Secure testing commits - Jan 2007 - r5231 - data/CVE

Author: frolic-guest
Date: 2007-01-10 19:24:47 +0100 (Wed, 10 Jan 2007)
New Revision: 5231

Modified:
   data/CVE/list
Log:
CVE''s entries Updated 



Modified: data/CVE/list
==================================================================---
data/CVE/list	2007-01-09 22:38:35 UTC (rev 5230)
+++ data/CVE/list	2007-01-10 18:24:47 UTC (rev 5231)
@@ -1,29 +1,34 @@
 CVE-2007-0139 (Unspecified vulnerability in the DECnet-Plus 7.3-2 feature in
...)
-	TODO: check
+	NOT-FOR-US: DECnet-Plus
 CVE-2007-0138 (formbankcgi.exe in Fersch Formbankserver 1.9, when the PATH_INFO
...)
-	TODO: check
+	NOT-FOR-US: Formbankserver
 CVE-2007-0137 (Cross-site scripting (XSS) vulnerability in
SimpleBoxes/SerendipityNZ ...)
-	TODO: check
+	NOT-FOR-US: Serene Bach 
 CVE-2007-0136 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal
before ...)
-	TODO: check
+	- drupal 4.7.5-1
+	[sarge] - drupal <no-dsa> (Not known if 4.5.x series was affected)
+	[etch]  - drupal <not-affected> (Drupal isn''t in Etch)
+	[sid]   - drupal <not-affected> (version 4.7.5-1 uploaded)
+	NOTE: vendor advisory: http://drupal.org/node/104233
+	TODO: check if Sarge was affected
 CVE-2007-0135 (PHP remote file inclusion vulnerability in inc/init.inc.php in
Aratix ...)
-	TODO: check
+	NOT-FOR-US: Aratix
 CVE-2007-0134 (Multiple eval injection vulnerabilities in iGeneric iG Shop 1.0
allow ...)
-	TODO: check
+	NOT-FOR-US: IG Shop
 CVE-2007-0133 (Multiple SQL injection vulnerabilities in display_review.php in
...)
-	TODO: check
+	NOT-FOR-US: IG Shop
 CVE-2007-0132 (SQL injection vulnerability in compare_product.php in iGeneric
iG Shop ...)
-	TODO: check
+	NOT-FOR-US: IG Shop
 CVE-2007-0131 (JAMWiki before 0.5.0 does not properly check permissions during
moves ...)
-	TODO: check
+	NOT-FOR-US: JAMWiki
 CVE-2007-0130 (SQL injection vulnerability in user.php in iGeneric iG Calendar
1.0 ...)
-	TODO: check
+	NOT-FOR-US: iG Calendar
 CVE-2007-0129 (SQL injection vulnerability in main.asp in LocazoList 2.01a
beta5 and ...)
 	TODO: check
 CVE-2007-0128 (SQL injection vulnerability in info_book.asp in Digirez 3.4 and
...)
 	TODO: check
 CVE-2007-0127 (The Javascript SVG support in Opera before 9.10 does not
properly ...)
-	TODO: check
+	NOT-FOR-US: Opera
 CVE-2007-0126 (Heap-based buffer overflow in Opera 9.02 allows remote attackers
to ...)
 	TODO: check
 CVE-2007-0125 (Kaspersky Labs Antivirus Engine 6.0 for Windows and 5.5-10 for
Linux ...)