thr3ads.net - Secure testing commits - [Secure-testing-commits] r14255

If this information is useful, please help other people find it:
Share via:
Michael Gilbert
2010-Mar-12 04:36 UTC
[Secure-testing-commits] r14255 - data/CVE

Author: gilbert-guest
Date: 2010-03-12 04:36:13 +0000 (Fri, 12 Mar 2010)
New Revision: 14255

Modified:
   data/CVE/list
Log:
NFUs; openssl issue got a CVE id

Modified: data/CVE/list
==================================================================---
data/CVE/list	2010-03-12 04:16:02 UTC (rev 14254)
+++ data/CVE/list	2010-03-12 04:36:13 UTC (rev 14255)
@@ -2,37 +2,37 @@
 	- moin 1.8.4-1 (low)
 	NOTE: http://hg.moinmo.in/moin/1.8/rev/897cdbe9e8f2
 CVE-2010-0962 (The FTP proxy server in Apple AirPort Express, AirPort Extreme,
and ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2010-0961 (Buffer overflow in qoslist in bos.net.tcp.server in IBM AIX 6.1
and ...)
-	TODO: check
+	NOT-FOR-US: IBM AIX and VIOS
 CVE-2010-0960 (Buffer overflow in qosmod in bos.net.tcp.server in IBM AIX 6.1
and ...)
-	TODO: check
+	NOT-FOR-US: IBM AIX and VIOS
 CVE-2010-0959 (Cross-site scripting (XSS) vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: IBM ENOVIA SmarTeam
 CVE-2010-0958 (Directory traversal vulnerability in modules/hayoo/index.php in
...)
-	TODO: check
+	NOT-FOR-US: Tribisur
 CVE-2010-0957 (Directory traversal vulnerability in content.php in
Saskia''s ...)
-	TODO: check
+	NOT-FOR-US: Saskia''s Shopsystem
 CVE-2010-0956 (SQL injection vulnerability in index.php in OpenCart 1.3.2
allows ...)
-	TODO: check
+	NOT-FOR-US: OpenCart
 CVE-2010-0955 (SQL injection vulnerability in index.php in Bild Flirt Community
2.0 ...)
-	TODO: check
+	NOT-FOR-US: Bild Flirt Community
 CVE-2010-0954 (SQL injection vulnerability in search_result.asp in Pre Projects
Pre ...)
-	TODO: check
+	NOT-FOR-US: Pre Projects Pre E-Learning Portal
 CVE-2010-0953 (Directory traversal vulnerability in mod.php in phpCOIN 1.2.1
allows ...)
-	TODO: check
+	NOT-FOR-US: phpCOIN
 CVE-2010-0952 (SQL injection vulnerability in index.php in OneCMS 2.5, when
...)
-	TODO: check
+	NOT-FOR-US: OneCMS
 CVE-2010-0951 (SQL injection vulnerability in go_target.php in dev4u CMS allows
...)
-	TODO: check
+	NOT-FOR-US: dev4u CMS
 CVE-2010-0950 (Multiple SQL injection vulnerabilities in Natychmiast CMS allow
remote ...)
-	TODO: check
+	NOT-FOR-US: Natychmiast CMS
 CVE-2010-0949 (Multiple cross-site scripting (XSS) vulnerabilities in
Natychmiast CMS ...)
-	TODO: check
+	NOT-FOR-US: Natychmiast CMS
 CVE-2010-0948 (SQL injection vulnerability in profil.php in Bigforum 4.5, when
...)
-	TODO: check
+	NOT-FOR-US: Bigforum
 CVE-2010-0947 (Cross-site scripting (XSS) vulnerability in post.aspx in Max
Network ...)
-	TODO: check
+	NOT-FOR-US: BBSMAX
 CVE-2009-4697 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
in ...)
 	TODO: check
 CVE-2009-4696 (SQL injection vulnerability in index.php in RadNICS Gold 5
allows ...)
@@ -114,7 +114,10 @@
 	- phpbb3 <not-affected> (older version is in the archive)
 	NOTE: http://www.phpbb.com/community/viewtopic.php?f=14&t=2014195
 CVE-2010-0928 (OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx
...)
-	TODO: check
+	- openssl <unfixed> (unimportant)
+	NOTE: http://www.eecs.umich.edu/~valeria/research/publications/DATE10RSA.pdf
+	NOTE: somewhat impractical right now, but the openssl developers are working
+	NOTE: on a fix just in case
 CVE-2010-0926 (The default configuration of smbd in Samba before 3.3.11, 3.4.x
before ...)
 	- samba 2:3.5.1~dfsg-1 (low; bug #568493; bug #572953)
 	[lenny] - samba <no-dsa> (Minor issue, patch breaks existing behaviour,
can be fixed through configuration modifications)
@@ -421,11 +424,6 @@
 CVE-2010-XXXX [linux-ftpd: null ptr dereference]
 	- linux-ftpd <unfixed> (low; bug #572813)
 	[lenny] - linux-ftpd <no-dsa> (Minor issue)
-CVE-2010-XXXX [openssl power supply fluctuation fault-based key disclosure]
-	- openssl <unfixed> (unimportant)
-	NOTE: http://www.eecs.umich.edu/~valeria/research/publications/DATE10RSA.pdf
-	NOTE: somewhat impractical right now, but the openssl developers are working
-	NOTE: on a fix just in case
 CVE-2010-0824
 	RESERVED
 CVE-2010-0823
@@ -463,7 +461,7 @@
 CVE-2010-0807
 	RESERVED
 CVE-2010-0806 (Use-after-free vulnerability in the Peer Objects component (aka
...)
-	TODO: check
+	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2010-0805
 	RESERVED
 CVE-2010-0804 (Cross-site scripting (XSS) vulnerability in index.php in
iBoutique 4.0 ...)
@@ -1410,7 +1408,7 @@
 CVE-2010-0448
 	RESERVED
 CVE-2010-0447 (The helpmanager servlet in the web server in HP OpenView
Performance ...)
-	TODO: check
+	NOT-FOR-US: HP OpenView Performance Insight
 CVE-2010-0446 (Unspecified vulnerability on the HP DreamScreen 100 and 130 with
...)
 	NOT-FOR-US: HP DreamScreen
 CVE-2010-0445 (Unspecified vulnerability in HP Network Node Manager (NNM) 8.10,
8.11, ...)
@@ -1485,7 +1483,7 @@
 	{DSA-2010-1}
 	TODO: check
 CVE-2010-0418 (The web interface in chumby one before 1.0.4 and chumby classic
before ...)
-	TODO: check
+	NOT-FOR-US: Chumby device''s web interface
 CVE-2010-0417 (Buffer overflow in common/util/rlstate.cpp in Helix Player 1.0.6
and ...)
 	NOT-FOR-US: RealPlayer/Helix Player
 CVE-2010-0416 (Buffer overflow in the Unescape function in
common/util/hxurl.cpp and ...)
@@ -2054,23 +2052,23 @@
 CVE-2010-0266
 	RESERVED
 CVE-2010-0265 (Buffer overflow in Microsoft Windows Movie Maker 2.1, 2.6, and
6.0, ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Windows Movie Maker
 CVE-2010-0264 (Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac,
and ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Office
 CVE-2010-0263 (Microsoft Office Excel 2007 SP1 and SP2; Office 2008 for Mac;
Open XML ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Office
 CVE-2010-0262 (Microsoft Office Excel 2007 SP1 and SP2 and Office 2004 for Mac
do not ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Office
 CVE-2010-0261 (Heap-based buffer overflow in Microsoft Office Excel 2007 SP1
and SP2 ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Office
 CVE-2010-0260 (Heap-based buffer overflow in Microsoft Office Excel 2007 SP1
and SP2; ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Office
 CVE-2010-0259
 	RESERVED
 CVE-2010-0258 (Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2;
...)
-	TODO: check
+	NOT-FOR-US: Microsoft Office
 CVE-2010-0257 (Microsoft Office Excel 2002 SP3 does not properly parse the
Excel file ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Office
 CVE-2010-0256
 	RESERVED
 CVE-2010-0255 (Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does
not ...)
@@ -2520,7 +2518,7 @@
 CVE-2010-0104
 	RESERVED
 CVE-2010-0103 (UsbCharger.dll in the Energizer DUO USB battery charger software
...)
-	TODO: check
+	NOT-FOR-US: Energizer DUO USB Battery Charger Software
 CVE-2010-0102
 	RESERVED
 CVE-2010-0101
Secure testing commits - Mar 2010 - r14255 - data/CVE

[Secure-testing-commits] r14255 - data/CVE
