Author: micah Date: 2006-01-18 04:43:21 +0000 (Wed, 18 Jan 2006) New Revision: 3315 Modified: data/CVE/list Log: Some NFUs and false positive checks Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-01-17 23:06:44 UTC (rev 3314) +++ data/CVE/list 2006-01-18 04:43:21 UTC (rev 3315) @@ -97,15 +97,15 @@ CVE-2005-4652 (SQL injection vulnerability in PHlyMail 3.02.01 allows remote ...) TODO: check CVE-2005-4651 (SQL injection vulnerability in index.php in AlstraSoft EPay Pro 2.0 ...) - TODO: check + NOT-FOR-US: AlstraSoft EPay Pro CVE-2005-4650 (Joomla! 1.03 does not restrict the number of "Search" Mambots, which ...) - TODO: check + NOT-FOR-US: Joomla! CVE-2005-4649 (Multiple cross-site scripting (XSS) vulnerabilities in Advanced ...) - TODO: check + NOT-FOR-US: Advanced Guestbook CVE-2005-4648 (Buffer overflow in Illustrate dBpowerAMP Music Converter 11.5 and ...) - TODO: check + NOT-FOR-US: Illustrate dBpowerAMP Music Converter CVE-2003-1290 (BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, with RMI ...) - TODO: check + NOT-FOR-US: BEA WebLogic Server CVE-2006-XXXX [knowledgetree information disclosure] - knowledgetree <unfixed> (bug #348306; medium) CVE-2006-XXXX [php5 response splitting] @@ -12613,7 +12613,8 @@ - netapplet <not-affected> (Not vulerable, see bug #310833) CVE-2005-1039 (Race condition in Core Utilities (coreutils) 5.2.1, when (1) mkdir, ...) - coreutils <unfixed> (bug #304556; low) - NOTE: Setting up a sarge/oldstable chroot to see if this affects -- micah + [woody] - fileutils <unfixed> (bug #304556; low) + NOTE: Sarge is affected CVE-2005-1038 (crontab in Vixie cron 4.1, when running with the -e option, allows ...) NOTE: long fixed in Debian''s cron CVE-2005-1037 (Unknown vulnerability in AIX 5.3.0, when configured as an NIS client, ...)