Secure testing commits - Jun 2009 - r12039 - data/CVE

Author: nion
Date: 2009-06-03 20:34:15 +0000 (Wed, 03 Jun 2009)
New Revision: 12039

Modified:
   data/CVE/list
Log:
- NFUs
- cveified drupal


Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-06-03 18:00:32 UTC (rev 12038)
+++ data/CVE/list	2009-06-03 20:34:15 UTC (rev 12039)
@@ -59,9 +59,9 @@
 CVE-2009-1852 (Multiple SQL injection vulnerabilities in Graphiks MyForum 1.3
allow ...)
 	NOT-FOR-US: Graphiks MyForum
 CVE-2009-1851 (SQL injection vulnerability in include.php in phpBugTracker
1.0.4 and ...)
-	TODO: check
+	NOT-FOR-US: phpBugTracker
 CVE-2009-1850 (SQL injection vulnerability in index.php in phpBugTracker 1.0.3
allows ...)
-	TODO: check
+	NOT-FOR-US: phpBugTracker
 CVE-2009-1849 (Cross-site scripting (XSS) vulnerability in the
Monitor_Bandwidth ...)
 	NOT-FOR-US: PRTG Traffic Grapher
 CVE-2009-1848 (SQL injection vulnerability in the JoomlaMe AgoraGroups (aka AG
or ...)
@@ -73,7 +73,8 @@
 CVE-2009-1845 (Cross-site scripting (XSS) vulnerability in ajax/updatecheck.php
in ...)
 	NOT-FOR-US: Lussumo Vanilla
 CVE-2009-1844 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal
5.x ...)
-	TODO: check
+	- drupal5 5.17-1.1 (low; bug #529191)
+	- drupal6 6.11-1.1 (low; bug #529190; bug #531386)
 CVE-2009-1843 (Multiple SQL injection vulnerabilities in Flash Quiz Beta 2
allow ...)
 	NOT-FOR-US: Flash Quiz
 CVE-2009-1842 (SQL injection vulnerability in main/tracking/userLog.php in
Francisco ...)
@@ -172,7 +173,7 @@
 CVE-2009-1806 (Unspecified vulnerability in IBM Hardware Management Console
(HMC) 7 ...)
 	NOT-FOR-US: IBM Hardware Management Console
 CVE-2009-1805 (Unspecified vulnerability in the VMware Descheduled Time
Accounting ...)
-	TODO: check
+	NOT-FOR-US: VMware (experimental feature anyway)
 CVE-2009-1804 (Multiple SQL injection vulnerabilities in admin/index.php in
...)
 	NOT-FOR-US: videoscript
 CVE-2009-1803 (FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x
versions, ...)
@@ -544,11 +545,6 @@
 	- libsndfile 1.0.20-1 (medium; bug #528650)
 CVE-2009-1791 (Heap-based buffer overflow in aiff_read_header in libsndfile
1.0.15 ...)
 	- libsndfile 1.0.20-1 (medium; bug #528650)
-CVE-2009-XXXX [drupal: cross-site scripting vulnerability]
-	- drupal5 5.17-1.1 (low; bug #529191)
-	- drupal6 6.11-1.1 (low; bug #529190; bug #531386)
-	[lenny] - drupal6 6.6-3lenny2
-	NOTE: CVE id requested
 CVE-2009-XXXX [kdebase: potential digital certificate deficiencies in konqueror
4]
 	- kdebase <unfixed> (low; bug #526985)
 	[etch] - kdebase <not-affected> (vulnerability introduced in konqueror
4)