Secure testing commits - Apr 2006 - r3740 - data/CVE

Author: jmm-guest
Date: 2006-04-03 23:51:15 +0000 (Mon, 03 Apr 2006)
New Revision: 3740

Modified:
   data/CVE/list
Log:
three rpath issue CVEfied
NFUs


Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-04-03 23:44:40 UTC (rev 3739)
+++ data/CVE/list	2006-04-03 23:51:15 UTC (rev 3740)
@@ -39,11 +39,14 @@
 CVE-2006-1567 (Cross-site scripting (XSS) vulnerability in searchresults.asp in
...)
 	TODO: check
 CVE-2006-1566 (Untrusted search path vulnerability in libtunepimp-perl 0.4.2-1
in ...)
-	TODO: check
+	- libtunepimp 0.4.2-3 (bug #359241; low)
+	[sarge] - libtunepimp <not-affected> (rpath not set to /tmp in Sarge)
 CVE-2006-1565 (Untrusted search path vulnerability in libgpib-perl 3.2.06-2 in
Debian ...)
-	TODO: check
+	- gpib 3.2.06-3 (bug #359239; low)
+	[sarge] - gpib <not-affected> (rpath not set to /tmp in Sarge)
 CVE-2006-1564 (Untrusted search path vulnerability in libapache2-svn 1.3.0-4
for ...)
-	TODO: check
+	- subversion 1.3.0-5 (bug #359234; low)
+	[sarge] - subversion <not-affected> (No rpaths set in Sarge)
 CVE-2006-1563 (Direct static code injection vulnerability in config.php in
vscripts ...)
 	TODO: check
 CVE-2006-1562 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
in ...)
@@ -73,43 +76,43 @@
 CVE-2006-1549
 	RESERVED
 CVE-2005-4767 (BEA WebLogic Server and WebLogic Express 8.1 SP5 and earlier,
and 7.0 ...)
-	TODO: check
+	NOT-FOR-US: BEA WebLogic
 CVE-2005-4766 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier,
and 7.0 ...)
-	TODO: check
+	NOT-FOR-US: BEA WebLogic
 CVE-2005-4765 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier and
7.0 ...)
-	TODO: check
+	NOT-FOR-US: BEA WebLogic
 CVE-2005-4764 (BEA WebLogic Server and WebLogic Express 9.0, 8.1, and 7.0 lock
out ...)
-	TODO: check
+	NOT-FOR-US: BEA WebLogic
 CVE-2005-4763 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier,
7.0 SP6 ...)
-	TODO: check
+	NOT-FOR-US: BEA WebLogic
 CVE-2005-4762 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier,
7.0 SP6 ...)
-	TODO: check
+	NOT-FOR-US: BEA WebLogic
 CVE-2005-4761 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier,
7.0 SP5 ...)
-	TODO: check
+	NOT-FOR-US: BEA WebLogic
 CVE-2005-4760 (BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier,
and 7.0 ...)
-	TODO: check
+	NOT-FOR-US: BEA WebLogic
 CVE-2005-4759 (BEA WebLogic Server and WebLogic Express 8.1 and 7.0, during a
...)
-	TODO: check
+	NOT-FOR-US: BEA WebLogic
 CVE-2005-4758 (Unspecified vulnerability in the Administration server in BEA
WebLogic ...)
-	TODO: check
+	NOT-FOR-US: BEA WebLogic
 CVE-2005-4757 (BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier,
and 7.0 ...)
-	TODO: check
+	NOT-FOR-US: BEA WebLogic
 CVE-2005-4756 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier,
and 7.0 ...)
-	TODO: check
+	NOT-FOR-US: BEA WebLogic
 CVE-2005-4755 (BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier (1)
...)
-	TODO: check
+	NOT-FOR-US: BEA WebLogic
 CVE-2005-4754 (BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier
allow ...)
-	TODO: check
+	NOT-FOR-US: BEA WebLogic
 CVE-2005-4753 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier,
and 7.0 ...)
-	TODO: check
+	NOT-FOR-US: BEA WebLogic
 CVE-2005-4752 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier,
and 7.0 ...)
-	TODO: check
+	NOT-FOR-US: BEA WebLogic
 CVE-2005-4751 (Multiple cross-site scripting (XSS) vulnerabilities in BEA
WebLogic ...)
-	TODO: check
+	NOT-FOR-US: BEA WebLogic
 CVE-2005-4750 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier,
7.0 SP5 ...)
-	TODO: check
+	NOT-FOR-US: BEA WebLogic
 CVE-2005-4749 (HTTP request smuggling vulnerability in BEA WebLogic Server and
...)
-	TODO: check
+	NOT-FOR-US: BEA WebLogic
 CVE-2006-1548 (Cross-site scripting (XSS) vulnerability in (1)
LookupDispatchAction ...)
 	- libstruts1.2-java <unfixed> (bug #360551)
 CVE-2006-1547 (ActionForm in Apache Software Foundation (ASF) Struts before
1.2.9 ...)
@@ -127,7 +130,7 @@
 CVE-2006-1541 (SQL injection vulnerability in Default.asp in EzASPSite 2.0 RC3
and ...)
 	TODO: check
 CVE-2006-1540 (Microsoft Office 2002 (aka Office XP) allows user-complicit
attackers ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2006-1539 (Multiple buffer overflows in the checkscores function in
scores.c in ...)
 	TODO: check
 CVE-2006-1538 (The Enova X-Wall ASIC encrypts with a key obtained via Microwire
from ...)
@@ -185,9 +188,9 @@
 CVE-2006-1512
 	RESERVED
 CVE-2006-1511 (Buffer overflow in the ILASM assembler in the Microsoft .NET 1.0
and ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2006-1510 (Buffer overflow in calloc.c in the Microsoft Windows XP SP2
ntdll.dll ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2006-1509 (/sbin/passwd in HP-UX B.11.00, B.11.11, and B.11.23 before
20060326 ...)
 	TODO: check
 CVE-2006-1508 (Multiple cross-site scripting (XSS) vulnerabilities in MH
Software ...)
@@ -229,15 +232,6 @@
 CVE-2006-XXXX [unixodbc rpath set to /home]
 	- unixodbc 2.2.11-11 (bug #358142; low)
 	[sarge] - unixodbc <not-affected> (rpath not set to /home in Sarge)
-CVE-2006-XXXX [subversion rpath set to /tmp]
-	- subversion 1.3.0-5 (bug #359234; low)
-	[sarge] - subversion <not-affected> (No rpaths set in Sarge)
-CVE-2006-XXXX [libtunepimp rpath set to /tmp]
-	- libtunepimp 0.4.2-3 (bug #359241; low)
-	[sarge] - libtunepimp <not-affected> (rpath not set to /tmp in Sarge)
-CVE-2006-XXXX [gpib rpath set to /tmp]
-	- gpib 3.2.06-3 (bug #359239; low)
-	[sarge] - gpib <not-affected> (rpath not set to /tmp in Sarge)
 CVE-2006-XXXX [fftw rpath set to user home]
 	- fftw <unfixed> (bug #358157; low)
 	[sarge] - fftw <not-affected> (No rpath set in Sarge)