Secure testing commits - May 2008 - r8807 - data/CVE

Author: nion
Date: 2008-05-14 14:49:26 +0000 (Wed, 14 May 2008)
New Revision: 8807

Modified:
   data/CVE/list
Log:
NFUs
CVE-2008-1880 firebird2 removed, firebird2.0 not affected


Modified: data/CVE/list
==================================================================---
data/CVE/list	2008-05-14 14:34:24 UTC (rev 8806)
+++ data/CVE/list	2008-05-14 14:49:26 UTC (rev 8807)
@@ -616,7 +616,11 @@
 	{DTSA-125-1}
 	- vlc 0.8.6.e-2.1 (medium; bug #477805)
 CVE-2008-1880 (The default configuration of Firebird before 2.0.3.12981.0-r6 on
...)
-	TODO: check
+	- firebird2 <removed>
+	- firebird2.0 <not-affected> (Gentoo specific problem)
+	NOTE: on debian after the installation firebird2.0-super is disabled, to
enable it
+	NOTE: you need to call dpkg-reconfigure which then asks for a passwort or
generates
+	NOTE: a random one
 CVE-2008-1879
 	RESERVED
 CVE-2007-6715 (Mozilla Firefox allows remote attackers to cause a denial of
service ...)
@@ -1077,7 +1081,7 @@
 CVE-2008-1678
 	RESERVED
 CVE-2008-1677 (Buffer overflow in the regular expression handler in Red Hat
Directory ...)
-	TODO: check
+	NOT-FOR-US: Red Hat Directory Server
 CVE-2008-1676
 	RESERVED
 CVE-2008-1675 (The bdx_ioctl_priv function in the tehuti driver (tehuti.c) in
Linux ...)
@@ -5786,7 +5790,7 @@
 CVE-2007-6340 (Geert Moernaut LSrunasE 1.0 and Supercrypt 1.0 use the RC4
stream ...)
 	NOT-FOR-US: Geert Moernaut LSrunasE and Supercrypt
 CVE-2007-6339 (The Akamai Download Manager (aka DLM or dlmanager) ActiveX
control ...)
-	TODO: check
+	NOT-FOR-US: Akamai Download Manager
 CVE-2007-6338 (SQL injection vulnerability in userlogin.jsp in Trivantis
CourseMill ...)
 	NOT-FOR-US: Trivantis CourseMill Enterprise Learning Management System
 CVE-2007-6337 (Unspecified vulnerability in the bzip2 decompression algorithm
in ...)
@@ -27403,7 +27407,7 @@
 CVE-2006-4728
 	RESERVED
 CVE-2006-4727 (Cross-site scripting (XSS) vulnerability in
emfadmin/statusView.do in ...)
-	TODO: check
+	NOT-FOR-US: Tumbleweed EMF Administration Module
 CVE-2006-4726 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX
6.1 ...)
 	NOT-FOR-US: Adobe
 CVE-2006-4725 (Adobe ColdFusion MX 7 and 7.01 allows local users to bypass
security ...)