Secure testing commits - Jun 2009 - r12173 - data/CVE

Author: derevko-guest
Date: 2009-06-21 12:35:23 +0000 (Sun, 21 Jun 2009)
New Revision: 12173

Modified:
   data/CVE/list
Log:
- NFUs
- git DoS got a CVE id


Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-06-19 21:14:10 UTC (rev 12172)
+++ data/CVE/list	2009-06-21 12:35:23 UTC (rev 12173)
@@ -1,29 +1,30 @@
 CVE-2009-2120 (Multiple SQL injection vulnerabilities in TekBase All-in-One 3.1
allow ...)
-	TODO: check
+	NOT-FOR-US: TekBase
 CVE-2009-2119 (Cross-site scripting (XSS) vulnerability in the login interface
in F5 ...)
-	TODO: check
+	NOT-FOR-US: FirePass
 CVE-2009-2118 (Integer overflow in IrfanView 4.23, when the resampling or
screen ...)
-	TODO: check
+	NOT-FOR-US: IrfanView
 CVE-2009-2117 (uye_paneli.php in phPortal 1.0 allows remote attackers to bypass
...)
-	TODO: check
+	NOT-FOR-US: phPortal
 CVE-2009-2116 (Directory traversal vulnerability in admin.php in SkyBlueCanvas
1.1 ...)
-	TODO: check
+	NOT-FOR-US: SkyBlueCanvas
 CVE-2009-2115 (admin.php in SkyBlueCanvas 1.1 r237 allows remote authenticated
...)
-	TODO: check
+	NOT-FOR-US: SkyBlueCanvas
 CVE-2009-2114 (Multiple cross-site scripting (XSS) vulnerabilities in admin.php
in ...)
-	TODO: check
+	NOT-FOR-US: SkyBlueCanvas
 CVE-2009-2113 (Multiple SQL injection vulnerabilities in FretsWeb 1.2 allow
remote ...)
-	TODO: check
+	NOT-FOR-US: FretsWeb
 CVE-2009-2112 (Directory traversal vulnerability in include/page_bottom.php in
phpFK ...)
-	TODO: check
+	NOT-FOR-US: phpFK
 CVE-2009-2111 (Static code injection vulnerability in add_reg.php in DB Top
Sites 1.0 ...)
-	TODO: check
+	NOT-FOR-US: DB Top Site
 CVE-2009-2110 (Multiple directory traversal vulnerabilities in DB Top Sites
1.0, when ...)
-	TODO: check
+	NOT-FOR-US: DB Top Sites 1.0
 CVE-2009-2109 (Multiple directory traversal vulnerabilities in FretsWeb 1.2
allow ...)
-	TODO: check
+	NOT-FOR-US: FretsWeb
 CVE-2009-2108 (git-daemon in git 1.4.4.5 through 1.6.3 allows remote attackers
to ...)
-	TODO: check
+	- git-core <unfixed> (medium; bug #532935)
+	NOTE: http://git.kernel.org/?p=git/git.git;a=commitdiff;h=73bb33a9
 CVE-2009-XXXX [moin: heirarchical ACL vulnerability]
 	- moin 1.8.4-1 (low; bug #533673)
 	TODO: check whether etch/lenny versions are affected or not
@@ -203,9 +204,6 @@
 	NOT-FOR-US: Yogurt
 CVE-2009-2032 (Cross-site scripting (XSS) vulnerability in search.asp in
PDshopPro, ...)
 	NOT-FOR-US: PDshopPro
-CVE-2009-XXXX [git-daemon Parameter Parsing Infinite Loop Denial of Service]
-	- git-core <unfixed> (medium; bug #532935)
-	NOTE: http://git.kernel.org/?p=git/git.git;a=commitdiff;h=73bb33a9
 CVE-2009-2031 (smbfs in Sun OpenSolaris snv_84 through snv_110, when default
mount ...)
 	NOT-FOR-US: OpenSolaris
 CVE-2009-2030 (Unspecified vulnerability in the XML Digital Signature
verification ...)
@@ -436,7 +434,7 @@
 CVE-2009-1936 (_functions.php in cpCommerce 1.2.x, possibly including 1.2.9,
sends a ...)
 	NOT-FOR-US: cpCommerce
 CVE-2009-1935 (Integer overflow in the pipe_build_write_buffer function ...)
-	TODO: check
+	NOT-FOR-US: FreeBSD
 CVE-2009-1934 (Cross-site scripting (XSS) vulnerability in the Reverse Proxy
Plug-in ...)
 	NOT-FOR-US:  Sun Java System Web Server
 CVE-2009-1933 (Kerberos in Sun Solaris 8, 9, and 10, and OpenSolaris before
snv_117, ...)