thr3ads.net - Secure testing commits - [Secure-testing-commits] r19155

If this information is useful, please help other people find it:
Share via:
Helmut Grohne
2012-May-06 12:16 UTC
[Secure-testing-commits] r19155 - data/CVE

Author: helmut-guest
Date: 2012-05-06 12:16:10 +0000 (Sun, 06 May 2012)
New Revision: 19155

Modified:
   data/CVE/list
Log:
NFUs, <itp>s, gallery2 <undetermined>, vlc filed

Note that owncloud and hadoop do have ITPs. They are no longer NFUs.

Modified: data/CVE/list
==================================================================---
data/CVE/list	2012-05-05 19:27:15 UTC (rev 19154)
+++ data/CVE/list	2012-05-06 12:16:10 UTC (rev 19155)
@@ -90,7 +90,7 @@
 CVE-2012-2406
 	RESERVED
 CVE-2012-2405 (Gallery 2 before 2.3.2 and 3 before 3.0.3 does not properly
implement ...)
-	TODO: check
+	- gallery2 <undetermined>
 CVE-2012-2404 (wp-comments-post.php in WordPress before 3.3.2 supports offsite
...)
 	- wordpress 3.3.2+dfsg-1 (bug #670124)
 CVE-2012-2403 (wp-includes/formatting.php in WordPress before 3.3.2 attempts to
...)
@@ -213,11 +213,11 @@
 	{DSA-2460-1}
 	- asterisk 1:1.8.11.1~dfsg-1 (bug #670180)
 CVE-2012-2398 (Cross-site scripting (XSS) vulnerability in
files/ajax/download.php in ...)
-	NOT-FOR-US: ownCloud
+	- owncloud <itp> (bug #648674)
 CVE-2012-2397 (Cross-site request forgery (CSRF) vulnerability in ownCloud
3.0.2 ...)
-	NOT-FOR-US: ownCloud
+	- owncloud <itp> (bug #648674)
 CVE-2012-2396 (VideoLAN VLC media player 2.0.1 allows remote attackers to cause
a ...)
-	TODO: check
+	- vlc <unfixed> (bug #671727)
 CVE-2012-2395
 	RESERVED
 CVE-2012-2394
@@ -491,9 +491,9 @@
 CVE-2012-2271
 	RESERVED
 CVE-2012-2270 (Open redirect vulnerability in index.php (aka the Login Page) in
...)
-	NOT-FOR-US: ownCloud
+	- owncloud <itp> (bug #648674)
 CVE-2012-2269 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud
3.0.0 ...)
-	NOT-FOR-US: ownCloud
+	- owncloud <itp> (bug #648674)
 CVE-2011-5089 (Buffer overflow in the Security Login ActiveX controls in
ICONICS ...)
 	NOT-FOR-US: ICONICS, BizViz
 CVE-2011-5088 (The GENESIS32 IcoSetServer ActiveX control in ICONICS GENESIS32
9.21 ...)
@@ -571,7 +571,7 @@
 CVE-2012-2235
 	RESERVED
 CVE-2012-2234 (Cross-site scripting (XSS) vulnerability in
sources/users.queries.php ...)
-	TODO: check
+	NOT-FOR-US: TeamPass.net
 CVE-2012-2233
 	RESERVED
 CVE-2012-2232
@@ -2148,7 +2148,7 @@
 CVE-2012-1575 (Multiple cross-site scripting (XSS) vulnerabilities in Cumin
before ...)
 	NOT-FOR-US: cumin
 CVE-2012-1574 (The Kerberos/MapReduce security functionality in Apache Hadoop
...)
-	NOT-FOR-US: Apache Hadoop
+	- hadoop <itp> (bug #535861)
 CVE-2012-1573 (gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x
before ...)
 	{DSA-2441-1}
 	- gnutls26 2.12.18-1 (high)
@@ -4194,13 +4194,13 @@
 CVE-2012-0744
 	RESERVED
 CVE-2012-0743 (IBM Tivoli Directory Server (TDS) 6.3 and earlier allows remote
...)
-	TODO: check
+	NOT-FOR-US: IBM Tivoli Directory Server
 CVE-2012-0742 (IBM Tivoli Event Pump 4.2.2, when the LOG_REQUESTS and ...)
 	NOT-FOR-US: IBM Tivoli Event Pump
 CVE-2012-0741
 	RESERVED
 CVE-2012-0740 (Cross-site scripting (XSS) vulnerability in the Web Admin Tool
in IBM ...)
-	TODO: check
+	NOT-FOR-US: IBM Tivoli Directory Server
 CVE-2012-0739
 	RESERVED
 CVE-2012-0738
@@ -4228,11 +4228,11 @@
 CVE-2012-0727
 	RESERVED
 CVE-2012-0726 (The default configuration of TLS in IBM Tivoli Directory Server
(TDS) ...)
-	TODO: check
+	NOT-FOR-US: IBM Tivoli Directory Server
 CVE-2012-0725 (Adobe Flash Player before 11.2.202.229 in Google Chrome before
...)
-	TODO: check
+	NOT-FOR-US: Adobe Flash Player
 CVE-2012-0724 (Adobe Flash Player before 11.2.202.229 in Google Chrome before
...)
-	TODO: check
+	NOT-FOR-US: Adobe Flash Player
 CVE-2012-0723
 	RESERVED
 CVE-2012-0722
@@ -4264,7 +4264,7 @@
 CVE-2012-0709 (IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4
does not ...)
 	NOT-FOR-US: IBM DB2
 CVE-2012-0708 (Heap-based buffer overflow in the Ole API in the CQOle ActiveX
control ...)
-	TODO: check
+	NOT-FOR-US: IBM Rational ClearQuest
 CVE-2012-0707 (Cross-site scripting (XSS) vulnerability in IBM WebSphere
Lombardi ...)
 	NOT-FOR-US: IBM WebSphere
 CVE-2012-0706
@@ -5106,9 +5106,9 @@
 CVE-2012-0408
 	RESERVED
 CVE-2012-0407 (Integer overflow in the DPA_Utilities library in EMC Data
Protection ...)
-	TODO: check
+	NOT-FOR-US: emc.com Data Protection Advisor
 CVE-2012-0406 (The DPA_Utilities.cProcessAuthenticationData function in EMC
Data ...)
-	TODO: check
+	NOT-FOR-US: emc.com Data Protection Advisor
 CVE-2012-0405
 	RESERVED
 CVE-2012-0404 (Cross-site scripting (XSS) vulnerability in EMC Documentum eRoom
...)
@@ -6028,13 +6028,13 @@
 CVE-2011-4884
 	RESERVED
 CVE-2011-4883 (The web server in Certec atvise webMI2ADS (aka webMI) before
2.0.2 ...)
-	TODO: check
+	NOT-FOR-US: atvise.com webMI
 CVE-2011-4882 (The web server in Certec atvise webMI2ADS (aka webMI) before
2.0.2 ...)
-	TODO: check
+	NOT-FOR-US: atvise.com webMI
 CVE-2011-4881 (The web server in Certec atvise webMI2ADS (aka webMI) before
2.0.2 ...)
-	TODO: check
+	NOT-FOR-US: atvise.com webMI
 CVE-2011-4880 (Directory traversal vulnerability in the web server in Certec
atvise ...)
-	TODO: check
+	NOT-FOR-US: atvise.com webMI
 CVE-2011-4879 (miniweb.exe in the HMI web server in Siemens WinCC flexible
2004, ...)
 	NOT-FOR-US: Siemens WinCC
 CVE-2011-4878 (Directory traversal vulnerability in miniweb.exe in the HMI web
server ...)
@@ -6052,7 +6052,7 @@
 CVE-2011-4872 (Multiple HTC Android devices including Desire HD FRG83D and
GRI40, ...)
 	NOT-FOR-US: Android devices
 CVE-2011-4871 (Open Automation Software OPC Systems.NET before 5.0 allows
remote ...)
-	TODO: check
+	NOT-FOR-US: opcsystems.com
 CVE-2011-4870 (Multiple buffer overflows in the (1) GUIControls, (2)
BatchObjSrv, and ...)
 	NOT-FOR-US: Invensys Wonderware
 CVE-2011-4869 (validator/val_nsec3.c in Unbound before 1.4.13p2 does not
properly ...)
@@ -6450,7 +6450,7 @@
 CVE-2012-0135 (Unspecified vulnerability in HP System Management Homepage (SMH)
...)
 	NOT-FOR-US: HP System Management Homepage
 CVE-2012-0134 (Unspecified vulnerability in HP OpenVMS 7.3-2 on the Alpha
platform, ...)
-	TODO: check
+	NOT-FOR-US: HP OpenVMS
 CVE-2012-0133 (HP ProCurve 5400 zl switches with certain serial numbers include
a ...)
 	NOT-FOR-US: HP ProCurve
 CVE-2012-0132 (Cross-site scripting (XSS) vulnerability in HP Business
Availability ...)
@@ -13926,7 +13926,7 @@
 	[squeeze] - linux-2.6 <not-affected> (Vulnerable code introduced in
2.6.38)
 	[lenny] - linux-2.6 <not-affected> (Vulnerable code introduced in
2.6.38)
 CVE-2011-2478 (Google SketchUp before 8 does not properly handle edge geometry
in ...)
-	TODO: check
+	NOT-FOR-US: Google SketchUp
 CVE-2011-2470 (Cross-site scripting (XSS) vulnerability in
chat/base/admin/login.php ...)
 	NOT-FOR-US: A Really Simple Chat
 CVE-2011-2469
Secure testing commits - May 2012 - r19155 - data/CVE

[Secure-testing-commits] r19155 - data/CVE
