thr3ads.net - Secure testing commits - [Secure-testing-commits] r8136

If this information is useful, please help other people find it:
Share via:
jmm-guest at alioth.debian.org
2008-Feb-11 17:47 UTC
[Secure-testing-commits] r8136 - data/CVE

Author: jmm-guest
Date: 2008-02-11 17:47:02 +0000 (Mon, 11 Feb 2008)
New Revision: 8136

Modified:
   data/CVE/list
Log:
sun-java6 not in etch
add cherrypy3, affected as well
mozilla dupe, poked mitre
convert old xoops itps to NFU, the wnpp bug was closed (and this
shouldn''t enter the archive anyway)



Modified: data/CVE/list
==================================================================---
data/CVE/list	2008-02-11 17:36:38 UTC (rev 8135)
+++ data/CVE/list	2008-02-11 17:47:02 UTC (rev 8136)
@@ -31,7 +31,6 @@
 CVE-2008-0628 (The XML parsing code in Sun Java Runtime Environment JDK and JRE
6 ...)
 	- sun-java6 6-04-1
 	- sun-java5 <not-affected> (referring to sun this vulnerability is not
present in java5)
-	[etch] - sun-java6 <no-dsa> (non-free not supported)
 CVE-2008-0627
 	REJECTED
 CVE-2008-0626
@@ -944,6 +943,7 @@
 CVE-2008-0252 (Directory traversal vulnerability in the _get_file_path function
in ...)
 	{DSA-1481-1}
 	- python-cherrypy 2.2.1-3.1 (low; bug #461069)
+	- cherrypy3 3.0.2-2
 CVE-2008-0251 (Unrestricted file upload vulnerability in PhotoPost vBGallery
before ...)
 	NOT-FOR-US: PhotoPost vBGallery
 CVE-2008-0250 (Buffer overflow in Microsoft Visual InterDev 6.0 (SP6) allows
...)
@@ -974,7 +974,7 @@
 CVE-2008-0238 (Multiple heap-based buffer overflows in the rmff_dump_cont
function in ...)
 	NOTE: Dupe of CVE-2008-0225
 CVE-2008-0299 (common.py in Paramiko 1.7.1 and earlier, when using threads or
forked ...)
-	- paramiko 1.6.4-1.1 (medium; bug #460706)
+	- paramiko 1.6.4-1.1 (low; bug #460706)
 	NOTE: http://www.lag.net/pipermail/paramiko/2008-January/000599.html
 CVE-2008-0237 (The Microsoft Rich Textbox ActiveX Control (RICHTX32.OCX)
6.1.97.82 ...)
 	NOT-FOR-US: Microsoft Rich Textbox ActiveX Control
@@ -11077,10 +11077,7 @@
 CVE-2007-3091 (Race condition in Microsoft Internet Explorer 6 and 7 allows
remote ...)
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2007-3090 (Mozilla Firefox does not properly manage a delay timer used in
...)
-	- iceweasel <unfixed> (medium)
-	- iceape <unfixed> (medium)
-	[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer
supported)
-	- xulrunner <unfixed> (medium)
+	NOTE: This is a dupe of CVE-2008-0519, since 0519 is more widely used, marking
this as a dupe
 CVE-2007-3089 (Mozilla Firefox before 2.0.0.5 does not prevent use of
document.write ...)
 	{DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1}
 	- iceweasel 2.0.0.5-1 (low; bug #427691)
@@ -37394,9 +37391,9 @@
 CVE-2005-3682 (Multiple SQL injection vulnerabilities in Wizz Forum 1.20 allow
remote ...)
 	NOT-FOR-US: Wizz Forum
 CVE-2005-3681 (SQL injection vulnerability in viewcat.php in XOOPS WF-Downloads
...)
-	- xoops <itp> (bug #207640)
+	NOT-FOR-US: Xoops
 CVE-2005-3680 (Directory traversal vulnerability in editor_registry.php in
XOOPS ...)
-	- xoops <itp> (bug #207640)
+	NOT-FOR-US: Xoops
 CVE-2005-3679 (SQL injection vulnerability in admin/index.php in ActiveCampaign
...)
 	NOT-FOR-US: ActiveCampaign 1-2-All Broadcast Email
 CVE-2005-3678 (Google Talk before 1.0.0.76, with email notification enabled,
allows ...)
@@ -41892,7 +41889,7 @@
 CVE-2005-2339 (Cross-site scripting (XSS) vulnerability in the Unicode version
of ...)
 	NOT-FOR-US: unicode msearch
 CVE-2005-2338 (Multiple cross-site scripting (XSS) vulnerabilities in XOOPS
2.0.12 JP ...)
-	- xoops <itp> (bug #207640)
+	NOT-FOR-US: Xoops
 CVE-2005-2337 (Ruby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0 development
up to ...)
 	{DSA-864-1 DSA-862-1 DSA-860-1}
 	- ruby <removed>
@@ -43055,9 +43052,9 @@
 	[sarge] - mozilla <not-affected> (Unreproducible)
 	- mozilla 2:1.7.10-1 (bug #318723; medium)
 CVE-2005-2113 (SQL injection vulnerability in the loginUser function in the
XMLRPC ...)
-	- xoops <itp> (bug #207640)
+	NOT-FOR-US: Xoops
 CVE-2005-2112 (Multiple cross-site scripting (XSS) vulnerabilities in XOOPS
2.0.11 ...)
-	- xoops <itp> (bug #207640)
+	NOT-FOR-US: Xoops
 CVE-2005-2111 (login.cgi in Community Link Pro Web Editor allows remote
attackers to ...)
 	NOT-FOR-US: Community Link Pro Web Editor
 CVE-2005-2110 (WordPress 1.5.1.2 and earlier allows remote attackers to obtain
...)
@@ -43676,7 +43673,7 @@
 CVE-2002-1803 (Cross-site scripting (XSS) vulnerability in PHP-Nuke 6.0 allows
remote ...)
 	NOT-FOR-US: PHP-Nuke
 CVE-2002-1802 (Cross-site scripting (XSS) vulnerability in Xoops 1.0 RC3 allows
...)
-	- xoops <itp> (bug #207640)
+	NOT-FOR-US: Xoops
 CVE-2002-1801 (ImageFolio 2.23 through 2.27 allows remote attackers to obtain
...)
 	NOT-FOR-US: ImageFolio
 CVE-2002-1800 (phpRank 1.8 stores the administrative password in plaintext on
the ...)
@@ -48194,7 +48191,7 @@
 CVE-2005-0744 (The web GUI for Novell iChain 2.2 and 2.3 SP2 and SP3 allows
attackers ...)
 	NOT-FOR-US: Novell iChain
 CVE-2005-0743 (The custom avatar uploading feature (uploader.php) for XOOPS
2.0.9.2 ...)
-	- xoops <itp> (bug #207640)
+	NOT-FOR-US: Xoops
 CVE-2005-0742 (Cross-site scripting (XSS) vulnerability in Sun Java System ...)
 	NOT-FOR-US: Sun Java System Application Server
 CVE-2005-0741 (Cross-site scripting (XSS) vulnerability in YaBB.pl for YaBB 2.0
RC1 ...)
@@ -55301,7 +55298,7 @@
 CVE-2003-0492 (Cross-site scripting (XSS) vulnerability in search.asp for Snitz
...)
 	NOT-FOR-US: snitz forums; not in debian
 CVE-2003-0491 (The Tutorials 2.0 module in XOOPS and E-XOOPS allows remote
attackers ...)
-	- xoops <itp> (bug #207640)
+	NOT-FOR-US: Xoops
 CVE-2003-0490 (The installation of Dantz Retrospect Client 5.0.540 on MacOS X
10.2.6, ...)
 	NOT-FOR-US: Dantz Retrospect
 CVE-2003-0489 (tcptraceroute 1.4 and earlier does not fully drop privileges
after ...)
Secure testing commits - Feb 2008 - r8136 - data/CVE

[Secure-testing-commits] r8136 - data/CVE
