTE: not-for-us (FreeBSD and OpenLinux)
+	NOT-FOR-US: FreeBSD and OpenLinux
 CVE-2002-0758 (ifup-dhcp script in the sysconfig package for SuSE 8.0 allows
remote ...)
-	NOTE: not-for-us (SUSE specific)
+	NOT-FOR-US: SUSE specific
 CVE-2002-0755 (Kerberos 5 su (k5su) in FreeBSD 4.5 and earlier does not verify
that a ...)
-	NOTE: not-for-us (FreeBSD)
+	NOT-FOR-US: FreeBSD
 CVE-2002-0754 (Kerberos 5 su (k5su) in FreeBSD 4.4 and earlier relies on the
getlogin ...)
-	NOTE: not-for-us (FreeBSD)
+	NOT-FOR-US: FreeBSD
 CVE-2002-0748 (LabVIEW Web Server 5.1.1 through 6.1 allows remote attackers to
cause ...)
-	NOTE: not-for-us (Labview)
+	NOT-FOR-US: Labview
 CVE-2002-0741 (psyBNC 2.3 allows remote attackers to cause a denial of service
(CPU ...)
-	NOTE: not-for-us (psyBNC)
+	NOT-FOR-US: psyBNC
 CVE-2002-0738 (MHonArc 2.5.2 and earlier does not properly filter Javascript
from ...)
 	{DSA-163}
 CVE-2002-0737 (Sambar web server before 5.2 beta 1 allows remote attackers to
obtain ...)
-	NOTE: not-for-us (Sambar web server)
+	NOT-FOR-US: Sambar web server
 CVE-2002-0736 (Microsoft BackOffice 4.0 and 4.5, when configured to be
accessible by ...)
 	NOT-FOR-US: Microsoft
 CVE-2002-0734 (b2edit.showposts.php in B2 2.0.6pre2 and earlier does not
properly ...)
-	NOTE: not-for-us (B2)
+	NOT-FOR-US: B2
 CVE-2002-0733 (Cross-site scripting vulnerability in thttpd 2.20 and earlier
allows ...)
 	- thttpd 2.21
 CVE-2002-0729 (Microsoft SQL Server 2000 allows remote attackers to cause a
denial of ...)
@@ -19247,11 +19247,11 @@
 CVE-2002-0718 (Web authoring command in Microsoft Content Management Server
(MCMS) ...)
 	NOT-FOR-US: Microsoft
 CVE-2002-0716 (Format string vulnerability in crontab for SCO OpenServer 5.0.5
and ...)
-	NOTE: not-for-us (SCO OpenServer)
+	NOT-FOR-US: SCO OpenServer
 CVE-2002-0714 (FTP proxy in Squid before 2.4.STABLE6 does not compare the IP
...)
 	- squid 2.4.6
 CVE-2002-0710 (Directory traversal vulnerability in sendform.cgi 1.44 and
earlier ...)
-	NOTE: not-for-us (sendform.cgi)
+	NOT-FOR-US: sendform.cgi
 CVE-2002-0704 (The Network Address Translation (NAT) capability for Netfilter
...)
 	NOTE: kernel netfilter bug, not in user space
 	NOTE: this is fixed in kernel 2.4.20
@@ -19261,7 +19261,7 @@
 	- perl 5.8.0-7
 	NOTE: woody seems to be vulnerable, bug #282527
 CVE-2002-0701 (ktrace in BSD-based operating systems allows the owner of a
process ...)
-	NOTE: not-for-us (BSD)
+	NOT-FOR-US: BSD
 CVE-2002-0700 (Buffer overflow in a system function that performs user
authentication ...)
 	NOT-FOR-US: Microsoft
 CVE-2002-0698 (Buffer overflow in Internet Mail Connector (IMC) for Microsoft
...)
@@ -19293,15 +19293,15 @@
 CVE-2002-0676 (SoftwareUpdate for MacOS 10.1.x does not use authentication when
...)
 	NOT-FOR-US: MacOS
 CVE-2002-0674 (Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through
1.2.7.4 ...)
-	NOTE: not-for-us (Pingtel xpressa SIP-based voice-over-IP phone)
+	NOT-FOR-US: Pingtel xpressa SIP-based voice-over-IP phone
 CVE-2002-0673 (The enrollment process for Pingtel xpressa SIP-based
voice-over-IP ...)
-	NOTE: not-for-us (Pingtel xpressa SIP-based voice-over-IP phone)
+	NOT-FOR-US: Pingtel xpressa SIP-based voice-over-IP phone
 CVE-2002-0672 (Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through
1.2.7.4 ...)
-	NOTE: not-for-us (Pingtel xpressa SIP-based voice-over-IP phone)
+	NOT-FOR-US: Pingtel xpressa SIP-based voice-over-IP phone
 CVE-2002-0671 (Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through
1.2.7.4 ...)
-	NOTE: not-for-us (Pingtel xpressa SIP-based voice-over-IP phone)
+	NOT-FOR-US: Pingtel xpressa SIP-based voice-over-IP phone
 CVE-2002-0668 (The web interface for Pingtel xpressa SIP-based voice-over-IP
phone ...)
-	NOTE: not-for-us (Pingtel xpressa SIP-based voice-over-IP phone)
+	NOT-FOR-US: Pingtel xpressa SIP-based voice-over-IP phone
 CVE-2002-0665 (Macromedia JRun Administration Server allows remote attackers to
...)
 	NOT-FOR-US: Microsoft
 CVE-2002-0663 (Buffer overflow in HTTP Proxy for Symantec Norton Personal
Internet ...)
Secure testing commits - Oct 2005 - r2573 - data/CVE

[Secure-testing-commits] r2573 - data/CVE
