thr3ads.net - Secure testing commits - [Secure-testing-commits] r18516

If this information is useful, please help other people find it:
Share via:
James Strandboge
2012-Feb-22 17:40 UTC
[Secure-testing-commits] r18516 - data/CVE

Author: jamie-guest
Date: 2012-02-22 17:40:30 +0000 (Wed, 22 Feb 2012)
New Revision: 18516

Modified:
   data/CVE/list
Log:
NFUs

Modified: data/CVE/list
==================================================================---
data/CVE/list	2012-02-22 17:18:52 UTC (rev 18515)
+++ data/CVE/list	2012-02-22 17:40:30 UTC (rev 18516)
@@ -1,7 +1,7 @@
 CVE-2012-1235 (Cross-site request forgery (CSRF) vulnerability in
Advantech/BroadWin ...)
-	TODO: check
+	NOT-FOR-US: Advantech/BroadWin WebAccess
 CVE-2012-1234 (SQL injection vulnerability in Advantech/BroadWin WebAccess 7.0
allows ...)
-	TODO: check
+	NOT-FOR-US: Advantech/BroadWin WebAccess
 CVE-2012-1233
 	RESERVED
 CVE-2012-1232
@@ -15,51 +15,51 @@
 CVE-2012-1228
 	RESERVED
 CVE-2012-1227 (Multiple cross-site request forgery (CSRF) vulnerabilities in
...)
-	TODO: check
+	NOT-FOR-US: pluck
 CVE-2012-1226 (Multiple directory traversal vulnerabilities in Dolibarr CMS
3.2.0 ...)
-	TODO: check
+	NOT-FOR-US: Dolibarr CMS
 CVE-2012-1225 (Multiple SQL injection vulnerabilities in Dolibarr CMS 3.2.0
Alpha and ...)
-	TODO: check
+	NOT-FOR-US: Dolibarr CMS
 CVE-2012-1224 (Cross-site scripting (XSS) vulnerability in
system/classes/login.php ...)
-	TODO: check
+	NOT-FOR-US: ContentLion Alpha
 CVE-2012-1223 (RabidHamster R2/Extreme 1.65 and earlier uses a small search
space of ...)
-	TODO: check
+	NOT-FOR-US: RabidHamster
 CVE-2012-1222 (Stack-based buffer overflow in RabidHamster R2/Extreme 1.65 and
...)
-	TODO: check
+	NOT-FOR-US: RabidHamster
 CVE-2012-1221 (Directory traversal vulnerability in the telnet server in
RabidHamster ...)
-	TODO: check
+	NOT-FOR-US: RabidHamster
 CVE-2012-1220 (Cross-site request forgery (CSRF) vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: GAzie
 CVE-2012-1219 (Multiple cross-site scripting (XSS) vulnerabilities in
freelancerKit ...)
-	TODO: check
+	NOT-FOR-US: freelancerKit
 CVE-2012-1218 (Multiple SQL injection vulnerabilities in freelancerKit 2.35
allow ...)
-	TODO: check
+	NOT-FOR-US: freelancerKit
 CVE-2012-1217 (Multiple cross-site scripting (XSS) vulnerabilities in STHS v2
Web ...)
-	TODO: check
+	NOT-FOR-US: STHS
 CVE-2012-1216 (Multiple cross-site request forgery (CSRF) vulnerabilities in
...)
-	TODO: check
+	NOT-FOR-US: PBBoard
 CVE-2012-1215 (Cross-site scripting (XSS) vulnerability in the Add friends
module in ...)
-	TODO: check
+	NOT-FOR-US: Yoono extension
 CVE-2012-1214 (Cross-site scripting (XSS) vulnerability in the Add friends
module in ...)
-	TODO: check
+	NOT-FOR-US: Yoono Desktop Application
 CVE-2012-1213 (Cross-site scripting (XSS) vulnerability in zimbra/h/calendar in
...)
-	TODO: check
+	NOT-FOR-US: Zimbra Web Client
 CVE-2012-1212 (Cross-site scripting (XSS) vulnerability in the
smwfOnSfSetTargetName ...)
-	TODO: check
+	NOT-FOR-US: Semantic Enterprise Wiki
 CVE-2012-1211 (Cross-site scripting (XSS) vulnerability in pfile/kommentar.php
in ...)
-	TODO: check
+	NOT-FOR-US: Powie pFile
 CVE-2012-1210 (SQL injection vulnerability in pfile/file.php in Powie pFile
1.02 ...)
-	TODO: check
+	NOT-FOR-US: Powie pFile
 CVE-2012-1209 (Cross-site scripting (XSS) vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: Fork CMS
 CVE-2012-1208 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
-	TODO: check
+	NOT-FOR-US: Fork CMS
 CVE-2012-1207 (Directory traversal vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: Fork CMS
 CVE-2012-1206 (Multiple integer overflows in Hancom Office 2010 SE 8.5.5 allow
remote ...)
-	TODO: check
+	NOT-FOR-US: Hancom Office
 CVE-2012-1205 (PHP remote file inclusion vulnerability in relocate-upload.php
in ...)
-	TODO: check
+	NOT-FOR-US: Relocate Upload plugin
 CVE-2012-1204
 	RESERVED
 CVE-2012-1203
@@ -69,17 +69,17 @@
 CVE-2012-1201
 	RESERVED
 CVE-2012-1200 (Multiple PHP remote file inclusion vulnerabilities in Nova CMS
allow ...)
-	TODO: check
+	NOT-FOR-US: Nova CMS
 CVE-2012-1199 (Multiple PHP remote file inclusion vulnerabilities in Basic
Analysis ...)
 	TODO: check
 CVE-2012-1198 (base_ag_main.php in Basic Analysis and Security Engine (BASE)
1.4.5 ...)
 	TODO: check
 CVE-2012-1197 (Integer overflow in the IDE_ACDStd.apl module for ACDSee 14.1
Build ...)
-	TODO: check
+	NOT-FOR-US: ACDSee
 CVE-2012-1196 (Directory traversal vulnerability in the VulCore web service
...)
-	TODO: check
+	NOT-FOR-US: Lenovo ThinkManagement Console
 CVE-2012-1195 (Unrestricted file upload vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: Lenovo ThinkManagement Console
 CVE-2012-1194 (The resolver in the DNS Server service in Microsoft Windows
Server ...)
 	NOTE: DNS protocol flaw
 CVE-2012-1193 (The resolver in PowerDNS Recursor (aka pdns_recursor) 3.3
overwrites ...)
@@ -508,21 +508,21 @@
 CVE-2012-1001
 	RESERVED
 CVE-2012-1000 (Multiple cross-site scripting (XSS) vulnerabilities in LEPTON
1.1.3 ...)
-	TODO: check
+	NOT-FOR-US: LEPTON
 CVE-2012-0999 (SQL injection vulnerability in modules/news/rss.php in LEPTON
before ...)
-	TODO: check
+	NOT-FOR-US: LEPTON
 CVE-2012-0998 (Directory traversal vulnerability in account/preferences.php in
LEPTON ...)
-	TODO: check
+	NOT-FOR-US: LEPTON
 CVE-2012-0997 (Cross-site request forgery (CSRF) vulnerability in
admin/index.php in ...)
-	TODO: check
+	NOT-FOR-US: 11in1
 CVE-2012-0996 (Multiple directory traversal vulnerabilities in 11in1 1.2.1
stable ...)
-	TODO: check
+	NOT-FOR-US: 11in1
 CVE-2012-0995 (Multiple cross-site scripting (XSS) vulnerabilities in ZENphoto
1.4.2 ...)
-	TODO: check
+	NOT-FOR-US: ZENphoto
 CVE-2012-0994 (SQL injection vulnerability in the Manage Albums feature in ...)
-	TODO: check
+	NOT-FOR-US: ZENphoto
 CVE-2012-0993 (Eval injection vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: ZENphoto
 CVE-2012-0992 (interface/fax/fax_dispatch.php in OpenEMR 4.1.0 allows remote
...)
 	NOT-FOR-US: OpenEMR
 CVE-2012-0991 (Multiple directory traversal vulnerabilities in OpenEMR 4.1.0
allow ...)
@@ -800,7 +800,7 @@
 CVE-2012-0866
 	RESERVED
 CVE-2012-0865 (Multiple open redirect vulnerabilities in CubeCart 3.0.20 and
earlier ...)
-	TODO: check
+	NOT-FOR-US: CubeCart
 CVE-2012-0864 [FORTIFY_SOURCE format string protection bypass]
 	RESERVED
 	- eglibc <unfixed> (low; bug #660611)
@@ -911,13 +911,13 @@
 	[squeeze] - libvpx <not-affected> (Introduced in 0.9.7)
 	NOTE: http://blog.webmproject.org/2012/01/vp8-codec-sdk-duclair-released.html
 CVE-2012-0822
-	RESERVED
+	NOT-FOR-US: Joomla!
 CVE-2012-0821
-	RESERVED
+	NOT-FOR-US: Joomla!
 CVE-2012-0820
-	RESERVED
+	NOT-FOR-US: Joomla!
 CVE-2012-0819
-	RESERVED
+	NOT-FOR-US: Joomla!
 CVE-2012-0818
 	RESERVED
 CVE-2012-0817 (Memory leak in smbd in Samba 3.6.x before 3.6.3 allows remote
...)
@@ -2534,7 +2534,7 @@
 	- redmine 1.0.5-1 (bug #608397)
 	NOTE: http://www.redmine.org/news/49
 CVE-2011-4926
-	RESERVED
+	NOT-FOR-US: WordPress plugin Adminimize
 CVE-2011-4925 (Terascale Open-Source Resource and Queue Manager (aka TORQUE
Resource ...)
 	- torque <not-affected> (The version in Debian doesn''t yet have
MUNGE support)
 CVE-2011-4924
@@ -2585,19 +2585,19 @@
 	{DSA-2264-1 DSA-2240-1}
 	- linux-2.6 2.6.38-4
 CVE-2011-4912
-	RESERVED
+	NOT-FOR-US: Joomla
 CVE-2011-4911
-	RESERVED
+	NOT-FOR-US: Joomla
 CVE-2011-4910
-	RESERVED
+	NOT-FOR-US: Joomla
 CVE-2011-4909
-	RESERVED
+	NOT-FOR-US: Joomla
 CVE-2011-4908
-	RESERVED
+	NOT-FOR-US: Joomla
 CVE-2011-4907
-	RESERVED
+	NOT-FOR-US: Joomla
 CVE-2011-4906
-	RESERVED
+	NOT-FOR-US: Joomla
 CVE-2011-4905 (Apache ActiveMQ before 5.6.0 allows remote attackers to cause a
denial ...)
 	- activemq 5.5.0+dfsg-5 (bug #655495)
 CVE-2011-4899 (** DISPUTED ** wp-admin/setup-config.php in the installation
component ...)
@@ -2683,29 +2683,29 @@
 CVE-2012-0245
 	RESERVED
 CVE-2012-0244 (Multiple SQL injection vulnerabilities in Advantech/BroadWin
WebAccess ...)
-	TODO: check
+	NOT-FOR-US: Advantech/BroadWin WebAccess
 CVE-2012-0243 (Buffer overflow in an ActiveX control in bwocxrun.ocx in ...)
-	TODO: check
+	NOT-FOR-US: ActiveX
 CVE-2012-0242 (Format string vulnerability in Advantech/BroadWin WebAccess
before 7.0 ...)
-	TODO: check
+	NOT-FOR-US: Advantech/BroadWin WebAccess
 CVE-2012-0241 (Advantech/BroadWin WebAccess before 7.0 allows remote attackers
to ...)
-	TODO: check
+	NOT-FOR-US: Advantech/BroadWin WebAccess
 CVE-2012-0240 (GbScriptAddUp.asp in Advantech/BroadWin WebAccess before 7.0
does not ...)
-	TODO: check
+	NOT-FOR-US: Advantech/BroadWin WebAccess
 CVE-2012-0239 (uaddUpAdmin.asp in Advantech/BroadWin WebAccess before 7.0 does
not ...)
-	TODO: check
+	NOT-FOR-US: Advantech/BroadWin WebAccess
 CVE-2012-0238 (Stack-based buffer overflow in opcImg.asp in Advantech/BroadWin
...)
-	TODO: check
+	NOT-FOR-US: Advantech/BroadWin WebAccess
 CVE-2012-0237 (Advantech/BroadWin WebAccess before 7.0 allows remote attackers
to (1) ...)
-	TODO: check
+	NOT-FOR-US: Advantech/BroadWin WebAccess
 CVE-2012-0236 (Advantech/BroadWin WebAccess 7.0 and earlier allows remote
attackers ...)
-	TODO: check
+	NOT-FOR-US: Advantech/BroadWin WebAccess
 CVE-2012-0235 (Cross-site request forgery (CSRF) vulnerability in
Advantech/BroadWin ...)
-	TODO: check
+	NOT-FOR-US: Advantech/BroadWin WebAccess
 CVE-2012-0234 (SQL injection vulnerability in Advantech/BroadWin WebAccess
before 7.0 ...)
-	TODO: check
+	NOT-FOR-US: Advantech/BroadWin WebAccess
 CVE-2012-0233 (Cross-site scripting (XSS) vulnerability in Advantech/BroadWin
...)
-	TODO: check
+	NOT-FOR-US: Advantech/BroadWin WebAccess
 CVE-2012-0232
 	RESERVED
 CVE-2012-0231
@@ -2723,7 +2723,7 @@
 CVE-2012-0225
 	RESERVED
 CVE-2012-0224 (Untrusted search path vulnerability in 7-Technologies (7T) AQUIS
1.5 ...)
-	TODO: check
+	NOT-FOR-US: 7-Technologies (7T) AQUIS
 CVE-2012-0223
 	RESERVED
 CVE-2012-0222
@@ -2745,7 +2745,7 @@
 CVE-2011-4891
 	RESERVED
 CVE-2011-4890 (The server in IBM solidDB 6.5 before FP9 and 7.0 before FP1
allows ...)
-	TODO: check
+	NOT-FOR-US: IBM solidDB
 CVE-2011-4889
 	RESERVED
 CVE-2011-4888
@@ -2975,7 +2975,7 @@
 CVE-2012-0201
 	RESERVED
 CVE-2012-0200 (The server in IBM solidDB 6.5 before Interim Fix 6 does not
properly ...)
-	TODO: check
+	NOT-FOR-US: IBM solidDB
 CVE-2012-0199
 	RESERVED
 CVE-2012-0198
@@ -3711,7 +3711,7 @@
 CVE-2012-0026
 	REJECTED
 CVE-2012-0025
-	RESERVED
+	NOT-FOR-US: libfpx
 CVE-2012-0024 (MaraDNS before 1.3.07.12 and 1.4.x before 1.4.08 computes hash
values ...)
 	- maradns 1.4.09-1
 	[squeeze] - maradns <no-dsa> (Minor issue)
@@ -3918,7 +3918,7 @@
 	{DSA-2330-1}
 	- simplesamlphp 1.8.1-1
 CVE-2011-4624
-	RESERVED
+	NOT-FOR-US: WordPress flash-album-gallery
 CVE-2011-4623
 	RESERVED
 CVE-2011-4622 (The create_pit_timer function in arch/x86/kvm/i8254.c in KVM 83,
and ...)
@@ -3933,7 +3933,7 @@
 	{DSA-2390-1}
 	- openssl 1.0.0f-1 
 CVE-2011-4618
-	RESERVED
+	NOT-FOR-US: WordPress advanced-text-widget
 CVE-2011-4617 (virtualenv.py in virtualenv before 1.5 allows local users to
overwrite ...)
 	- python-virtualenv 1.4.9-1 (low; bug #652653)
 	[lenny] - python-virtualenv <no-dsa> (Minor issue)
@@ -4014,7 +4014,7 @@
 CVE-2011-4596 (Multiple directory traversal vulnerabilities in OpenStack Nova
before ...)
 	- nova 2012.1~e1-4
 CVE-2011-4595
-	RESERVED
+	NOT-FOR-US: WordPress pretty-link plugin
 CVE-2011-4594
 	RESERVED
 	- linux-2.6 3.1-1
@@ -4193,17 +4193,17 @@
 CVE-2011-4527
 	RESERVED
 CVE-2011-4526 (Buffer overflow in an ActiveX control in Advantech/BroadWin
WebAccess ...)
-	TODO: check
+	NOT-FOR-US: Advantech/BroadWin WebAccess
 CVE-2011-4525 (Advantech/BroadWin WebAccess before 7.0 allows remote attackers
to ...)
-	TODO: check
+	NOT-FOR-US: Advantech/BroadWin WebAccess
 CVE-2011-4524 (Buffer overflow in Advantech/BroadWin WebAccess before 7.0
allows ...)
-	TODO: check
+	NOT-FOR-US: Advantech/BroadWin WebAccess
 CVE-2011-4523 (Cross-site scripting (XSS) vulnerability in bwview.asp in ...)
-	TODO: check
+	NOT-FOR-US: Advantech/BroadWin WebAccess
 CVE-2011-4522 (Cross-site scripting (XSS) vulnerability in bwerrdn.asp in ...)
-	TODO: check
+	NOT-FOR-US: Advantech/BroadWin WebAccess
 CVE-2011-4521 (SQL injection vulnerability in Advantech/BroadWin WebAccess
before 7.0 ...)
-	TODO: check
+	NOT-FOR-US: Advantech/BroadWin WebAccess
 CVE-2011-4520
 	RESERVED
 CVE-2011-4519
@@ -4700,7 +4700,7 @@
 CVE-2011-4344 (Cross-site scripting (XSS) vulnerability in Jenkins Core in
CloudBees ...)
 	- jenkins-winstone 0.9.10-jenkins-29+dfsg-1  (bug #649900)
 CVE-2011-4343
-	RESERVED
+	NOT-FOR-US: Mojarra/MyFaces
 CVE-2011-4342
 	RESERVED
 	NOT-FOR-US: Wordpress plugin
@@ -4794,7 +4794,7 @@
 CVE-2011-4311 (ResourceSpace before 4.2.2833 does not properly validate access
keys, ...)
 	NOT-FOR-US: ResourceSpace
 CVE-2011-4310
-	RESERVED
+	NOT-FOR-US: cmsmadesimple
 CVE-2011-4309 [MSA-11-0041]
 	RESERVED
 	- moodle <not-affected> (Only affects 2.x)
@@ -5232,7 +5232,7 @@
 CVE-2011-4196
 	RESERVED
 CVE-2011-4195
-	RESERVED
+	NOT-FOR-US: kiwi
 CVE-2011-4194 (Buffer overflow in Novell iPrint Server in Novell Open
Enterprise ...)
 	NOT-FOR-US: Novell iPrint
 CVE-2011-4193
@@ -5248,11 +5248,11 @@
 CVE-2011-4188
 	RESERVED
 CVE-2011-4187 (Buffer overflow in the GetDriverSettings function in nipplib.dll
in ...)
-	TODO: check
+	NOT-FOR-US: Novell iPrint Client
 CVE-2011-4186 (Heap-based buffer overflow in nipplib.dll in Novell iPrint
Client ...)
-	TODO: check
+	NOT-FOR-US: Novell iPrint Client
 CVE-2011-4185 (The GetPrinterURLList2 method in the ActiveX control in Novell
iPrint ...)
-	TODO: check
+	NOT-FOR-US: ActiveX
 CVE-2011-4184
 	RESERVED
 CVE-2011-4183
@@ -5450,7 +5450,7 @@
 	[lenny] - phpmyadmin <not-affected> (Vulerable code not present)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=751112
 CVE-2011-4106
-	RESERVED
+	NOT-FOR-US: wordpress plugin timthumb
 CVE-2011-4105 (LightDM before 1.0.6 allows local users to change ownership of
...)
 	- lightdm 1.0.6-2
 CVE-2011-4104
@@ -5491,9 +5491,9 @@
 	- squid3 3.1.16-1
 	[lenny] - squid3 <not-affected> (no IPv6 support)
 CVE-2011-4095
-	RESERVED
+	NOT-FOR-US: Jara
 CVE-2011-4094
-	RESERVED
+	NOT-FOR-US: Jara
 CVE-2011-4093
 	RESERVED
 	- net6 1:1.3.14-1 (low; bug #647318)
@@ -6997,7 +6997,7 @@
 	RESERVED
 	- hardlink <not-affected> (Only the C version, ours are written in
Python)
 CVE-2011-3629
-	RESERVED
+	NOT-FOR-US: Joomla
 CVE-2011-3628
 	RESERVED
 	- pam <unfixed> (low)
@@ -7026,9 +7026,9 @@
 	- vlc 1.1.3-1
 	NOTE: https://bugs.gentoo.org/show_bug.cgi?id=285370
 CVE-2011-3622
-	RESERVED
+	NOT-FOR-US: phorum
 CVE-2011-3621
-	RESERVED
+	NOT-FOR-US: fluxbb
 CVE-2011-3620
 	RESERVED
 CVE-2011-3619
@@ -7178,7 +7178,7 @@
 	[squeeze] - typo3-src <not-affected> (Only affects 4.5.x)
 	[lenny] - typo3-src <not-affected> (Only affects 4.5.x)
 CVE-2011-3582
-	RESERVED
+	NOT-FOR-US: Advanced Electron Forums
 CVE-2011-3581 (Heap-based buffer overflow in the ldns_rr_new_frm_str_internal
...)
 	{DSA-2353-1}
 	- ldns 1.6.11-1 (bug #647297)
@@ -7639,7 +7639,7 @@
 CVE-2011-3415 (Open redirect vulnerability in the Forms Authentication feature
in the ...)
 	NOT-FOR-US: Microsoft ASP.NET
 CVE-2011-3414 (The CaseInsensitiveHashProvider.getHashCode function in the
HashTable ...)
-	TODO: check
+	NOT-FOR-US: Microsoft .NET Framework
 	NOTE: Might affect Mono, pinged maintainers
 CVE-2011-3413 (Microsoft PowerPoint 2007 SP2; Office 2008 for Mac; Office ...)
 	NOT-FOR-US: Microsoft PowerPoint
@@ -7772,7 +7772,7 @@
 	- apt <unfixed> (unimportant; bug #642480)
 	NOTE: Not exploitable in Debian, since no keyring URI is defined
 CVE-2011-3373
-	RESERVED
+	NOT-FOR-US: Views Bulk Operations module for Drupal
 CVE-2011-3372 (imap/nntpd.c in the NNTP server (nntpd) for Cyrus IMAPd 2.4.x
before ...)
 	{DSA-2318-1}
 	- cyrus-imapd-2.2 2.4.11-1 (medium)
@@ -7783,7 +7783,7 @@
 CVE-2011-3371 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
 	NOT-FOR-US: PunBB
 CVE-2011-3370
-	RESERVED
+	NOT-FOR-US: status.net
 CVE-2011-3369 (The add_conversation function in conversations.c in EtherApe
before ...)
 	- etherape 0.9.12-1 (low; bug #645324)
 	[lenny] - etherape <no-dsa> (Minor issue)
@@ -7852,7 +7852,7 @@
 	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in commit
3b463ae0)
 	[squeeze] - linux-2.6 2.6.32-36
 CVE-2011-3352
-	RESERVED
+	NOT-FOR-US: Zikula
 CVE-2011-3351
 	RESERVED
 	- openvas-scanner <unfixed> (bug #641327; low)
@@ -8301,7 +8301,7 @@
 	- pidgin 2.10.0-1 (unimportant)
 	NOTE: Only exploitable by a malicious MSN server to crash the client
 CVE-2011-3183
-	RESERVED
+	NOT-FOR-US: Concrete CMS
 CVE-2011-3182 (PHP before 5.3.7 does not properly check the return values of
the ...)
 	- php5 5.3.7-1 (unimportant)
 	NOTE: exploitable by malicious scripts only
@@ -8310,7 +8310,7 @@
 	- phpmyadmin 4:3.4.4-1
 	[lenny] - phpmyadmin <not-affected> (Vulnerable code not present)
 CVE-2011-3180
-	RESERVED
+	NOT-FOR-US: Suse kiwi
 CVE-2011-3179 (The server process in Novell Messenger 2.1 and 2.2.x before
2.2.1, and ...)
 	NOT-FOR-US: Novell Messenger
 CVE-2011-3178
@@ -9055,13 +9055,13 @@
 CVE-2011-2937 (Cross-site scripting (XSS) vulnerability in the UI messages ...)
 	- roundcube 0.5.4+dfsg-1 (bug #641996)
 CVE-2011-2936
-	RESERVED
+	NOT-FOR-US: Elgg
 CVE-2011-2935
-	RESERVED
+	NOT-FOR-US: Elgg
 CVE-2011-2934
-	RESERVED
+	NOT-FOR-US: WebsiteBaker
 CVE-2011-2933
-	RESERVED
+	NOT-FOR-US: WebsiteBaker
 CVE-2011-2932 (Cross-site scripting (XSS) vulnerability in ...)
 	- rails 2.3.14
 CVE-2011-2931 (Cross-site scripting (XSS) vulnerability in the strip_tags
helper in ...)
@@ -9144,7 +9144,7 @@
 	- torque 2.4.15+dfsg-1
 	[squeeze] - torque <no-dsa> (Not fixable, would need an update to a
release with MUNGE support, clusters typically run in locked down environments)
 CVE-2011-2906
-	RESERVED
+	NOT-FOR-US: ** REJECT **
 CVE-2011-2905
 	RESERVED
 	{DSA-2303-1}
@@ -9737,7 +9737,7 @@
 CVE-2011-2728
 	RESERVED
 CVE-2011-2727
-	RESERVED
+	NOT-FOR-US: Tribiq CMS
 CVE-2011-2726 [SA-CORE-2011-003]
 	RESERVED
 	- drupal7 7.6-1
@@ -9809,7 +9809,7 @@
 	RESERVED
 	- linux-2.6 <not-affected> (xtensa arch not used in Debian)
 CVE-2011-2706
-	RESERVED
+	NOT-FOR-US: sNews
 CVE-2011-2705 (The SecureRandom.random_bytes function in lib/securerandom.rb in
Ruby ...)
 	- ruby1.8 1.8.7.352-1 (low; bug #635878)
 	- ruby1.9 <unfixed> (low)
@@ -10379,7 +10379,7 @@
 	[lenny] - nfs-utils <not-affected> (Introduced in 1.2.3)
 	[squeeze] - nfs-utils <not-affected> (Introduced in 1.2.3)
 CVE-2011-2499
-	RESERVED
+	NOT-FOR-US: Mambo CMS
 CVE-2011-2498
 	RESERVED
 	- linux-2.6 2.6.39-1 (low)
@@ -11573,7 +11573,7 @@
 CVE-2011-2055
 	RESERVED
 CVE-2011-2054
-	RESERVED
+	NOT-FOR-US: ** REJECT ** CVE-2011-2054 misused as CVE-2011-2524
 CVE-2011-2053
 	RESERVED
 CVE-2011-2052
@@ -11916,7 +11916,7 @@
 CVE-2011-1915 (SQL injection vulnerability in eClient 7.3.2.3 in Enspire
Distribution ...)
 	NOT-FOR-US: Enspire Distribution Management Solution
 CVE-2011-1914 (Buffer overflow in the Advantech ADAM OLE for Process Control
(OPC) ...)
-	TODO: check
+	NOT-FOR-US: ActiveX
 CVE-2011-1913 (SQL injection vulnerability in the login form in the web
interface in ...)
 	NOT-FOR-US: Mercator SENTINEL
 CVE-2011-1912
@@ -12823,7 +12823,7 @@
 	RESERVED
 	NOT-FOR-US: OpenVAS Manager
 CVE-2011-1596
-	RESERVED
+	NOT-FOR-US: ** REJECT ** (regular bug in gnome-screensaver-dialog)
 CVE-2011-1595 (Directory traversal vulnerability in the disk_create function in
...)
 	- rdesktop 1.7.0-1 (low; bug #623552)
 	[squeeze] - rdesktop <no-dsa> (Minor issue)
@@ -13236,7 +13236,7 @@
 CVE-2011-1475 (The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does
not ...)
 	- tomcat6 <not-affected> (Only affects Tomcat 7)
 CVE-2011-1474
-	RESERVED
+	NOT-FOR-US: PaX patched kernels
 CVE-2011-1473
 	RESERVED
 CVE-2011-1472 (The Nokia E75 phone with firmware before 211.12.01 allows
physically ...)
@@ -13626,7 +13626,7 @@
 CVE-2011-1363
 	RESERVED
 CVE-2011-1362 (Cross-site scripting (XSS) vulnerability in the Installation
...)
-	TODO: check
+	NOT-FOR-US: IBM WebSphere Application Server
 CVE-2011-1361
 	RESERVED
 CVE-2011-1360 (Multiple cross-site scripting (XSS) vulnerabilities in IBM HTTP
Server ...)
@@ -14215,9 +14215,9 @@
 CVE-2011-1152
 	REJECTED
 CVE-2011-1151
-	RESERVED
+	NOT-FOR-US: Joomla!
 CVE-2011-1150
-	RESERVED
+	NOT-FOR-US: bbPress
 CVE-2011-1149 (Android before 2.3 does not properly restrict access to the
system ...)
 	NOT-FOR-US: Android
 CVE-2011-1148 (Use-after-free vulnerability in the substr_replace function in
PHP ...)
@@ -14433,7 +14433,7 @@
 CVE-2011-1097 (rsync 3.x before 3.0.8, when certain recursion, deletion, and
...)
 	- rsync 3.0.8 (low; bug #621866)
 CVE-2011-1096
-	RESERVED
+	NOT-FOR-US: alleged flaw in W3C XML Encryption standard. Nothing specific to
fix
 CVE-2011-1095 (locale/programs/locale.c in locale in the GNU C Library (aka
glibc or ...)
 	- glibc <removed>
 	[lenny] - glibc <no-dsa> (Minor issue)
@@ -14476,11 +14476,11 @@
 	NOTE: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4931.php
 	NOTE: obscure exploit scenario
 CVE-2011-1086
-	RESERVED
+	NOT-FOR-US: openfiler
 CVE-2011-1085
-	RESERVED
+	NOT-FOR-US: smoothwall
 CVE-2011-1084
-	RESERVED
+	NOT-FOR-US: smoothwall
 CVE-2011-1083 (The epoll implementation in the Linux kernel 2.6.37.2 and
earlier does ...)
 	- linux-2.6 <unfixed> (low)
 CVE-2011-1082 (fs/eventpoll.c in the Linux kernel before 2.6.38 places epoll
file ...)
@@ -14525,7 +14525,7 @@
 	[squeeze] - v86d 0.1.9-1+squeeze1
 	[lenny] - v86d 0.1.5.2-1+lenny1
 CVE-2011-1069
-	RESERVED
+	NOT-FOR-US: PHPShop
 CVE-2011-1068 (Microsoft Windows Azure Software Development Kit (SDK) 1.3.x
before ...)
 	NOT-FOR-US: Microsoft Windows Azure SDK
 CVE-2011-1067 (slapd (aka ns-slapd) in 389 Directory Server before 1.2.8.a2
does not ...)
@@ -17066,7 +17066,7 @@
 	- chromium-browser <undetermined>
 	- webkit <undetermined>
 CVE-2011-0241 (Heap-based buffer overflow in ImageIO in Apple Safari before
5.0.6 ...)
-	TODO: check
+	NOT-FOR-US: Apple Safari
 CVE-2011-0240 (WebKit, as used in Apple Safari before 5.0.6, allows remote
attackers ...)
 	- chromium-browser <undetermined>
 	- webkit <undetermined>
@@ -17802,7 +17802,7 @@
 CVE-2010-4563 (The Linux kernel, when using IPv6, allows remote attackers to
...)
 	TODO: check
 CVE-2010-4562 (Microsoft Windows 2008, 7, Vista, 2003, 2000, and XP, when using
IPv6, ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Windows
 CVE-2010-4561
 	RESERVED
 CVE-2010-4560
@@ -26789,7 +26789,7 @@
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=27751
 	NOTE: http://trac.webkit.org/changeset/58703
 CVE-2010-1420 (Cross-site scripting (XSS) vulnerability in CFNetwork in Apple
Safari ...)
-	TODO: check
+	NOT-FOR-US: Apple Safari
 CVE-2010-1419 (Use-after-free vulnerability in WebKit in Apple Safari before
5.0 on ...)
 	- webkit 1.2.1-2
 	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
Secure testing commits - Feb 2012 - r18516 - data/CVE

[Secure-testing-commits] r18516 - data/CVE
