thr3ads.net - Secure testing commits - [Secure-testing-commits] r8236

If this information is useful, please help other people find it:
Share via:
nion at alioth.debian.org
2008-Feb-27 17:36 UTC
[Secure-testing-commits] r8236 - data/CVE

Author: nion
Date: 2008-02-27 17:36:08 +0000 (Wed, 27 Feb 2008)
New Revision: 8236

Modified:
   data/CVE/list
Log:
a bunch of NFUs
checking back status of CVE-2008-059{6,7} with redhat


Modified: data/CVE/list
==================================================================---
data/CVE/list	2008-02-27 16:36:06 UTC (rev 8235)
+++ data/CVE/list	2008-02-27 17:36:08 UTC (rev 8236)
@@ -213,143 +213,145 @@
 CVE-2008-0877 (Multiple cross-site scripting (XSS) vulnerabilities in Jinzora
Media ...)
 	NOT-FOR-US: Jinzora Media Jukebox
 CVE-2008-0876 (Unspecified vulnerability in the SEWB3 messaging service in
Hitachi ...)
-	TODO: check
+	NOT-FOR-US: Hitachi SEWB3
 CVE-2008-0875 (Unspecified vulnerability in Hitachi EUR Print Manager, and
related ...)
-	TODO: check
+	NOT-FOR-US: Hitachi EUR Print Manager
 CVE-2008-0874 (SQL injection vulnerability in index.php in the eEmpregos module
for ...)
-	TODO: check
+	NOT-FOR-US: eEmpregos module for XOOPS
 CVE-2008-0873 (SQL injection vulnerability in index.php in the jlmZone
Classifieds ...)
-	TODO: check
+	NOT-FOR-US: jlmZone Classifieds module for XOOPS
 CVE-2008-0872 (Cross-site scripting (XSS) vulnerability in SmarterTools
SmarterMail ...)
-	TODO: check
+	NOT-FOR-US: SmarterTools SmarterMail Enterprise
 CVE-2008-0871 (Multiple stack-based buffer overflows in Now SMS/MMS Gateway
...)
-	TODO: check
+	NOT-FOR-US: Now SMS/MMS Gateway
 CVE-2008-0870 (BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 2,
under ...)
-	TODO: check
+	NOT-FOR-US: BEA WebLogic
 CVE-2008-0869 (Cross-site scripting (XSS) vulnerability in BEA WebLogic
Workshop 8.1 ...)
-	TODO: check
+	NOT-FOR-US: BEA WebLogic
 CVE-2008-0868 (Cross-site scripting (XSS) vulnerability in Groupspace in BEA
WebLogic ...)
-	TODO: check
+	NOT-FOR-US: BEA WebLogic
 CVE-2008-0867 (Cross-site scripting (XSS) vulnerability in portal/server.pt in
BEA ...)
-	TODO: check
+	NOT-FOR-US: BEA WebLogic
 CVE-2008-0866 (Multiple cross-site scripting (XSS) vulnerabilities in BEA
WebLogic ...)
-	TODO: check
+	NOT-FOR-US: BEA WebLogic
 CVE-2008-0865 (Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP6
...)
-	TODO: check
+	NOT-FOR-US: BEA WebLogic
 CVE-2008-0864 (Admin Tools in BEA WebLogic Portal 8.1 SP3 through SP6 can ...)
-	TODO: check
+	NOT-FOR-US: BEA WebLogic
 CVE-2008-0863 (BEA WebLogic Server and WebLogic Express 9.0 and 9.1 exposes the
web ...)
-	TODO: check
+	NOT-FOR-US: BEA WebLogic
 CVE-2008-0862 (IBM Lotus Notes 6.0, 6.5, 7.0, and 8.0 signs an unsigned applet
when a ...)
-	TODO: check
+	NOT-FOR-US: IBM Lotus Notes
 CVE-2008-0861 (Cross-site scripting (XSS) vulnerability in leg/Main.nsf in IBM
Lotus ...)
-	TODO: check
+	NOT-FOR-US: IBM Lotus Quickplace
 CVE-2008-0860 (Unspecified vulnerability in the AVG plugin in Kerio MailServer
before ...)
-	TODO: check
+	NOT-FOR-US: Kerio MailServer
 CVE-2008-0859 (Unspecified vulnerability in Kerio MailServer before 6.5.0
allows ...)
-	TODO: check
+	NOT-FOR-US: Kerio MailServer
 CVE-2008-0858 (Buffer overflow in the Visnetic anti-virus plugin in Kerio
MailServer ...)
-	TODO: check
+	NOT-FOR-US: Kerio MailServer
 CVE-2008-0857 (SQL injection vulnerability in index.php in WoltLab Burning
Board ...)
-	TODO: check
+	NOT-FOR-US: WoltLab Burning Board
 CVE-2008-0856 (Multiple SQL injection vulnerabilities in e-Vision CMS 2.02
allow ...)
-	TODO: check
+	NOT-FOR-US: e-Vision CMS
 CVE-2008-0855 (SQL injection vulnerability in the Facile Forms
(com_facileforms) ...)
-	TODO: check
+	NOT-FOR-US: com_facileforms component for Joomla! and Mambo
 CVE-2008-0854 (SQL injection vulnerability in the com_salesrep component for
Joomla! ...)
-	TODO: check
+	NOT-FOR-US: com_salesrep component for Joomla! and Mambo
 CVE-2008-0853 (SQL injection vulnerability in the com_detail component for
Joomla! ...)
-	TODO: check
+	NOT-FOR-US: com_detail component for Joomla! and Mambo
 CVE-2008-0852 (freeSSHd 1.2 and earlier allows remote attackers to cause a
denial of ...)
-	TODO: check
+	NOT-FOR-US: freeSSHd
 CVE-2008-0851 (Multiple cross-site scripting (XSS) vulnerabilities in Dokeos
1.8.4 ...)
-	TODO: check
+	NOT-FOR-US: Dokeos
+	NOTE: there is an RFP for Dokeos #433352
 CVE-2008-0850 (Multiple SQL injection vulnerabilities in Dokeos 1.8.4 allow
remote ...)
-	TODO: check
+	NOT-FOR-US: Dokeos
+	NOTE: there is an RFP for Dokeos #433352
 CVE-2008-0849 (SQL injection vulnerability in index.php in the Downloads ...)
-	TODO: check
+	NOT-FOR-US: com_downloads component for Mambo and Joomla!
 CVE-2008-0848 (Cross-site scripting (XSS) vulnerability in lostsheep.php in
Crafty ...)
-	TODO: check
+	NOT-FOR-US: Crafty Syntax Live Help
 CVE-2008-0847 (SQL injection vulnerability in print.php in the myTopics module
for ...)
-	TODO: check
+	NOT-FOR-US: myTopics module for XOOPS
 CVE-2008-0846 (SQL injection vulnerability in index.php in the com_profile
component ...)
-	TODO: check
+	NOT-FOR-US: com_profile component for Mambo and Joomla!
 CVE-2008-0845 (SQL injection vulnerability in wp-people-popup.php in Dean Logan
...)
-	TODO: check
+	NOT-FOR-US: WP-People plugin for WordPress
 CVE-2008-0844 (SQL injection vulnerability in index.php in the PccookBook ...)
-	TODO: check
+	NOT-FOR-US: com_pccookbook component for Joomla!
 CVE-2008-0843 (StatCounteX 3.0 and 3.1 allows remote attackers to obtain
sensitive ...)
-	TODO: check
+	NOT-FOR-US: StatCounteX
 CVE-2008-0842 (SQL injection vulnerability in index.php in the Classifier ...)
-	TODO: check
+	NOT-FOR-US: com_clasifier component for Joomla!
 CVE-2008-0841 (SQL injection vulnerability in index.php in the Giorgio Nordo
Ricette ...)
-	TODO: check
+	NOT-FOR-US: com_ricette component for Joomla!
 CVE-2008-0840 (Directory traversal vulnerability in view_member.php in Public
...)
-	TODO: check
+	NOT-FOR-US: LightBlog
 CVE-2008-0839 (SQL injection vulnerability in refer.php in the astatsPRO ...)
-	TODO: check
+	NOT-FOR-US: com_astatspro component for Joomla!
 CVE-2008-0838 (Multiple cross-site scripting (XSS) vulnerabilities in the web
...)
-	TODO: check
+	NOT-FOR-US: Sophos, Email Security Appliance
 CVE-2008-0837 (Cross-site scripting (XSS) vulnerability in the log feature in
the ...)
-	TODO: check
+	NOT-FOR-US: John Godley Search Unleashed plugin for WordPress
 CVE-2008-0836 (Unspecified vulnerability in the vuidmice STREAMS modules in Sun
...)
-	TODO: check
+	NOT-FOR-US: Sun Solaris
 CVE-2008-0835 (SQL injection vulnerability in indexen.php in Simple CMS 1.0.3
and ...)
-	TODO: check
+	NOT-FOR-US: Simple CMS
 CVE-2008-0834 (Cross-site scripting (XSS) vulnerability in Lotus Quickr for
i5/OS ...)
-	TODO: check
+	NOT-FOR-US: Lotus Quickr
 CVE-2008-0833 (SQL injection vulnerability in index.php in the com_galeria
component ...)
-	TODO: check
+	NOT-FOR-US: com_galeria component for Joomla!
 CVE-2008-0832 (SQL injection vulnerability in index.php in the Kemas Antonius
...)
-	TODO: check
+	NOT-FOR-US: com_quran component for Mambo and Joomla!
 CVE-2008-0831 (Multiple SQL injection vulnerabilities in the Rapid Recipe ...)
-	TODO: check
+	NOT-FOR-US: com_rapidrecipe component for Joomla!
 CVE-2008-0830 (The Digital Photo Access Protocol (DPAP) server for iPhoto 4.0.3
...)
-	TODO: check
+	NOT-FOR-US: DPAP server for iPhoto
 CVE-2008-0829 (SQL injection vulnerability in jooget.php in the Joomlapixel
Jooget! ...)
-	TODO: check
+	NOT-FOR-US: com_jooget component for Joomla! and Mambo
 CVE-2008-0828 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor
1.5.5 ...)
-	TODO: check
+	NOT-FOR-US: ATutor
 CVE-2008-0827 (SQL injection vulnerability in the Books module of PHP-Nuke
allows ...)
-	TODO: check
+	NOT-FOR-US: Books module of PHP-Nuke
 CVE-2008-0826 (Cross-site scripting (XSS) vulnerability in Claroline before
1.8.9 ...)
-	TODO: check
+	NOT-FOR-US: Claroline
 CVE-2008-0825 (SQL injection vulnerability in Claroline before 1.8.9 allows
remote ...)
-	TODO: check
+	NOT-FOR-US: Claroline
 CVE-2008-0824 (Unspecified vulnerability in the php2phps function in Claroline
before ...)
-	TODO: check
+	NOT-FOR-US: Claroline
 CVE-2008-0823 (Unspecified vulnerability in the Header Image Module before
5.x-1.1 ...)
-	TODO: check
+	NOT-FOR-US: Header Image Module for Drupal
 CVE-2008-0822 (Directory traversal vulnerability in index.php in Scribe 0.2
allows ...)
-	TODO: check
+	NOT-FOR-US: Scribe
 CVE-2008-0821 (SQL injection vulnerability in
admin/traffic/knowledge_searchm.php in ...)
-	TODO: check
+	NOT-FOR-US: PHP Live!
 CVE-2008-0820 (** DISPUTED ** ...)
-	TODO: check
+	NOT-FOR-US: Etomite CMS
 CVE-2008-0819 (Directory traversal vulnerability in index.php in PlutoStatus
Locator ...)
-	TODO: check
+	NOT-FOR-US: PlutoStatus Locator
 CVE-2008-0818 (Multiple directory traversal vulnerabilities in freePHPgallery
0.6 ...)
-	TODO: check
+	NOT-FOR-US: freePHPgallery
 CVE-2008-0817 (SQL injection vulnerability in the com_filebase component for
Joomla! ...)
-	TODO: check
+	NOT-FOR-US: com_filebase component for Joomla! and Mambo
 CVE-2008-0816 (SQL injection vulnerability in the com_sg component for Joomla!
and ...)
-	TODO: check
+	NOT-FOR-US: com_sg component for Joomla! and Mambo
 CVE-2008-0815 (SQL injection vulnerability in the com_mezun component for
Joomla! ...)
-	TODO: check
+	NOT-FOR-US: com_mezun component for Joomla!
 CVE-2008-0814 (Directory traversal vulnerability in download.php in Tracking
...)
-	TODO: check
+	NOT-FOR-US: TRUC
 CVE-2008-0813 (Directory traversal vulnerability in Download.php in XPWeb
3.0.1, ...)
-	TODO: check
+	NOT-FOR-US: XPWeb
 CVE-2008-0812 (Directory traversal vulnerability in DMS/index.php in BanPro DMS
1.0 ...)
-	TODO: check
+	NOT-FOR-US: BanPro DMS
 CVE-2008-0811 (Multiple SQL injection vulnerabilities in AuraCMS 1.62 allow
remote ...)
-	TODO: check
+	NOT-FOR-US: AuraCMS
 CVE-2008-0810 (SQL injection vulnerability in the com_scheduling module for
Joomla! ...)
-	TODO: check
+	NOT-FOR-US: com_scheduling module for Joomla! and Mambo
 CVE-2008-0805 (Unrestricted file upload vulnerability in image.php in PHPizabi
0.848b ...)
-	TODO: check
+	NOT-FOR-US: PHPizabi
 CVE-2008-0804 (PHP remote file inclusion vulnerability in usrgetform.html in
Thecus ...)
-	TODO: check
+	NOT-FOR-US: Thecus N5200Pro NAS Server
 CVE-2008-0983 [lighttpd remote DoS]
 	- lighttpd 1.4.18-2 (medium; bug #466663)
 CVE-2008-0883 [tmp race]
@@ -726,7 +728,7 @@
 CVE-2008-0639 (Stack-based buffer overflow in the EnumPrinters function in the
...)
 	NOT-FOR-US: Novell Client
 CVE-2008-0638 (Heap-based buffer overflow in the Veritas Enterprise
Administrator ...)
-	TODO: check
+	NOT-FOR-US: Veritas Enterprise Administrator service
 CVE-2008-0637
 	RESERVED
 CVE-2008-0636 (Level Platforms, Inc. (LPI) Managed Workplace Service Center
4.x, 5.x ...)
@@ -814,8 +816,10 @@
 	RESERVED
 CVE-2008-0597 (Use-after-free vulnerability in CUPS before 1.1.22, and possibly
other ...)
 	TODO: check
+	NOTE: checking status of 1.5.6 with redhat
 CVE-2008-0596 (Memory leak in CUPS before 1.1.22, and possibly other versions,
allows ...)
 	TODO: check
+	NOTE: checking status of 1.5.6 with redhat
 CVE-2008-0595
 	RESERVED
 CVE-2008-0594 (Mozilla Firefox before 2.0.0.12 does not always display a web
forgery ...)
Secure testing commits - Feb 2008 - r8236 - data/CVE

[Secure-testing-commits] r8236 - data/CVE
