nion at alioth.debian.org
2008-Nov-19 19:00 UTC
[Secure-testing-commits] r10423 - data/CVE
Author: nion Date: 2008-11-19 19:00:51 +0000 (Wed, 19 Nov 2008) New Revision: 10423 Modified: data/CVE/list Log: NFUs CVE-2008-5102 doesn''t affect zope3 for zope2 on debian -> non-issue Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-11-19 17:35:00 UTC (rev 10422) +++ data/CVE/list 2008-11-19 19:00:51 UTC (rev 10423) @@ -3,9 +3,9 @@ CVE-2008-XXXX [no-ip DUC remote code execution] - no-ip <unfixed> (bug #506179) CVE-2008-5132 (SQL injection vulnerability in inc/ajax/ajax_rating.php in MemHT ...) - TODO: check + NOT-FOR-US: MemHT Portal CVE-2008-5131 (Multiple SQL injection vulnerabilities in Develop It Easy News And ...) - TODO: check + NOT-FOR-US: Develop It Easy News And Article System CVE-2008-5130 (Ocean12 Calendar Manager Gold 2.04 stores sensitive information under ...) NOT-FOR-US: Ocean12 software CVE-2008-5129 (Ocean12 Poll Manager Pro 1.00 stores sensitive information under the ...) @@ -15,31 +15,31 @@ CVE-2008-5127 (Ocean12 Contact Manager Pro 1.02 stores sensitive information under ...) NOT-FOR-US: Ocean12 software CVE-2008-5126 (Cross-site scripting (XSS) vulnerability in search.php in BoutikOne ...) - TODO: check + NOT-FOR-US: BoutikOne CVE-2008-5125 (admin.php in CCleague Pro 1.2 allows remote attackers to bypass ...) - TODO: check + NOT-FOR-US: CCleague Pro CVE-2008-5124 (JSCAPE Secure FTP Applet 4.8.0 and earlier does not ask the user to ...) - TODO: check + NOT-FOR-US: JSCAPE Secure FTP Applet CVE-2008-5123 (SQL injection vulnerability in admin.php in CCleague Pro 1.2 allows ...) - TODO: check + NOT-FOR-US: CCleague Pro CVE-2008-5122 (SQL injection vulnerability in ContentRatingGraph.aspx in Ektron ...) - TODO: check + NOT-FOR-US: Ektron CMS400.NET CVE-2008-5121 (dne2000.sys in Citrix Deterministic Network Enhancer (DNE) 2.21.7.233 ...) - TODO: check + NOT-FOR-US: Citrix Deterministic Network Enhancer CVE-2008-5120 (Stack-based buffer overflow in the Process Software MultiNet finger ...) - TODO: check + NOT-FOR-US: MultiNet finger service CVE-2008-5119 (Cross-site scripting (XSS) vulnerability in search.php in ...) - TODO: check + NOT-FOR-US: Scripts4Profit DXShopCart CVE-2008-5118 (Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 ...) - TODO: check + NOT-FOR-US: Sun Java System Identity Manager CVE-2008-5117 (Open redirect vulnerability in Sun Java System Identity Manager 6.0 ...) - TODO: check + NOT-FOR-US: Sun Java System Identity Manager CVE-2008-5116 (Unspecified vulnerability in Sun Java System Identity Manager 6.0 ...) - TODO: check + NOT-FOR-US: Sun Java System Identity Manager CVE-2008-5115 (Cross-site request forgery (CSRF) vulnerability in Sun Java System ...) - TODO: check + NOT-FOR-US: Sun Java System Identity Manager CVE-2008-5114 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System ...) - TODO: check + NOT-FOR-US: Sun Java System Identity Manager CVE-2008-5112 (The LDAP server in Active Directory in Microsoft Windows 2000 SP4 and ...) NOT-FOR-US: Microsoft CVE-2008-5111 (Unspecified vulnerability in the socket function in Sun Solaris 10 and ...) @@ -59,7 +59,11 @@ CVE-2008-5103 (The (1) python-vm-builder and (2) ubuntu-vm-builder implementations in ...) NOT-FOR-US: VMBuilder CVE-2008-5102 (PythonScripts in Zope 2 2.11.2 and earlier, as used in Conga and other ...) - TODO: check + - zope2.10 <unfixed> (unimportant) + NOTE: this only affects installations in which users have unrestricted access to the management + NOTE: interface. On Debian there one admin user is added for this at installation time and + NOTE: non-trustworthy users shouldn''t have access to the interface. + - zope3 <not-affected> (Vulnerable code not present) CVE-2008-5100 (The strong name (SN) implementation in Microsoft .NET Framework ...) NOT-FOR-US: Microsoft .NET Framework CVE-2008-5099 (Sun Logical Domain Manager (aka LDoms Manager or ldm) 1.0 through ...)