thr3ads.net - Secure testing commits - [Secure-testing-commits] r18058

If this information is useful, please help other people find it:
Share via:

Florian Weimer

2012-Jan-06 14:12 UTC

[Secure-testing-commits] r18058 - data/CVE

Author: fw
Date: 2012-01-06 14:12:22 +0000 (Fri, 06 Jan 2012)
New Revision: 18058

Modified:
   data/CVE/list
Log:
NFUs
CVE-2011-3367: arora unimportant


Modified: data/CVE/list
==================================================================---
data/CVE/list	2012-01-06 13:37:01 UTC (rev 18057)
+++ data/CVE/list	2012-01-06 14:12:22 UTC (rev 18058)
@@ -201,15 +201,15 @@
 CVE-2012-0289
 	RESERVED
 CVE-2011-5052 (Stack-based buffer overflow in CoCSoft Stream Down 6.8.0 allows
remote ...)
-	TODO: check
+	NOT-FOR-US: CoCSoft Stream Down
 CVE-2011-5051 (Multiple unrestricted file upload vulnerabilities in the WP
Symposium ...)
-	TODO: check
+	NOT-FOR-US: Symposium plugin for Wordpress
 CVE-2011-5050 (SQL injection vulnerability in corporate/Controller in Elitecore
...)
-	TODO: check
+	NOT-FOR-US: Elitecore Technologies Cyberoam UTM
 CVE-2011-5049 (MySQL 5.5.8, when running on Windows, allows remote attackers to
cause ...)
-	TODO: check
+	NOT-FOR-US: MySQL on Windows
 CVE-2007-6751 (Cross-site scripting (XSS) vulnerability in the MailForm plugin
before ...)
-	TODO: check
+	NOT-FOR-US: MailForm plugin for Movable Type
 CVE-2004-2775
 	RESERVED
 CVE-2004-2774
@@ -5490,11 +5490,11 @@
 CVE-2011-3418
 	RESERVED
 CVE-2011-3417 (The Forms Authentication feature in the ASP.NET subsystem in
Microsoft ...)
-	TODO: check
+	NOT-FOR-US: Microsoft ASP.NET
 CVE-2011-3416 (The Forms Authentication feature in the ASP.NET subsystem in
Microsoft ...)
-	TODO: check
+	NOT-FOR-US: Microsoft ASP.NET
 CVE-2011-3415 (Open redirect vulnerability in the Forms Authentication feature
in the ...)
-	TODO: check
+	NOT-FOR-US: Microsoft ASP.NET
 CVE-2011-3414 (The CaseInsensitiveHashProvider.getHashCode function in the
HashTable ...)
 	TODO: check
 	NOTE: Might affect Mono, pinged maintainers
@@ -5645,7 +5645,8 @@
 	- apache2 2.2.21-2 (medium)
 	NOTE: http://article.gmane.org/gmane.comp.apache.announce/61
 CVE-2011-3367 (Arora, possibly 0.11 and other versions, does not use a certain
font ...)
-	TODO: check
+	- arora <unfixed> (unimportant)
+	NOTE: Requires CA compromise to exploit, browser still displays warning.
 CVE-2011-3366 (Rekonq 0.7.0 and earlier does not use a certain font when
rendering ...)
 	- rekonq <not-affected> (Only affected the 0.8.x devel versions and was
fixed before final 0.8 release, see bug #647298)
 	NOTE: http://www.kde.org/info/security/advisory-20111003-1.txt

Secure testing commits - Jan 2012 - r18058 - data/CVE

[Secure-testing-commits] r18058 - data/CVE