Secure testing commits - Oct 2007 - r6881 - data/CVE

Author: nion
Date: 2007-10-09 21:53:27 +0000 (Tue, 09 Oct 2007)
New Revision: 6881

Modified:
   data/CVE/list
Log:
NFUs
CVE-2007-5274, CVE-2007-5273 fixed in sun-java6/5 6-03-1/1.5.0-13-1


Modified: data/CVE/list
==================================================================---
data/CVE/list	2007-10-09 21:14:11 UTC (rev 6880)
+++ data/CVE/list	2007-10-09 21:53:27 UTC (rev 6881)
@@ -1,37 +1,42 @@
 CVE-2007-5288 (The TSC Domain Manager in Hitachi TPBroker Object Transaction
Monitor ...)
-	TODO: check
+	NOT-FOR-US: Hitachi TPBroker
 CVE-2007-5287 (Hitachi Cosminexus Agent 03-00 through 03-05, and Cosminexus
Library ...)
-	TODO: check
+	NOT-FOR-US: Hitachi Cosminexus Agent
 CVE-2007-5286 (The Java Secure Socket Extension (JSSE) in the Hitachi
Cosminexus ...)
-	TODO: check
+	NOT-FOR-US: Hitachi Cosminexus
 CVE-2007-5285 (Multiple cross-site scripting (XSS) vulnerabilities in
messages.jsp in ...)
-	TODO: check
+	NOT-FOR-US: Appfuse
 CVE-2007-5284 (Heap-based buffer overflow in ConeXware PowerArchiver before
10.20.21 ...)
-	TODO: check
+	NOT-FOR-US: PowerArchiver
 CVE-2007-5283 (The TSC Domain Manager in Hitachi TPBroker Object Transaction
Monitor ...)
-	TODO: check
+	NOT-FOR-US: Hitachi TPBroker
 CVE-2007-5282 (Hitachi Cosminexus Agent 03-00 through 03-05, and Cosminexus
Library ...)
-	TODO: check
+	NOT-FOR-US: Hitachi Cosminexus
 CVE-2007-5281 (The Java Secure Socket Extension (JSSE) in the Hitachi
Cosminexus ...)
-	TODO: check
+	NOT-FOR-US: Hitachi Cosminexus
 CVE-2007-5280 (Multiple cross-site scripting (XSS) vulnerabilities in
messages.jsp in ...)
-	TODO: check
+	NOT-FOR-US: Appfuse
 CVE-2007-5279 (Heap-based buffer overflow in ConeXware PowerArchiver before
10.20.21 ...)
-	TODO: check
+	NOT-FOR-US: PowerArchiver
 CVE-2007-5278 (Zomplog 3.8.1 and earlier stores potentially sensitive
information ...)
-	TODO: check
+	NOT-FOR-US: Zomplog
 CVE-2007-5277 (Microsoft Internet Explorer 6 drops DNS pins based on failed
...)
-	TODO: check
+	NOT-FOR-US: Internet Explorer
 CVE-2007-5276 (Opera 9 drops DNS pins based on failed connections to irrelevant
TCP ...)
-	TODO: check
+	NOT-FOR-US: Opera
 CVE-2007-5275 (The Adobe Macromedia Flash 9 plug-in allows remote attackers to
cause ...)
 	TODO: check
+	NOTE: not really clear if the whole 9.x series is affected
 CVE-2007-5274 (Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and
...)
-	TODO: check
+	- sun-java6 6-03-1 (low)
+	- sun-java5 1.5.0-13-1 (low)
+	[etch] - sun-java5 <no-dsa> (Non-free not supported)
 CVE-2007-5273 (Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and
...)
-	TODO: check
+	- sun-java6 6-03-1 (low)
+	- sun-java5 1.5.0-13-1 (low)
+	[etch] - sun-java5 <no-dsa> (Non-free not supported)
 CVE-2007-5272 (SQL injection vulnerability in kategori.asp in Furkan Tastan
Blog ...)
-	TODO: check
+	NOT-FOR-US: Furkan Tastan Blog
 CVE-2007-5271 (Multiple PHP remote file inclusion vulnerabilities in Trionic
Cite CMS ...)
 	TODO: check
 CVE-2007-5270 (Unspecified vulnerability in the Boost module before 4.7.x-1.0,
and ...)