Secure testing commits - Aug 2009 - r12692 - data/CVE

Author: derevko-guest
Date: 2009-08-27 07:44:24 +0000 (Thu, 27 Aug 2009)
New Revision: 12692

Modified:
   data/CVE/list
Log:
- NFUs
- CVE-2009-2964: Multiple cross-site request forgery (CSRF) vulnerabilities in
squirrelmail
- CVE-2009-2959: Cross-site scripting (XSS) vulnerability in buildbot


Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-08-27 03:46:24 UTC (rev 12691)
+++ data/CVE/list	2009-08-27 07:44:24 UTC (rev 12692)
@@ -1,17 +1,18 @@
 CVE-2009-2966 (avp.exe in Kaspersky Internet Security 9.0.0.459 and Anti-Virus
...)
-	TODO: check
+	NOT-FOR-US: Kaspersky Internet Security
 CVE-2009-2965 (Cross-site scripting (XSS) vulnerability in entry/index.jsp in
...)
-	TODO: check
+	NOT-FOR-US: Radvision Scopia
 CVE-2009-2964 (Multiple cross-site request forgery (CSRF) vulnerabilities in
...)
-	TODO: check
+	- squirrelmail <unfixed> (low; bug #543818)
 CVE-2009-2963 (Unspecified vulnerability in the update feature in Toolbar
Uninstaller ...)
-	TODO: check
+	NOT-FOR-US: Toolbar Uninstaller
 CVE-2009-2961 (Stack-based buffer overflow in Thaddy de Konng KOL Player 1.0
allows ...)
-	TODO: check
+	NOT-FOR-US: Thaddy de Konng KOL Player
 CVE-2009-2960 (CuteFlow 2.10.3 and 2.11.0_c does not properly restrict access
to ...)
-	TODO: check
+	NOT-FOR-US: CuteFlow
 CVE-2009-2959 (Cross-site scripting (XSS) vulnerability in the waterfall web
status ...)
-	TODO: check
+	- buildbot <unfixed> (low; bug #543822)
+	[etch] - buildbot <not-affected> (According to the vendor 0.7.5 and
earlier are not affected)
 CVE-2009-2958
 	RESERVED
 CVE-2009-2957