thr3ads.net - Secure testing commits - [Secure-testing-commits] r12699

If this information is useful, please help other people find it:
Share via:
Giuseppe Iuculano
2009-Aug-28 11:58 UTC
[Secure-testing-commits] r12699 - data/CVE

Author: derevko-guest
Date: 2009-08-28 11:58:52 +0000 (Fri, 28 Aug 2009)
New Revision: 12699

Modified:
   data/CVE/list
Log:
- NFUs
- buildbot 0.7.11p3-1 fixed also CVE-2009-2967
- CVE-2009-0668, CVE-2009-0669 fixed in zodb 1:3.8.2-1


Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-08-27 21:14:19 UTC (rev 12698)
+++ data/CVE/list	2009-08-28 11:58:52 UTC (rev 12699)
@@ -7,29 +7,30 @@
 CVE-2009-2968
 	RESERVED
 CVE-2009-2967 (Multiple cross-site scripting (XSS) vulnerabilities in Buildbot
0.7.6 ...)
-	TODO: check
+	- buildbot 0.7.11p3-1
+	[etch] - buildbot <not-affected> (According to the vendor 0.7.5 and
earlier are not affected)
 CVE-2008-7094 (Campaign/CampaignListener in the listener server in Unica
Affinium ...)
-	TODO: check
+	NOT-FOR-US: Affinium Campaign
 CVE-2008-7093 (Multiple directory traversal vulnerabilities in Unica Affinium
...)
-	TODO: check
+	NOT-FOR-US: Affinium Campaign
 CVE-2008-7092 (Multiple cross-site scripting (XSS) vulnerabilities in Unica
Affinium ...)
-	TODO: check
+	NOT-FOR-US: Affinium Campaign
 CVE-2008-7091 (Multiple SQL injection vulnerabilities in Pligg 9.9 and earlier
allow ...)
-	TODO: check
+	NOT-FOR-US: Pligg
 CVE-2008-7090 (Multiple directory traversal vulnerabilities in Pligg 9.9 and
earlier ...)
-	TODO: check
+	NOT-FOR-US: Pligg
 CVE-2008-7089 (Cross-site scripting (XSS) vulnerability in Pligg 9.9 and
earlier ...)
-	TODO: check
+	NOT-FOR-US: Pligg
 CVE-2008-7088 (Unrestricted file upload vulnerability in upload.php in
PhotoPost ...)
-	TODO: check
+	NOT-FOR-US: PhotoPost vBGallery
 CVE-2008-7087 (PHP remote file inclusion vulnerability in search_wA.php in
OpenPro ...)
-	TODO: check
+	NOT-FOR-US: OpenPro
 CVE-2008-7086 (Maian Greetings 2.1 allows remote attackers to bypass
authentication ...)
-	TODO: check
+	NOT-FOR-US: Maian Greetings
 CVE-2008-7085 (Multiple SQL injection vulnerabilities in TheHockeyStop
HockeySTATS ...)
-	TODO: check
+	NOT-FOR-US: TheHockeyStop HockeySTATS Online
 CVE-2008-7084 (Directory traversal vulnerability in the web server 1.0 in
Velocity ...)
-	TODO: check
+	NOT-FOR-US: Velocity Security Management System
 CVE-2009-2966 (avp.exe in Kaspersky Internet Security 9.0.0.459 and Anti-Virus
...)
 	NOT-FOR-US: Kaspersky Internet Security
 CVE-2009-2965 (Cross-site scripting (XSS) vulnerability in entry/index.jsp in
...)
@@ -7556,14 +7557,14 @@
 	- zope2.11 2.11.4-1 (bug #540463)
 	- zope2.10 2.10.9-1 (bug #540464)
 	- zope2.9 <removed>
-	- zodb <unfixed> (bug #540465)
+	- zodb 1:3.8.2-1 (bug #540465)
 CVE-2009-0668 (Unspecified vulnerability in Zope Object Database (ZODB) before
3.8.2, ...)
 	{DSA-1863-1}
 	- zope3 <unfixed> (medium; bug #540462)
 	- zope2.11 2.11.4-1 (medium; bug #540463)
 	- zope2.10 2.10.9-1 (medium; bug #540464)
 	- zope2.9 <removed>
-	- zodb <unfixed> (medium; bug #540465)
+	- zodb 1:3.8.2-1 (medium; bug #540465)
 CVE-2009-0667 (Untrusted search path vulnerability in Agent/Backend.pm in ...)
 	{DSA-1828-1}
 	- ocsinventory-agent 1:0.0.9.2repack1-5 (medium; bug #506416)
Secure testing commits - Aug 2009 - r12699 - data/CVE

[Secure-testing-commits] r12699 - data/CVE
