Author: jmm-guest
Date: 2008-02-11 17:47:02 +0000 (Mon, 11 Feb 2008)
New Revision: 8136
Modified:
data/CVE/list
Log:
sun-java6 not in etch
add cherrypy3, affected as well
mozilla dupe, poked mitre
convert old xoops itps to NFU, the wnpp bug was closed (and this shouldn't
enter the archive anyway)
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-02-11 17:36:38 UTC (rev 8135)
+++ data/CVE/list 2008-02-11 17:47:02 UTC (rev 8136)
@@ -31,7 +31,6 @@
CVE-2008-0628 (The XML parsing code in Sun Java Runtime Environment JDK and
JRE 6 ...)
- sun-java6 6-04-1
- sun-java5 <not-affected> (referring to sun this vulnerability is not
present in java5)
- [etch] - sun-java6 <no-dsa> (non-free not supported)
CVE-2008-0627
REJECTED
CVE-2008-0626
@@ -944,6 +943,7 @@
CVE-2008-0252 (Directory traversal vulnerability in the _get_file_path
function in ...)
{DSA-1481-1}
- python-cherrypy 2.2.1-3.1 (low; bug #461069)
+ - cherrypy3 3.0.2-2
CVE-2008-0251 (Unrestricted file upload vulnerability in PhotoPost vBGallery
before ...)
NOT-FOR-US: PhotoPost vBGallery
CVE-2008-0250 (Buffer overflow in Microsoft Visual InterDev 6.0 (SP6) allows
...)
@@ -974,7 +974,7 @@
CVE-2008-0238 (Multiple heap-based buffer overflows in the rmff_dump_cont
function in ...)
NOTE: Dupe of CVE-2008-0225
CVE-2008-0299 (common.py in Paramiko 1.7.1 and earlier, when using threads or
forked ...)
- - paramiko 1.6.4-1.1 (medium; bug #460706)
+ - paramiko 1.6.4-1.1 (low; bug #460706)
NOTE: http://www.lag.net/pipermail/paramiko/2008-January/000599.html
CVE-2008-0237 (The Microsoft Rich Textbox ActiveX Control (RICHTX32.OCX)
6.1.97.82 ...)
NOT-FOR-US: Microsoft Rich Textbox ActiveX Control
@@ -11077,10 +11077,7 @@
CVE-2007-3091 (Race condition in Microsoft Internet Explorer 6 and 7 allows
remote ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-3090 (Mozilla Firefox does not properly manage a delay timer used in
...)
- - iceweasel <unfixed> (medium)
- - iceape <unfixed> (medium)
- [sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer
supported)
- - xulrunner <unfixed> (medium)
+ NOTE: This is a dupe of CVE-2008-0519, since 0519 is more widely used,
marking this as a dupe
CVE-2007-3089 (Mozilla Firefox before 2.0.0.5 does not prevent use of
document.write ...)
{DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1}
- iceweasel 2.0.0.5-1 (low; bug #427691)
@@ -37394,9 +37391,9 @@
CVE-2005-3682 (Multiple SQL injection vulnerabilities in Wizz Forum 1.20 allow
remote ...)
NOT-FOR-US: Wizz Forum
CVE-2005-3681 (SQL injection vulnerability in viewcat.php in XOOPS
WF-Downloads ...)
- - xoops <itp> (bug #207640)
+ NOT-FOR-US: Xoops
CVE-2005-3680 (Directory traversal vulnerability in editor_registry.php in
XOOPS ...)
- - xoops <itp> (bug #207640)
+ NOT-FOR-US: Xoops
CVE-2005-3679 (SQL injection vulnerability in admin/index.php in
ActiveCampaign ...)
NOT-FOR-US: ActiveCampaign 1-2-All Broadcast Email
CVE-2005-3678 (Google Talk before 1.0.0.76, with email notification enabled,
allows ...)
@@ -41892,7 +41889,7 @@
CVE-2005-2339 (Cross-site scripting (XSS) vulnerability in the Unicode version
of ...)
NOT-FOR-US: unicode msearch
CVE-2005-2338 (Multiple cross-site scripting (XSS) vulnerabilities in XOOPS
2.0.12 JP ...)
- - xoops <itp> (bug #207640)
+ NOT-FOR-US: Xoops
CVE-2005-2337 (Ruby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0
development up to ...)
{DSA-864-1 DSA-862-1 DSA-860-1}
- ruby <removed>
@@ -43055,9 +43052,9 @@
[sarge] - mozilla <not-affected> (Unreproducible)
- mozilla 2:1.7.10-1 (bug #318723; medium)
CVE-2005-2113 (SQL injection vulnerability in the loginUser function in the
XMLRPC ...)
- - xoops <itp> (bug #207640)
+ NOT-FOR-US: Xoops
CVE-2005-2112 (Multiple cross-site scripting (XSS) vulnerabilities in XOOPS
2.0.11 ...)
- - xoops <itp> (bug #207640)
+ NOT-FOR-US: Xoops
CVE-2005-2111 (login.cgi in Community Link Pro Web Editor allows remote
attackers to ...)
NOT-FOR-US: Community Link Pro Web Editor
CVE-2005-2110 (WordPress 1.5.1.2 and earlier allows remote attackers to obtain
...)
@@ -43676,7 +43673,7 @@
CVE-2002-1803 (Cross-site scripting (XSS) vulnerability in PHP-Nuke 6.0 allows
remote ...)
NOT-FOR-US: PHP-Nuke
CVE-2002-1802 (Cross-site scripting (XSS) vulnerability in Xoops 1.0 RC3
allows ...)
- - xoops <itp> (bug #207640)
+ NOT-FOR-US: Xoops
CVE-2002-1801 (ImageFolio 2.23 through 2.27 allows remote attackers to obtain
...)
NOT-FOR-US: ImageFolio
CVE-2002-1800 (phpRank 1.8 stores the administrative password in plaintext on
the ...)
@@ -48194,7 +48191,7 @@
CVE-2005-0744 (The web GUI for Novell iChain 2.2 and 2.3 SP2 and SP3 allows
attackers ...)
NOT-FOR-US: Novell iChain
CVE-2005-0743 (The custom avatar uploading feature (uploader.php) for XOOPS
2.0.9.2 ...)
- - xoops <itp> (bug #207640)
+ NOT-FOR-US: Xoops
CVE-2005-0742 (Cross-site scripting (XSS) vulnerability in Sun Java System ...)
NOT-FOR-US: Sun Java System Application Server
CVE-2005-0741 (Cross-site scripting (XSS) vulnerability in YaBB.pl for YaBB
2.0 RC1 ...)
@@ -55301,7 +55298,7 @@
CVE-2003-0492 (Cross-site scripting (XSS) vulnerability in search.asp for
Snitz ...)
NOT-FOR-US: snitz forums; not in debian
CVE-2003-0491 (The Tutorials 2.0 module in XOOPS and E-XOOPS allows remote
attackers ...)
- - xoops <itp> (bug #207640)
+ NOT-FOR-US: Xoops
CVE-2003-0490 (The installation of Dantz Retrospect Client 5.0.540 on MacOS X
10.2.6, ...)
NOT-FOR-US: Dantz Retrospect
CVE-2003-0489 (tcptraceroute 1.4 and earlier does not fully drop privileges
after ...)
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
