Secure testing commits - Jan 2010 - r13731 - data/CVE

Author: derevko-guest
Date: 2010-01-06 10:24:52 +0000 (Wed, 06 Jan 2010)
New Revision: 13731

Modified:
   data/CVE/list
Log:
- NFUs
- new uzbl issue


Modified: data/CVE/list
==================================================================---
data/CVE/list	2010-01-06 01:28:25 UTC (rev 13730)
+++ data/CVE/list	2010-01-06 10:24:52 UTC (rev 13731)
@@ -1,3 +1,8 @@
+CVE-2010-XXXX [remote code execution through the "run" function]
+	- uzbl <unfixed> (medium)
+	NOTE: http://www.uzbl.org/news.php?id=22
+	NOTE: maintainer is aware of it
+	TODO: request CVE id
 CVE-2010-0115
 	RESERVED
 CVE-2010-0114
@@ -47,11 +52,11 @@
 CVE-2009-4535 (Mongoose 2.8.0 and earlier allows remote attackers to obtain the
...)
 	NOT-FOR-US: Mongoose
 CVE-2009-4534 (Open redirect vulnerability in the FAQ Ask module 5.x and 6.x
before ...)
-	TODO: check
+	NOT-FOR-US: module for Drupal
 CVE-2009-4533 (The Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a
module ...)
-	TODO: check
+	NOT-FOR-US: module for Drupal
 CVE-2009-4532 (Cross-site scripting (XSS) vulnerability in the Webform module
5.x ...)
-	TODO: check
+	NOT-FOR-US: module for Drupal
 CVE-2009-4531 (httpdx 1.4.4 and earlier allows remote attackers to obtain the
source ...)
 	NOT-FOR-US: httpdx
 CVE-2009-4530 (Mongoose 2.8.0 and earlier allows remote attackers to obtain the
...)
@@ -59,15 +64,15 @@
 CVE-2009-4529 (InterVations NaviCOPA Web Server 3.0.1.2 and earlier allows
remote ...)
 	NOT-FOR-US: InterVations NaviCOPA Web Server
 CVE-2009-4528 (The Organic Groups (OG) Vocabulary module 6.x before 6.x-1.0 for
...)
-	TODO: check
+	NOT-FOR-US: module for Drupal
 CVE-2009-4527 (The Shibboleth authentication module 5.x before 5.x-3.4 and 6.x
before ...)
-	TODO: check
+	NOT-FOR-US: module for Drupal
 CVE-2009-4526 (The Send by e-mail sub-module in the Print (aka Printer, e-mail
and ...)
-	TODO: check
+	NOT-FOR-US: module for Drupal
 CVE-2009-4525 (Cross-site scripting (XSS) vulnerability in the Print (aka
Printer, ...)
-	TODO: check
+	NOT-FOR-US: module for Drupal
 CVE-2009-4524 (Cross-site scripting (XSS) vulnerability in the RealName module
...)
-	TODO: check
+	NOT-FOR-US: module for Drupal
 CVE-2009-4523 (Cross-site scripting (XSS) vulnerability in index.php in Zainu
1.0 ...)
 	NOT-FOR-US: Zainu
 CVE-2009-4522 (Cross-site scripting (XSS) vulnerability in search.5.html in
...)
@@ -75,21 +80,21 @@
 CVE-2009-4521 (Cross-site scripting (XSS) vulnerability in birt-viewer/run in
Eclipse ...)
 	TODO: check
 CVE-2009-4520 (The CCK Comment Reference module 5.x before 5.x-1.2 and 6.x
before ...)
-	TODO: check
+	NOT-FOR-US: module for Drupal
 CVE-2009-4519 (Multiple unspecified vulnerabilities in Ortro before 1.3.4 have
...)
 	NOT-FOR-US: Ortro
 CVE-2009-4518 (Cross-site scripting (XSS) vulnerability in the Insert Node
module 5.x ...)
-	TODO: check
+	NOT-FOR-US: module for Drupal
 CVE-2009-4517 (Cross-site request forgery (CSRF) vulnerability in the FAQ Ask
module ...)
-	TODO: check
+	NOT-FOR-US: module for Drupal
 CVE-2009-4516 (Cross-site scripting (XSS) vulnerability in the FAQ Ask module
5.x and ...)
-	TODO: check
+	NOT-FOR-US: module for Drupal
 CVE-2009-4515 (The Storm module 6.x before 6.x-1.25 for Drupal does not enforce
...)
-	TODO: check
+	NOT-FOR-US: module for Drupal
 CVE-2009-4514 (Cross-site scripting (XSS) vulnerability in the OpenSocial ...)
-	TODO: check
+	NOT-FOR-US: module for Drupal
 CVE-2009-4513 (Multiple cross-site scripting (XSS) vulnerabilities in the
Workflow ...)
-	TODO: check
+	NOT-FOR-US: module for Drupal
 CVE-2009-4512 (Directory traversal vulnerability in index.php in Oscailt 3.3,
when ...)
 	NOT-FOR-US: Oscailt
 CVE-2009-4511