thr3ads.net - Secure testing commits - [Secure-testing-commits] r20050

If this information is useful, please help other people find it:
Share via:
Moritz Muehlenhoff
2012-Aug-30 06:44 UTC
[Secure-testing-commits] r20050 - data/CVE

Author: jmm
Date: 2012-08-30 06:44:20 +0000 (Thu, 30 Aug 2012)
New Revision: 20050

Modified:
   data/CVE/list
Log:
new munin issue (not in stable)
NFUs
ITP issues in silverstripe and newscoop
filed bugs for isc-dhcp
remove stray mod-rpaf temp entry


Modified: data/CVE/list
==================================================================---
data/CVE/list	2012-08-29 21:14:27 UTC (rev 20049)
+++ data/CVE/list	2012-08-30 06:44:20 UTC (rev 20050)
@@ -1,3 +1,5 @@
+CVE-2012-XXXX 
+	- juju 0.5.1-2 (bug #685728)
 CVE-2012-4681 (Oracle Java 7 Update 6, and possibly other versions, allows
remote ...)
 	- openjdk-7 <unfixed>
 	- openjdk-6 <unfixed>
@@ -2,25 +4,26 @@
 CVE-2012-4680 (Directory traversal vulnerability in the XML Server in IOServer
before ...)
-	TODO: check
+	NOT-FOR-US: IOServer
 CVE-2012-4679 (Cross-site scripting (XSS) vulnerability in admin/login.php in
...)
-	TODO: check
+	- newscoop <itp> (bug #604113)
 CVE-2012-4678 (munin-cgi-graph for Munin 2.0 rc4 does not delete temporary
files, ...)
-	TODO: check
+	- munin 2.0~rc6-1 (low; bug #668667)
+	[squeeze] - munin <not-affected> (Only affects 2.x branch)
 CVE-2012-4677 (Tunnelblick 3.3beta20 and earlier allows local users to gain
...)
-	TODO: check
+	NOT-FOR-US: Tunnelblick
 CVE-2012-4676 (The errorExitIfAttackViaString function in Tunnelblick 3.3beta20
and ...)
-	TODO: check
+	NOT-FOR-US: Tunnelblick
 CVE-2012-4675 (Cross-site scripting (XSS) vulnerability in PluXml 5.1.6 allows
remote ...)
-	TODO: check
+	NOT-FOR-US: PluXml 
 CVE-2012-4674 (PluXml before 5.1.6 allows remote attackers to obtain the
installation ...)
-	TODO: check
+	NOT-FOR-US: PluXml 
 CVE-2012-4673 (SQL injection vulnerability in
application/controllers/invoice.php in ...)
-	TODO: check
+	NOT-FOR-US: Neoinvoice
 CVE-2012-4672 (Apple iChat Server does not verify that a request was made for
an XMPP ...)
-	TODO: check
+	NOT-FOR-US: Apple iChat Server
 CVE-2012-4671 (psyced before 20120821 does not verify that a request was made
for an ...)
-	TODO: check
+	NOT-FOR-US: psyced
 CVE-2012-4670 (Tigase XMPP Server before 5.1.0 does not verify that a request
was ...)
-	TODO: check
+	NOT-FOR-US: Tigase
 CVE-2012-4669 (M-Link R14.6 before R14.6v14 and R15.1 before R15.1v10 does not
verify ...)
-	TODO: check
+	NOT-FOR-US: M-Link
 CVE-2012-4666
@@ -146,131 +149,131 @@
 CVE-2012-4607
 	RESERVED
 CVE-2011-5127 (Directory traversal vulnerability in Blue Coat Reporter 9.x
before ...)
-	TODO: check
+	NOT-FOR-US: Blue Coat
 CVE-2011-5126 (Blue Coat ProxySG 6.1 before SGOS 6.1.5.1 and 6.2 before SGOS
6.2.2.1 ...)
-	TODO: check
+	NOT-FOR-US: Blue Coat
 CVE-2011-5125 (Cross-site scripting (XSS) vulnerability in Blue Coat Director
before ...)
-	TODO: check
+	NOT-FOR-US: Blue Coat
 CVE-2011-5124 (Stack-based buffer overflow in the BCAAA component before build
60258, ...)
-	TODO: check
+	NOT-FOR-US: Blue Coat
 CVE-2011-5123 (The Antivirus component in Comodo Internet Security before ...)
-	TODO: check
+	NOT-FOR-US: Comodo Internet Security
 CVE-2011-5122 (The Antivirus component in Comodo Internet Security before ...)
-	TODO: check
+	NOT-FOR-US: Comodo Internet Security
 CVE-2011-5121 (The Antivirus component in Comodo Internet Security before ...)
-	TODO: check
+	NOT-FOR-US: Comodo Internet Security
 CVE-2011-5120 (The Antivirus component in Comodo Internet Security before ...)
-	TODO: check
+	NOT-FOR-US: Comodo Internet Security
 CVE-2011-5119 (Multiple race conditions in Comodo Internet Security before ...)
-	TODO: check
+	NOT-FOR-US: Comodo Internet Security
 CVE-2011-5118 (Multiple race conditions in Comodo Internet Security before ...)
-	TODO: check
+	NOT-FOR-US: Comodo Internet Security
 CVE-2010-5192 (Cross-site scripting (XSS) vulnerability in the Java Management
...)
-	TODO: check
+	NOT-FOR-US: Blue Coat
 CVE-2010-5191 (Multiple cross-site request forgery (CSRF) vulnerabilities on
the Blue ...)
-	TODO: check
+	NOT-FOR-US: Blue Coat
 CVE-2010-5190 (The Active Content Transformation functionality in Blue Coat
ProxySG ...)
-	TODO: check
+	NOT-FOR-US: Blue Coat
 CVE-2010-5189 (Blue Coat ProxySG before SGOS 4.3.4.1, 5.x before SGOS 5.4.5.1,
5.5 ...)
-	TODO: check
+	NOT-FOR-US: Blue Coat
 CVE-2010-5188 (SilverStripe 2.3.x before 2.3.6 allows remote attackers to
obtain ...)
-	TODO: check
+	- silverstripe <itp> (bug #528461)
 CVE-2010-5187 (SilverStripe 2.3.x before 2.3.8 and 2.4.x before 2.4.1, when
running ...)
-	TODO: check
+	- silverstripe <itp> (bug #528461)
 CVE-2010-5186 (The Antivirus component in Comodo Internet Security before ...)
-	TODO: check
+	NOT-FOR-US: Comodo Internet Security
 CVE-2010-5185 (The Antivirus component in Comodo Internet Security before ...)
-	TODO: check
+	NOT-FOR-US: Comodo Internet Security
 CVE-2010-5184 (** DISPUTED ** Race condition in ZoneAlarm Extreme Security ...)
-	TODO: check
+	NOT-FOR-US: Anti virus snake oil
 CVE-2010-5183 (** DISPUTED ** Race condition in Webroot Internet Security
Essentials ...)
-	TODO: check
+	NOT-FOR-US: Anti virus snake oil
 CVE-2010-5182 (** DISPUTED ** Race condition in VirusBuster Internet Security
Suite ...)
-	TODO: check
+	NOT-FOR-US: Anti virus snake oil
 CVE-2010-5181 (** DISPUTED ** Race condition in VIPRE Antivirus Premium
4.0.3272 on ...)
-	TODO: check
+	NOT-FOR-US: Anti virus snake oil
 CVE-2010-5180 (** DISPUTED ** Race condition in VBA32 Personal 3.12.12.4 on
Windows ...)
-	TODO: check
+	NOT-FOR-US: Anti virus snake oil
 CVE-2010-5179 (** DISPUTED ** Race condition in Trend Micro Internet Security
Pro ...)
-	TODO: check
+	NOT-FOR-US: Anti virus snake oil
 CVE-2010-5178 (** DISPUTED ** Race condition in ThreatFire 4.7.0.17 on Windows
XP ...)
-	TODO: check
+	NOT-FOR-US: Anti virus snake oil
 CVE-2010-5177 (** DISPUTED ** Race condition in Sophos Endpoint Security and
Control ...)
-	TODO: check
+	NOT-FOR-US: Anti virus snake oil
 CVE-2010-5176 (** DISPUTED ** Race condition in Security Shield 2010
13.0.16.313 on ...)
-	TODO: check
+	NOT-FOR-US: Anti virus snake oil
 CVE-2010-5175 (** DISPUTED ** Race condition in PrivateFirewall 7.0.20.37 on
Windows ...)
-	TODO: check
+	NOT-FOR-US: Anti virus snake oil
 CVE-2010-5174 (** DISPUTED ** Race condition in Prevx 3.0.5.143 on Windows XP
allows ...)
-	TODO: check
+	NOT-FOR-US: Anti virus snake oil
 CVE-2010-5173 (** DISPUTED ** Race condition in PC Tools Firewall Plus 6.0.0.88
on ...)
-	TODO: check
+	NOT-FOR-US: Anti virus snake oil
 CVE-2010-5172 (** DISPUTED ** Race condition in Panda Internet Security 2010
15.01.00 ...)
-	TODO: check
+	NOT-FOR-US: Anti virus snake oil
 CVE-2010-5171 (** DISPUTED ** Race condition in Outpost Security Suite Pro ...)
-	TODO: check
+	NOT-FOR-US: Anti virus snake oil
 CVE-2010-5170 (** DISPUTED ** Race condition in Online Solutions Security Suite
...)
-	TODO: check
+	NOT-FOR-US: Anti virus snake oil
 CVE-2010-5169 (** DISPUTED ** Race condition in Online Armor Premium 4.0.0.35
on ...)
-	TODO: check
+	NOT-FOR-US: Anti virus snake oil
 CVE-2010-5168 (** DISPUTED ** Race condition in Symantec Norton Internet
Security ...)
-	TODO: check
+	NOT-FOR-US: Anti virus snake oil
 CVE-2010-5167 (** DISPUTED ** Race condition in Norman Security Suite PRO 8.0
on ...)
-	TODO: check
+	NOT-FOR-US: Anti virus snake oil
 CVE-2010-5166 (** DISPUTED ** Race condition in McAfee Total Protection 2010
10.0.580 ...)
-	TODO: check
+	NOT-FOR-US: Anti virus snake oil
 CVE-2010-5165 (** DISPUTED ** Race condition in Malware Defender 2.6.0 on
Windows XP ...)
-	TODO: check
+	NOT-FOR-US: Anti virus snake oil
 CVE-2010-5164 (** DISPUTED ** Race condition in KingSoft Personal Firewall 9
Plus ...)
-	TODO: check
+	NOT-FOR-US: Anti virus snake oil
 CVE-2010-5163 (** DISPUTED ** Race condition in Kaspersky Internet Security
2010 ...)
-	TODO: check
+	NOT-FOR-US: Anti virus snake oil
 CVE-2010-5162 (** DISPUTED ** Race condition in G DATA TotalCare 2010 on
Windows XP ...)
-	TODO: check
+	NOT-FOR-US: Anti virus snake oil
 CVE-2010-5161 (** DISPUTED ** Race condition in F-Secure Internet Security 2010
10.00 ...)
-	TODO: check
+	NOT-FOR-US: Anti virus snake oil
 CVE-2010-5160 (** DISPUTED ** Race condition in ESET Smart Security 4.2.35.3 on
...)
-	TODO: check
+	NOT-FOR-US: Anti virus snake oil
 CVE-2010-5159 (** DISPUTED ** Race condition in Dr.Web Security Space Pro
6.0.0.03100 ...)
-	TODO: check
+	NOT-FOR-US: Anti virus snake oil
 CVE-2010-5158 (** DISPUTED ** Race condition in DefenseWall Personal Firewall
3.00 on ...)
-	TODO: check
+	NOT-FOR-US: Anti virus snake oil
 CVE-2010-5157 (Race condition in Comodo Internet Security before 4.1.149672.916
on ...)
-	TODO: check
+	NOT-FOR-US: Comodo Internet Security
 CVE-2010-5156 (** DISPUTED ** Race condition in CA Internet Security Suite Plus
2010 ...)
-	TODO: check
+	NOT-FOR-US: Anti virus snake oil
 CVE-2010-5155 (** DISPUTED ** Race condition in Blink Professional 4.6.1 on
Windows ...)
-	TODO: check
+	NOT-FOR-US: Anti virus snake oil
 CVE-2010-5154 (** DISPUTED ** Race condition in BitDefender Total Security 2010
...)
-	TODO: check
+	NOT-FOR-US: Anti virus snake oil
 CVE-2010-5153 (** DISPUTED ** Race condition in Avira Premium Security Suite
...)
-	TODO: check
+	NOT-FOR-US: Anti virus snake oil
 CVE-2010-5152 (** DISPUTED ** Race condition in AVG Internet Security 9.0.791
on ...)
-	TODO: check
+	NOT-FOR-US: Anti virus snake oil
 CVE-2010-5151 (** DISPUTED ** Race condition in avast! Internet Security
5.0.462 on ...)
-	TODO: check
+	NOT-FOR-US: Anti virus snake oil
 CVE-2010-5150 (** DISPUTED ** Race condition in 3D EQSecure Professional
Edition 4.2 ...)
-	TODO: check
+	NOT-FOR-US: Anti virus snake oil
 CVE-2009-5132 (The Filtering Service in Websense Web Security and Web Filter
before ...)
-	TODO: check
+	NOT-FOR-US: Websense
 CVE-2009-5131 (The Receive Service in Websense Email Security before 7.1 does
not ...)
-	TODO: check
+	NOT-FOR-US: Websense
 CVE-2009-5130 (The Rules Service in Websense Email Security before 7.1 allows
remote ...)
-	TODO: check
+	NOT-FOR-US: Websense
 CVE-2009-5129 (The Websense V10000 appliance before 1.0.1 allows remote
attackers to ...)
-	TODO: check
+	NOT-FOR-US: Websense
 CVE-2009-5128 (The Websense V10000 appliance before 1.0.1 allows remote
attackers to ...)
-	TODO: check
+	NOT-FOR-US: Websense
 CVE-2009-5127 (The Antivirus component in Comodo Internet Security before ...)
-	TODO: check
+	NOT-FOR-US: Comodo Internet Security
 CVE-2009-5126 (The Antivirus component in Comodo Internet Security before ...)
-	TODO: check
+	NOT-FOR-US: Comodo Internet Security
 CVE-2009-5125 (Comodo Internet Security before 3.9.95478.509 allows remote
attackers ...)
-	TODO: check
+	NOT-FOR-US: Comodo Internet Security
 CVE-2009-5124 (The Antivirus component in Comodo Internet Security before ...)
-	TODO: check
+	NOT-FOR-US: Comodo Internet Security
 CVE-2009-5123 (The Antivirus component in Comodo Internet Security before ...)
-	TODO: check
+	NOT-FOR-US: Comodo Internet Security
 CVE-2012-XXXX [letodms XSS and CSRF]
 	- letodms 3.3.7+dfsg-1
 	NOTE: http://www.openwall.com/lists/oss-security/2012/08/27/10
@@ -279,35 +282,35 @@
 CVE-2012-4606
 	RESERVED
 CVE-2011-5117 (Sophos SafeGuard Enterprise Device Encryption 5.x through
5.50.8.13, ...)
-	TODO: check
+	NOT-FOR-US: Sophos SafeGuard
 CVE-2011-5116 (SQL injection vulnerability in setseed-hub in SetSeed CMS
5.8.20, ...)
-	TODO: check
+	NOT-FOR-US: SetSeed CMS 
 CVE-2011-5115 (Cross-site scripting (XSS) vulnerability in DLGuard, possibly
4.6 and ...)
-	TODO: check
+	NOT-FOR-US: DLguard
 CVE-2011-5114 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
-	TODO: check
+	NOT-FOR-US: DLguard
 CVE-2011-5113 (SQL injection vulnerability in
frontend/models/techfoliodetail.php in ...)
-	TODO: check
+	NOT-FOR-US: Joomla addon
 CVE-2011-5112 (SQL injection vulnerability in Alameda (com_alameda) component
before ...)
-	TODO: check
+	NOT-FOR-US: Joomla addon
 CVE-2011-5111 (Multiple SQL injection vulnerabilities in Kajian Website CMS
Balitbang ...)
-	TODO: check
+	NOT-FOR-US: Kajian Website CMS
 CVE-2011-5110 (Multiple SQL injection vulnerabilities in Blogs Manager 1.101
and ...)
-	TODO: check
+	NOT-FOR-US: Blogs Manager
 CVE-2011-5109 (Multiple SQL injection vulnerabilities in Freelancer calendar
1.01 and ...)
-	TODO: check
+	NOT-FOR-US: Freelancer calendar
 CVE-2011-5108 (Cross-site scripting (XSS) vulnerability in config.php in
AdaptCMS ...)
-	TODO: check
+	NOT-FOR-US: AdaptCMS
 CVE-2011-5107 (Cross-site scripting (XSS) vulnerability in post_alert.php in
Alert ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2011-5106 (Cross-site scripting (XSS) vulnerability in edit-post.php in the
...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2011-5105 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
-	TODO: check
+	NOT-FOR-US: ZOHO ManageEngine ADSelfService Plus
 CVE-2011-5104 (Cross-site scripting (XSS) vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2011-5103 (SQL injection vulnerability in Alurian Prismotube PHP Video
Script ...)
-	TODO: check
+	NOT-FOR-US: Alurian Prismotube PHP Video Script
 CVE-2012-4605 (The default configuration of the SMTP component in Websense
Email ...)
 	NOT-FOR-US: Websense Email Security
 CVE-2012-4604 (The TRITON management console in Websense Web Security before
7.6 ...)
@@ -321,29 +324,29 @@
 CVE-2012-4600
 	RESERVED
 CVE-2011-5102 (The Investigative Reports web interface in the TRITON management
...)
-	TODO: check
+	NOT-FOR-US: Websense
 CVE-2010-5149 (Websense Web Security and Web Filter before 6.3.3 Hotfix 27 and
7.x ...)
-	TODO: check
+	NOT-FOR-US: Websense
 CVE-2010-5148 (Websense Web Security and Web Filter before 7.1 Hotfix 21 do not
set ...)
-	TODO: check
+	NOT-FOR-US: Websense
 CVE-2010-5147 (The Remote Filtering component in Websense Web Security and Web
Filter ...)
-	TODO: check
+	NOT-FOR-US: Websense
 CVE-2010-5146 (The Remote Filtering component in Websense Web Security and Web
Filter ...)
-	TODO: check
+	NOT-FOR-US: Websense
 CVE-2010-5145 (The Filtering Service in Websense Web Security and Web Filter
before ...)
-	TODO: check
+	NOT-FOR-US: Websense
 CVE-2010-5144 (The ISAPI Filter plug-in in Websense Enterprise, Websense Web
...)
-	TODO: check
+	NOT-FOR-US: Websense
 CVE-2009-5122 (The Personal Email Manager component in Websense Email Security
before ...)
-	TODO: check
+	NOT-FOR-US: Websense
 CVE-2009-5121 (Websense Email Security 7.1 before Hotfix 4 allows remote
attackers to ...)
-	TODO: check
+	NOT-FOR-US: Websense
 CVE-2009-5120 (The default configuration of Apache Tomcat in Websense Manager
in ...)
-	TODO: check
+	NOT-FOR-US: Websense
 CVE-2009-5119 (The default configuration of Apache Tomcat in Websense Manager
in ...)
-	TODO: check
+	NOT-FOR-US: Websense
 CVE-2008-7312 (The Filtering Service in Websense Enterprise 5.2 through 6.3
does not ...)
-	TODO: check
+	NOT-FOR-US: Websense
 CVE-2012-4599 (McAfee SmartFilter Administration, and SmartFilter
Administration Bess ...)
 	NOT-FOR-US: McAfee SmartFilter Administration
 CVE-2012-4598 (An unspecified ActiveX control in McAfee Virtual Technician
(MVT) ...)
@@ -819,19 +822,19 @@
 CVE-2012-4364
 	RESERVED
 CVE-2011-5101 (The Rumor technology in McAfee SaaS Endpoint Protection before
5.2.4 ...)
-	TODO: check
+	NOT-FOR-US: McAfee
 CVE-2011-5100 (The web interface in McAfee Firewall Reporter before 5.1.0.13
does not ...)
-	TODO: check
+	NOT-FOR-US: McAfee
 CVE-2010-5143 (McAfee VirusScan Enterprise before 8.8 allows local users to
disable ...)
-	TODO: check
+	NOT-FOR-US: McAfee
 CVE-2009-5118 (Untrusted search path vulnerability in McAfee VirusScan
Enterprise ...)
-	TODO: check
+	NOT-FOR-US: McAfee
 CVE-2009-5117 (The Web Post Protection feature in McAfee Host Data Loss
Prevention ...)
-	TODO: check
+	NOT-FOR-US: McAfee
 CVE-2009-5116 (McAfee LinuxShield 1.5.1 and earlier does not properly implement
...)
-	TODO: check
+	NOT-FOR-US: McAfee
 CVE-2009-5115 (McAfee Common Management Agent (CMA) 3.5.5 through 3.5.5.588 and
3.6.0 ...)
-	TODO: check
+	NOT-FOR-US: McAfee
 CVE-2012-4363 (Multiple unspecified vulnerabilities in Adobe Reader through
10.1.4 ...)
 	NOT-FOR-US: Adobe Reader
 CVE-2012-4362 (hydra.exe in HP SAN/iQ before 9.5 on the HP Virtual SAN
Appliance has ...)
@@ -1001,7 +1004,7 @@
 CVE-2012-4284
 	RESERVED
 CVE-2011-5099 (SQL injection vulnerability in helper/popup.php in the
ccNewsletter ...)
-	TODO: check
+	NOT-FOR-US: Joomla addon
 CVE-2012-4283 (Cross-site scripting (XSS) vulnerability in the Login With Ajax
plugin ...)
 	NOT-FOR-US: Login With Ajax plugin for Wordpress
 CVE-2012-4282 (SQL injection vulnerability in photo.php in Trombinoscope 3.5
allows ...)
@@ -1060,19 +1063,17 @@
 CVE-2012-4256 (The jNews (com_jnews) component 7.5.1 for Joomla! allows remote
...)
 	NOT-FOR-US: jNews for Joomla!
 CVE-2012-4255 (MySQLDumper 1.24.4 allows remote attackers to obtain sensitive
...)
-	TODO: check
+	NOT-FOR-US: MySQLDumper
 CVE-2012-4254 (MySQLDumper 1.24.4 allows remote attackers to obtain sensitive
...)
-	TODO: check
+	NOT-FOR-US: MySQLDumper
 CVE-2012-4253 (Multiple directory traversal vulnerabilities in MySQLDumper
1.24.4 ...)
-	TODO: check
+	NOT-FOR-US: MySQLDumper
 CVE-2012-4252 (Multiple cross-site request forgery (CSRF) vulnerabilities in
...)
-	TODO: check
+	NOT-FOR-US: MySQLDumper
 CVE-2012-4251 (Multiple cross-site scripting (XSS) vulnerabilities in
MySQLDumper ...)
-	TODO: check
+	NOT-FOR-US: MySQLDumper
 CVE-2012-4250 (Stack-based buffer overflow in the RequestScreenOptimization
function ...)
 	NOT-FOR-US: Samsung NET-i viewer
-CVE-2012-XXXX
-	- libapache2-mod-rpaf 0.6-1 (bug #683984)
 CVE-2012-4249 (The Amazon Lab126 com.lab126.system sendEvent implementation on
the ...)
 	NOT-FOR-US: Kindle Touch
 CVE-2012-4248 (The Amazon Kindle Touch before 5.1.2 does not properly restrict
access ...)
@@ -1098,11 +1099,11 @@
 CVE-2012-4239
 	RESERVED
 CVE-2012-4238 (Cross-site scripting (XSS) vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: TCExam
 CVE-2012-4237 (Multiple SQL injection vulnerabilities in TCExam before 11.3.008
allow ...)
-	TODO: check
+	NOT-FOR-US: TCExam
 CVE-2012-4236 (Cross-site scripting (XSS) vulnerability in the refresh_page
function ...)
-	TODO: check
+	NOT-FOR-US: Total Shop UK eCommerce
 CVE-2012-4235 (The RSGallery2 (com_rsgallery2) component before 3.2.0 for
Joomla! ...)
 	NOT-FOR-US: Joomla addon
 CVE-2012-4234
@@ -1491,7 +1492,7 @@
 CVE-2012-4053 (Cross-site request forgery (CSRF) vulnerability in eZOE flash
player ...)
 	NOT-FOR-US: eZOE flash player not in Debian
 CVE-2012-4052 (Multiple cross-site scripting (XSS) vulnerabilities in Jease
before ...)
-	TODO: check
+	NOT-FOR-US: Jease
 CVE-2012-4051
 	RESERVED
 CVE-2007-6754 (The ipalloc function in libc/stdlib/malloc.c in jemalloc in libc
for ...)
@@ -1523,7 +1524,7 @@
 CVE-2012-4037 (Multiple cross-site scripting (XSS) vulnerabilities in the web
client ...)
 	- transmission 2.52-3 (bug #683380)
 CVE-2012-4036 (Unrestricted file upload vulnerability in admin.php in PBBoard
2.1.4 ...)
-	TODO: check
+	NOT-FOR-US: PBBoard
 CVE-2012-4035 (The new_password page in PBBoard 2.1.4 allows remote attackers
to ...)
 	NOT-FOR-US: PBBoard
 CVE-2012-4034 (Multiple SQL injection vulnerabilities in PBBoard 2.1.4 allow
remote ...)
@@ -1776,8 +1777,7 @@
 	RESERVED
 CVE-2012-3954 (Multiple memory leaks in ISC DHCP 4.1.x and 4.2.x before
4.2.4-P1 and ...)
 	{DSA-2519-2 DSA-2519-1 DSA-2516-1}
-	- isc-dhcp <unfixed>
-	NOTE: https://kb.isc.org/article/AA-00737
+	- isc-dhcp <unfixed> (bug #686174)
 CVE-2012-3953 (SQL injection vulnerability in admin/index.php in phpList before
...)
 	NOT-FOR-US: phplist
 CVE-2012-3952 (Cross-site scripting (XSS) vulnerability in admin/index.php in
phpList ...)
@@ -2573,12 +2573,10 @@
 	NOTE: Disputed NSS issue
 CVE-2012-3571 (ISC DHCP 4.1.2 through 4.2.4 and 4.1-ESV before 4.1-ESV-R6
allows ...)
 	{DSA-2519-2 DSA-2519-1 DSA-2516-1}
-	- isc-dhcp <unfixed>
-	NOTE: https://kb.isc.org/article/AA-00712
+	- isc-dhcp <unfixed> (bug #686174)
 CVE-2012-3570 (Buffer overflow in ISC DHCP 4.2.x before 4.2.4-P1, when DHCPv6
mode is ...)
-	- isc-dhcp <unfixed>
+	- isc-dhcp <unfixed> (bug #686174)
 	[squeeze] - isc-dhcp <not-affected> (Vulnerable code not present)
-	NOTE: https://kb.isc.org/article/AA-00714
 CVE-2012-3569
 	RESERVED
 CVE-2012-3568 (Opera before 12.00 Beta allows remote attackers to cause a
denial of ...)
@@ -2684,7 +2682,7 @@
 CVE-2012-3526 [mod_rpaf dos]
 	RESERVED
 	{DSA-2532-1}
-	- libapache2-mod-rpaf 0.6-1
+	- libapache2-mod-rpaf 0.6-1 (bug #683984)
 CVE-2012-3525 (s2s/out.c in jabberd2 2.2.16 and earlier does not verify that a
...)
 	- jabberd2 <unfixed> (bug #685666)
 CVE-2012-3524
@@ -2801,15 +2799,15 @@
 	- postgresql-9.1 9.1.5-1
 	- postgresql-8.4 8.4.12-2
 CVE-2012-3487 (Race condition in Tunnelblick 3.3beta20 and earlier allows local
users ...)
-	TODO: check
+	NOT-FOR-US: Tunnelblick
 CVE-2012-3486 (Tunnelblick 3.3beta20 and earlier allows local users to gain
...)
-	TODO: check
+	NOT-FOR-US: Tunnelblick
 CVE-2012-3485 (Tunnelblick 3.3beta20 and earlier relies on argv[0] to determine
the ...)
-	TODO: check
+	NOT-FOR-US: Tunnelblick
 CVE-2012-3484 (Tunnelblick 3.3beta20 and earlier relies on a test for specific
...)
-	TODO: check
+	NOT-FOR-US: Tunnelblick
 CVE-2012-3483 (Race condition in the runScript function in Tunnelblick
3.3beta20 and ...)
-	TODO: check
+	NOT-FOR-US: Tunnelblick
 CVE-2012-3482 [fetchmail segfault in NTLM protocol exchange]
 	RESERVED
 	- fetchmail <unfixed> (low)
@@ -2831,7 +2829,7 @@
 	{DSA-2530-1}
 	- rssh 2.3.3-5
 CVE-2012-3477 (SQL injection vulnerability in signup_check.php in NeoInvoice
allows ...)
-	TODO: check
+	NOT-FOR-US: Neoinvoice
 CVE-2012-3476 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
 	NOT-FOR-US: Ushahidi
 CVE-2012-3475 (The installer in the Ushahidi Platform before 2.5 omits certain
calls ...)
@@ -3378,7 +3376,7 @@
 CVE-2012-3294 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the Web ...)
 	NOT-FOR-US: IBM WebSphere
 CVE-2012-3293 (Cross-site scripting (XSS) vulnerability in the Administrative
Console ...)
-	TODO: check
+	NOT-FOR-US: IBM WebSphere
 CVE-2012-3292 (The GridFTP in Globus Toolkit (GT) before 5.2.2, when certain
autoconf ...)
 	{DSA-2523-1}
 	- globus-gridftp-server 6.5-1
@@ -3991,7 +3989,7 @@
 CVE-2012-2991
 	RESERVED
 CVE-2012-2990 (The MASetupCaller ActiveX control before 1.4.2012.508 in ...)
-	TODO: check
+	NOT-FOR-US: MarkAny ContentSAFER
 CVE-2012-2989
 	RESERVED
 CVE-2012-2988
@@ -4003,7 +4001,7 @@
 CVE-2012-2985 (Cross-site scripting (XSS) vulnerability in InsertDocument.aspx
in ...)
 	NOT-FOR-US: CuteSoft Cute Editor
 CVE-2012-2984 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
-	TODO: check
+	NOT-FOR-US: Websense
 CVE-2012-2983
 	RESERVED
 CVE-2012-2982
@@ -5688,7 +5686,7 @@
 	NOTE: http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/
 	NOTE: http://www.openwall.com/lists/oss-security/2012/05/07/14
 CVE-2012-2324 (Multiple SQL injection vulnerabilities in MyBB (aka
MyBulletinBoard) ...)
-	TODO: check
+	NOT-FOR-US: MyBB
 CVE-2012-2323
 	RESERVED
 CVE-2012-2322 (Integer overflow in the dhcpv6_get_option function in
gdhcp/client.c ...)
@@ -5767,7 +5765,7 @@
 CVE-2012-2290
 	RESERVED
 CVE-2012-2289 (EMC ApplicationXtender Desktop before 6.5 SP2 and
ApplicationXtender ...)
-	TODO: check
+	NOT-FOR-US: EMC
 CVE-2012-2288
 	RESERVED
 CVE-2012-2287
@@ -5901,7 +5899,7 @@
 CVE-2012-2228
 	RESERVED
 CVE-2012-2227 (Directory traversal vulnerability in update/index.php in PluXml
before ...)
-	TODO: check
+	NOT-FOR-US: PluXml
 CVE-2012-2226
 	RESERVED
 CVE-2012-2225 (360zip 1.93beta allows remote attackers to execute arbitrary
code via ...)
@@ -6684,11 +6682,11 @@
 CVE-2012-1936 (** DISPUTED ** The wp_create_nonce function in ...)
 	NOT-FOR-US: Disputed Wordpress issue
 CVE-2012-1935 (Multiple cross-site scripting (XSS) vulnerabilities in Newscoop
3.5.x ...)
-	TODO: check
+	- newscoop <itp> (bug #604113)
 CVE-2012-1934 (SQL injection vulnerability in admin/country/edit.php in
Newscoop ...)
-	TODO: check
+	- newscoop <itp> (bug #604113)
 CVE-2012-1933 (Multiple PHP remote file inclusion vulnerabilities in Newscoop
3.5.x ...)
-	TODO: check
+	- newscoop <itp> (bug #604113)
 CVE-2012-1932
 	RESERVED
 CVE-2007-6753 (Untrusted search path vulnerability in Shell32.dll in Microsoft
...)
Secure testing commits - Aug 2012 - r20050 - data/CVE

[Secure-testing-commits] r20050 - data/CVE
