Secure testing commits - Jul 2008 - r9263 - data/CVE

Author: nion
Date: 2008-07-08 22:36:48 +0000 (Tue, 08 Jul 2008)
New Revision: 9263

Modified:
   data/CVE/list
Log:
NFUs
CVE-2008-3067 fixed in sudo 1.6.8p12-2


Modified: data/CVE/list
==================================================================---
data/CVE/list	2008-07-08 22:06:57 UTC (rev 9262)
+++ data/CVE/list	2008-07-08 22:36:48 UTC (rev 9263)
@@ -1,7 +1,7 @@
 CVE-2008-3068 (Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in
Outlook, ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Crypto API
 CVE-2008-3067 (sudo in SUSE openSUSE 10.3 does not clear the stdin buffer when
...)
-	TODO: check
+	- sudo 1.6.8p12-2 (low)
 CVE-2008-3066
 	RESERVED
 CVE-2008-3065
@@ -23,67 +23,67 @@
 CVE-2008-3057
 	RESERVED
 CVE-2008-3056 (SQL injection vulnerability in the Codeon Petition (cd_petition)
...)
-	TODO: check
+	NOT-FOR-US: cd_petition extension for TYPO3
 CVE-2008-3055 (SQL injection vulnerability in the Support view (ext_tbl)
extension ...)
-	TODO: check
+	NOT-FOR-US: ext_tbl extension for TYPO3
 CVE-2008-3054 (SQL injection vulnerability in the Branchenbuch (aka Yellow
Pages ...)
-	TODO: check
+	NOT-FOR-US: mh_branchenbuch extension for TYPO3
 CVE-2008-3053 (SQL injection vulnerability in the SQL Frontend (mh_omsqlio)
extension ...)
-	TODO: check
+	NOT-FOR-US: mh_omsqlio extension for TYPO3
 CVE-2008-3052 (Unspecified vulnerability in the SQL Frontend (mh_omsqlio)
extension ...)
-	TODO: check
+	NOT-FOR-US: mh_omsqlio extension for TYPO3
 CVE-2008-3051 (SQL injection vulnerability in the Pinboard extension 0.0.6 and
...)
-	TODO: check
+	NOT-FOR-US: Pinboard extension for TYPO3
 CVE-2008-3050 (Unspecified vulnerability in the PDF Generator 2
(pdf_generator2) ...)
-	TODO: check
+	NOT-FOR-US: pdfcreator extension for TYPO3
 CVE-2008-3049 (The PDF Generator 2 (pdf_generator2) extension 0.5.0 and earlier
for ...)
-	TODO: check
+	NOT-FOR-US: pdfcreator extension for TYPO3
 CVE-2008-3048 (Unspecified vulnerability in the PDF Generator 2
(pdf_generator2) ...)
-	TODO: check
+	NOT-FOR-US: pdfcreator extension for TYPO3
 CVE-2008-3047 (Incomplete blacklist vulnerability in the KB Unpack (kb_unpack)
...)
-	TODO: check
+	NOT-FOR-US: kb_unpack extension for TYPO3
 CVE-2008-3046 (Incomplete blacklist vulnerability in the Packman (kb_packman)
...)
-	TODO: check
+	NOT-FOR-US: kb_packman extension for TYPO3
 CVE-2008-3045 (Unspecified vulnerability in the Industry Database (aka ...)
-	TODO: check
+	NOT-FOR-US: pro_industrydb extension for TYPO3
 CVE-2008-3044 (SQL injection vulnerability in the News Calendar (newscalendar)
...)
-	TODO: check
+	NOT-FOR-US: newscalendar extension for TYPO3
 CVE-2008-3043 (Unspecified vulnerability in the WEC Discussion Forum
(wec_discussion) ...)
-	TODO: check
+	NOT-FOR-US: wec_discussion extension for TYPO3
 CVE-2008-3042 (Unspecified vulnerability in the DAM Frontend (dam_frontend)
extension ...)
-	TODO: check
+	NOT-FOR-US: dam_frontend extension for TYPO3
 CVE-2008-3041 (Unspecified vulnerability in the DAM Frontend (dam_frontend)
extension ...)
-	TODO: check
+	NOT-FOR-US: dam_frontend extension for TYPO3
 CVE-2008-3040 (Unspecified vulnerability in the DAM Frontend (dam_frontend)
extension ...)
-	TODO: check
+	NOT-FOR-US: dam_frontend extension for TYPO3
 CVE-2008-3039 (SQL injection vulnerability in the DAM Frontend (dam_frontend)
...)
-	TODO: check
+	NOT-FOR-US: dam_frontend extension for TYPO3
 CVE-2008-3038 (SQL injection vulnerability in the Address Directory
(sp_directory) ...)
-	TODO: check
+	NOT-FOR-US: sp_directory extension for TYPO3
 CVE-2008-3037 (Cross-site scripting (XSS) vulnerability in the Address
Directory ...)
-	TODO: check
+	NOT-FOR-US: sp_directory extension for TYPO3
 CVE-2008-3036 (Directory traversal vulnerability in index.php in CMS little
0.0.1 ...)
-	TODO: check
+	NOT-FOR-US: CMS little
 CVE-2008-3035 (SQL injection vulnerability in newThread.php in XchangeBoard
1.70 ...)
-	TODO: check
+	NOT-FOR-US: XchangeBoard
 CVE-2008-3034 (Multiple SQL injection vulnerabilities in RSS-aggregator 1.0
allow ...)
-	TODO: check
+	NOT-FOR-US: RSS-aggregator
 CVE-2008-3033 (RSS-aggregator 1.0 does not require administrative
authentication for ...)
-	TODO: check
+	NOT-FOR-US: RSS-aggregator
 CVE-2008-3032 (Cross-site scripting (XSS) vulnerability in the phpMyAdmin ...)
-	TODO: check
+	NOT-FOR-US: phpmyadmin extension for TYPO3
 CVE-2008-3031 (Directory traversal vulnerability in index.php in Simple PHP
Agenda ...)
-	TODO: check
+	NOT-FOR-US: Simple PHP Agenda
 CVE-2008-3030 (SQL injection vulnerability in default.asp in EfesTECH Shop 2.0
allows ...)
-	TODO: check
+	NOT-FOR-US: EfesTECH Shop
 CVE-2008-3029 (Cross-site scripting (XSS) vulnerability in the WEC Discussion
Forum ...)
-	TODO: check
+	NOT-FOR-US: WEC Discussion Forum
 CVE-2008-3028 (Multiple cross-site scripting (XSS) vulnerabilities in the
Send-A-Card ...)
-	TODO: check
+	NOT-FOR-US: sr_sendcard extension for TYPO3
 CVE-2008-3027 (SQL injection vulnerability in get_article.php in VanGogh Web
CMS 0.9 ...)
-	TODO: check
+	NOT-FOR-US: VanGogh Web CMS
 CVE-2008-3026 (SQL injection vulnerability in index.php in OneClick CMS (aka
Sisplet ...)
-	TODO: check
+	NOT-FOR-US: OneClick CMS
 CVE-2008-3025 (SQL injection vulnerability in ad.php in plx Ad Trader 3.2
allows ...)
 	TODO: check
 CVE-2008-3024 (Stack-based buffer overflow in phgrafx in QNX Momentics (aka
RTOS) ...)