thr3ads.net - Secure testing commits - [Secure-testing-commits] r19881

If this information is useful, please help other people find it:
Share via:
Helmut Grohne
2012-Aug-04 17:42 UTC
[Secure-testing-commits] r19881 - data/CVE

Author: helmut-guest
Date: 2012-08-04 17:42:26 +0000 (Sat, 04 Aug 2012)
New Revision: 19881

Modified:
   data/CVE/list
Log:
tikiwiki is not NFU but removed
hadoop is not NFU but itp
more webkit undetermined

Modified: data/CVE/list
==================================================================---
data/CVE/list	2012-08-04 17:22:00 UTC (rev 19880)
+++ data/CVE/list	2012-08-04 17:42:26 UTC (rev 19881)
@@ -316,7 +316,7 @@
 CVE-2012-3997 (Multiple cross-site scripting (XSS) vulnerabilities in Sticky
Notes ...)
 	NOT-FOR-US: Sticky Notes
 CVE-2012-3996 (TikiWiki CMS/Groupware 8.3 and earlier allows remote attackers
to ...)
-	NOT-FOR-US: TikiWiki
+	- tikiwiki <removed>
 CVE-2012-3995
 	RESERVED
 CVE-2012-3994
@@ -667,7 +667,7 @@
 CVE-2012-3827
 	RESERVED
 CVE-2011-5096 (Stack-based buffer overflow in cstore.exe in the Media
Application ...)
-	NOT-FOR-US: Not in Debian
+	NOT-FOR-US: Avaya Aura Application Server
 CVE-2012-3826 (Multiple integer underflows in Wireshark 1.4.x before 1.4.13 and
1.6.x ...)
 	- wireshark 1.6.8-1 (unimportant)
 	[squeeze] - wireshark <not-affected> (vulnerable code appeared in
1.4/1.6)
@@ -714,7 +714,7 @@
 CVE-2012-3812 (Double free vulnerability in apps/app_voicemail.c in Asterisk
Open ...)
 	- asterisk <unfixed> (bug #680470)
 CVE-2012-3811 (Unrestricted file upload vulnerability in ImageUpload.ashx in
the ...)
-	NOT-FOR-US: Not in Debian
+	NOT-FOR-US: Avaya IP Office Customer Call Reporter
 CVE-2012-3810
 	RESERVED
 CVE-2012-3809
@@ -1727,7 +1727,7 @@
 	NOTE:
http://git.videolan.org/?p=vlc/vlc-2.0.git;a=commitdiff;h=16e9e126333fb7acb47d363366fee3deadc8331e
 	NOTE: http://securitytracker.com/id/1027224
 CVE-2012-3376 (DataNodes in Apache Hadoop 2.0.0 alpha does not check the
BlockTokens ...)
-	NOT-FOR-US: Apache Hadoop
+	- hadoop <itp> (bug #535861)
 	NOTE: http://seclists.org/bugtraq/2012/Jul/48
 CVE-2012-3375
 	RESERVED
@@ -2518,7 +2518,7 @@
 CVE-2012-3008 (Stack-based buffer overflow in OSIsoft PI OPC DA Interface
before ...)
 	NOT-FOR-US: OSIsoft PI OPC DA Interface
 CVE-2012-3007 (Stack-based buffer overflow in slssvc.exe before 58.x in
Invensys ...)
-	NOT-FOR-US: Not in Debian
+	NOT-FOR-US: Invensys Wonderware SuiteLink
 CVE-2012-3006 (The Innominate mGuard Smart HW before HW-101130 and BD before
...)
 	NOT-FOR-US: Innominate mGuard Smart
 CVE-2012-3005 (Untrusted search path vulnerability in Invensys Wonderware
InTouch ...)
@@ -2647,7 +2647,7 @@
 	RESERVED
 CVE-2012-2945
 	RESERVED
-	NOT-FOR-US: Hadoop
+	- hadoop <itp> (bug #535861)
 CVE-2010-5140
 	RESERVED
 CVE-2010-5139
@@ -3562,9 +3562,9 @@
 CVE-2012-2561 (HP Business Service Management (BSM) 9.12 does not properly
restrict ...)
 	NOT-FOR-US: HP Business Service Management
 CVE-2012-2560 (Directory traversal vulnerability in WellinTech KingView 6.53
allows ...)
-	NOT-FOR-US: Not in Debian
+	NOT-FOR-US: WellinTech KingView
 CVE-2012-2559 (WellinTech KingHistorian 3.0 allows remote attackers to execute
...)
-	NOT-FOR-US: Not in Debian
+	NOT-FOR-US: WellinTech KingHistorian
 CVE-2012-2558
 	RESERVED
 CVE-2012-2557
@@ -6134,7 +6134,7 @@
 CVE-2012-1575 (Multiple cross-site scripting (XSS) vulnerabilities in Cumin
before ...)
 	NOT-FOR-US: cumin
 CVE-2012-1574 (The Kerberos/MapReduce security functionality in Apache Hadoop
...)
-	NOT-FOR-US: Hadoop
+	- hadoop <itp> (bug #535861)
 CVE-2012-1573 (gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x
before ...)
 	{DSA-2441-1}
 	- gnutls26 2.12.18-1 (high)
@@ -6258,7 +6258,7 @@
 CVE-2012-1521 (Use-after-free vulnerability in the XML parser in Google Chrome
before ...)
 	- chromium-browser 18.0.1025.168~r134367-1
 CVE-2012-1520 (WebKit, as used in Apple Safari before 6.0, allows remote
attackers to ...)
-	TODO: check
+	- webkit <undetermined>
 CVE-2012-1519
 	RESERVED
 CVE-2012-1518 (VMware Workstation 8.x before 8.0.2, VMware Player 4.x before
4.0.2, ...)
@@ -7710,7 +7710,7 @@
 CVE-2012-0912 (SQL injection vulnerability in Stoneware webNetwork before
6.0.8.0 ...)
 	NOT-FOR-US: Stoneware webNetwork
 CVE-2012-0911 (TikiWiki CMS/Groupware before 6.7 LTS and before 8.4 allows
remote ...)
-	NOT-FOR-US: Tiki Wiki
+	- tikiwiki <removed>
 	NOTE: http://seclists.org/bugtraq/2012/Jul/19
 CVE-2012-0910
 	RESERVED
@@ -8329,9 +8329,9 @@
 CVE-2012-0684 (Integer overflow in XnViewer (aka XnView) before 1.98.5 allows
remote ...)
 	NOT-FOR-US: XnView
 CVE-2012-0683 (WebKit, as used in Apple Safari before 6.0, allows remote
attackers to ...)
-	TODO: check
+	- webkit <undetermined>
 CVE-2012-0682 (WebKit, as used in Apple Safari before 6.0, allows remote
attackers to ...)
-	TODO: check
+	- webkit <undetermined>
 CVE-2012-0681
 	RESERVED
 CVE-2012-0680 (Apple Safari before 6.0 does not properly handle the
autocomplete ...)
@@ -11423,7 +11423,7 @@
 	NOT-FOR-US: vTiger
 CVE-2011-4558
 	RESERVED
-	NOT-FOR-US: TikiWiki
+	- tikiwiki <removed>
 	NOTE: http://osvdb.org/show/osvdb/78013
 	NOTE: http://dev.tiki.org/item4059
 	NOTE:
http://info.tiki.org/article185-Tiki-Security-Patches-Available-for-8-3-and-6-6-LTS
@@ -11441,7 +11441,7 @@
 	NOT-FOR-US: One Click Orgs
 CVE-2011-4551
 	RESERVED
-	NOT-FOR-US: TikiWiki
+	- tikiwiki <removed>
 CVE-2011-4550
 	RESERVED
 CVE-2011-4549
@@ -11694,12 +11694,12 @@
 	REJECTED
 CVE-2011-4455
 	RESERVED
-	NOT-FOR-US: TikiWiki
+	- tikiwiki <removed>
 	NOTE: http://osvdb.org/show/osvdb/77156
 	NOTE: http://secunia.com/advisories/46740/
 CVE-2011-4454
 	RESERVED
-	NOT-FOR-US: TikiWiki
+	- tikiwiki <removed>
 	NOTE: http://osvdb.org/show/osvdb/77155
 	NOTE: http://secunia.com/advisories/46740/
 CVE-2011-4453 (The PageListSort function in scripts/pagelist.php in PmWiki 2.x
before ...)
@@ -26353,13 +26353,13 @@
 	- linux-2.6 2.6.32-28 
 CVE-2010-4241
 	RESERVED
-	NOT-FOR-US: TikiWiki
+	- tikiwiki <removed>
 CVE-2010-4240
 	RESERVED
-	NOT-FOR-US: TikiWiki
+	- tikiwiki <removed>
 CVE-2010-4239
 	RESERVED
-	NOT-FOR-US: TikiWiki
+	- tikiwiki <removed>
 CVE-2010-4238 (The vbd_create function in Xen 3.1.2, when the Linux kernel
2.6.18 on ...)
 	- linux-2.6 <not-affected> (RedHat-specific issue, does not affect
Xen-upstream/Debian)
 CVE-2010-4236 (Untrusted search path vulnerability in estaskwrapper in IBM
OmniFind ...)
@@ -35201,13 +35201,13 @@
 CVE-2009-4753 (Multiple buffer overflows in the FTP server on the Addonics NAS
...)
 	NOT-FOR-US: Addonics NAS Adapter NASU2FW41
 CVE-2010-1136 (The Standard Remember method in TikiWiki CMS/Groupware 3.x
before 3.5 ...)
-	NOT-FOR-US: TikiWiki
+	- tikiwiki <removed>
 CVE-2010-1135 (The user_logout function in TikiWiki CMS/Groupware 4.x before
4.2 does ...)
-	NOT-FOR-US: TikiWiki
+	- tikiwiki <removed>
 CVE-2010-1134 (SQL injection vulnerability in the _find function in
searchlib.php in ...)
-	NOT-FOR-US: TikiWiki
+	- tikiwiki <removed>
 CVE-2010-1133 (Multiple SQL injection vulnerabilities in TikiWiki CMS/Groupware
4.x ...)
-	NOT-FOR-US: TikiWiki
+	- tikiwiki <removed>
 CVE-2010-1131 (JavaScriptCore.dll, as used in Apple Safari 4.0.5 on Windows XP
SP3, ...)
 	- webkit <undetermined> (unimportant)
 	NOTE: browser crashes are not considered security-relevant
@@ -43778,7 +43778,7 @@
 CVE-2008-7016 (tnftpd before 20080929 splits large command strings into
multiple ...)
 	NOT-FOR-US: tnftpd
 CVE-2003-1574 (TikiWiki 1.6.1 allows remote attackers to bypass authentication
by ...)
-	NOT-FOR-US: TikiWiki
+	- tikiwiki <removed>
 CVE-2009-3026 (protocols/jabber/auth.c in libpurple in Pidgin 2.6.0, and
possibly ...)
 	- pidgin 2.6.1-1 (low; bug #542891)
 	[lenny] - pidgin 2.4.3-4lenny4
@@ -49430,7 +49430,7 @@
 CVE-2009-1205
 	REJECTED
 CVE-2009-1204 (Cross-site scripting (XSS) vulnerability in TikiWiki (Tiki) ...)
-	NOT-FOR-US: TikiWiki
+	- tikiwiki <removed>
 CVE-2009-1203 (WebVPN on the Cisco Adaptive Security Appliances (ASA) device
with ...)
 	NOT-FOR-US: Cisco
 CVE-2009-1202 (WebVPN on the Cisco Adaptive Security Appliances (ASA) device
with ...)
Secure testing commits - Aug 2012 - r19881 - data/CVE

[Secure-testing-commits] r19881 - data/CVE
