Secure testing commits - May 2009 - r11960 - data/CVE

Author: derevko-guest
Date: 2009-05-23 13:49:51 +0000 (Sat, 23 May 2009)
New Revision: 11960

Modified:
   data/CVE/list
Log:
- NFUs
- CVE-2009-1759: ctorrent is affected
- CVE-2009-1757: fixed in transmission 1.61-1, lenny and etch versions are not
affected


Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-05-23 07:06:38 UTC (rev 11959)
+++ data/CVE/list	2009-05-23 13:49:51 UTC (rev 11960)
@@ -7,41 +7,43 @@
 CVE-2009-1760
 	RESERVED
 CVE-2009-1759 (Stack-based buffer overflow in the btFiles::BuildFromMI function
...)
-	TODO: check
+	- ctorrent <unfixed> (bug #530255) 
 CVE-2009-1758 (The hypervisor_callback function in Xen, possibly before 3.4.0,
as ...)
 	TODO: check
 CVE-2009-1757 (Cross-site request forgery (CSRF) vulnerability in Transmission
1.5 ...)
-	TODO: check
+	- transmission 1.61-1 (low)
+	[lenny] - transmission <not-affected> (Vulnerable code not present, the
web interface was introduced in 1.30)
+	[etch] - transmission <not-affected> (Vulnerable code not present, the
web interface was introduced in 1.30)
 CVE-2009-1754
 	RESERVED
 CVE-2009-1752 (exJune Office Message System 1 does not properly restrict access
to ...)
-	TODO: check
+	NOT-FOR-US: exJune Office Message System
 CVE-2009-1751 (SQL injection vulnerability in list_list.php in Realty Webware
...)
-	TODO: check
+	NOT-FOR-US: Realty Web-Base
 CVE-2009-1750 (Unrestricted file upload vulnerability in VidSharePro allows
remote ...)
-	TODO: check
+	NOT-FOR-US: VidSharePro
 CVE-2009-1749 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
in ...)
-	TODO: check
+	NOT-FOR-US: Catviz
 CVE-2009-1748 (Multiple directory traversal vulnerabilities in index.php in
Catviz ...)
-	TODO: check
+	NOT-FOR-US: Catviz
 CVE-2009-1747 (SQL injection vulnerability in index.php in 26th Avenue bSpeak
1.10 ...)
-	TODO: check
+	NOT-FOR-US: bSpeak
 CVE-2009-1746 (SQL injection vulnerability in berita.php in Dian Gemilang
DGNews 3.0 ...)
-	TODO: check
+	NOT-FOR-US: Dian Gemilang DGNews
 CVE-2009-1745 (Armorlogic Profense Web Application Firewall before 2.2.22, and
2.4.x ...)
-	TODO: check
+	NOT-FOR-US: Armorlogic Profense Web Application Firewall
 CVE-2009-1744 (InstallHFZ.exe 6.5.201.0 in Pinnacle Hollywood Effects 6, a
module in ...)
-	TODO: check
+	NOT-FOR-US: Pinnacle
 CVE-2009-1743 (Directory traversal vulnerability in InstallHFZ.exe 6.5.201.0 in
...)
-	TODO: check
+	NOT-FOR-US: Pinnacle
 CVE-2009-1742 (code.php in PC4Arb Pc4 Uploader 9.0 and earlier makes it easier
for ...)
-	TODO: check
+	NOT-FOR-US: PC4Arb Pc4 Uploader
 CVE-2009-1741 (Multiple SQL injection vulnerabilities in login.php in DM
FileManager ...)
-	TODO: check
+	NOT-FOR-US: DM FileManager
 CVE-2009-1740 (Multiple heap-based buffer overflows in the D-Link MPEG4 Viewer
...)
-	TODO: check
+	NOT-FOR-US: D-Link MPEG4 Viewer
 CVE-2009-1739 (PAD Site Scripts 3.6 allows remote attackers to bypass
authentication ...)
-	TODO: check
+	NOT-FOR-US: PAD Site Scripts
 CVE-2009-1738 (Cross-site scripting (XSS) vulnerability in Feed Block 6.x-1.x
before ...)
 	TODO: check
 CVE-2009-1737 (Directory traversal vulnerability in bom.php in MyPic 2.1 allows
...)