Author: corsac
Date: 2012-01-03 22:15:27 +0000 (Tue, 03 Jan 2012)
New Revision: 18017
Modified:
data/CVE/list
Log:
fix NOTE: not-for-us by using correct NOT-FOR-US tag
note: there's a check needed for Monkey for an old 2002 CVE
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-01-03 22:04:07 UTC (rev 18016)
+++ data/CVE/list 2012-01-03 22:15:27 UTC (rev 18017)
@@ -43,23 +43,23 @@
CVE-2012-0265
RESERVED
CVE-2011-5046 (win32k.sys in the kernel-mode drivers in Microsoft Windows 7
...)
- NOTE: not-for-us (Microsoft Windows 7)
+ NOT-FOR-US: Microsoft Windows 7
CVE-2011-5045 (Cross-site scripting (XSS) vulnerability in details_view.php in
PHP ...)
- NOTE: not-for-us
+ NOT-FOR-US: PHP Booking Calendar 10e (not in Debian)
CVE-2011-5044 (SopCast 3.4.7.45585 uses weak permissions (Everyone:Full
Control) for ...)
- NOTE: not-for-us (SopCast not in Debian)
+ NOT-FOR-US: SopCast (not in Debian)
CVE-2011-5043 (TomatoSoft Free Mp3 Player 1.0 allows remote attackers to cause
a ...)
- NOTE: not-for-us (TomatoSoft Free Mp3 Player not in Debian)
+ NOT-FOR-US: TomatoSoft Free Mp3 Player (not in Debian)
CVE-2011-5042 (Cross-site scripting (XSS) vulnerability in
inc/lib/lib.base.php in ...)
- NOTE: not-for-us
+ NOT-FOR-US: SASHA (not in Debian)
CVE-2011-5041 (Multiple cross-site scripting (XSS) vulnerabilities in Pulse
Pro CMS ...)
- NOTE: not-for-us (Pulse Pro CMS not in Debian)
+ NOT-FOR-US: Pulse Pro CMS (not in Debian)
CVE-2011-5040 (Multiple cross-site scripting (XSS) vulnerabilities in
Infoproject ...)
- NOTE: not-for-us
+ NOT-FOR-US: Infoproject Biznis Heroj (not in Debian)
CVE-2011-5039 (Multiple SQL injection vulnerabilities in Infoproject Biznis
Heroj ...)
- NOTE: not-for-us
+ NOT-FOR-US: Infoproject Biznis Heroj (not in Debian)
CVE-2011-5038 (SQL injection vulnerability in hitCode hitAppoint 4.5.17 and
possibly ...)
- NOTE: not-for-us
+ NOT-FOR-US: hitAppoint (not in Debian)
CVE-2011-5037 (Google V8 computes hash values for form parameters without
restricting ...)
- libv8 <unfixed> (bug #653962)
CVE-2011-5036 (Rack before 1.1.3, 1.2.x before 1.2.5, and 1.3.x before 1.3.6
computes ...)
@@ -95269,7 +95269,7 @@
CVE-2002-2201 (The Printer Administration module for Webmin 0.990 and earlier
allows ...)
- webmin 1.000 (high)
CVE-2002-2200 (Benjamin Lefevre Dobermann FORUM 0.5 and earlier allows remote
...)
- NOTE: not-for-us (Benjamin Lefevre Dobermann FORUM)
+ NOT-FOR-US: (Benjamin Lefevre Dobermann FORUM)
CVE-2002-2199 (The default aide.conf file in Advanced Intrusion Detection
Environment ...)
NOTE: freebsd misconfiguration
CVE-2002-2198 (Buffer overflow in ZMailer before 2.99.51_1 allows remote
attackers to ...)
@@ -100746,59 +100746,59 @@
CVE-2002-1855 (Macromedia JRun 3.0 through 4.0, when running on Windows,
allows ...)
NOT-FOR-US: Macromedia JRun
CVE-2002-1854 (Rlaj whois CGI script (whois.cgi) 1.0 allows remote attackers
to ...)
- NOTE: not-for-us
+ NOT-FOR-US: rlaj whois.cgi
CVE-2002-1853 (Cross-site scripting (XSS) vulnerability in MyNewsGroups 0.4
and 0.4.1 ...)
- NOTE: not-for-us
+ NOT-FOR-US: MyNewsGroups
CVE-2002-1852 (Cross-site scripting (XSS) vulnerability in Monkey 0.5.0 allows
remote ...)
- NOTE: not-for-us
+ TODO: check, monkey 0.9.3 is in Debian, not sure if vulnerable code is
present
CVE-2002-1851 (Buffer overflow in WS_FTP Pro 7.5 allows remote attackers to
execute ...)
- NOTE: not-for-us
+ NOT-FOR-US: WS_FTP Pro
CVE-2002-1850 (mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and
possibly ...)
- apache2 2.0.42-1
CVE-2002-1849 (ParaChat Server 4.0 does not log users off if the browser's
back ...)
- NOTE: not-for-us
+ NOT-FOR-US: ParaChat
CVE-2002-1848 (TightVNC before 1.2.4 running on Windows stores unencrypted
passwords ...)
- NOTE: not-for-us
+ NOT-FOR-US: TightVNC on Windows only
CVE-2002-1847 (Buffer overflow in mplay32.exe of Microsoft Windows Media
Player (WMP) ...)
- NOTE: not-for-us
+ NOT-FOR-US: Microsoft Windows Media Player
CVE-2002-1846 (Yet Another Bulletin Board (YaBB) 1.40 and 1.41 does not
require a ...)
- NOTE: not-for-us
+ NOT-FOR-US: YaBB
CVE-2002-1845 (Cross-site scripting (XSS) vulnerability in index.php in Yet
Another ...)
- NOTE: not-for-us
+ NOT-FOR-US: YaBB
CVE-2002-1844 (Microsoft Windows Media Player (WMP) 6.3, when installed on
Solaris, ...)
- NOTE: not-for-us
+ NOT-FOR-US: Microsoft Windows Media Player
CVE-2002-1843 (Perlbot 1.9.2 allows remote attackers to execute arbitrary
commands ...)
- NOTE: not-for-us
+ NOT-FOR-US: Perlbot
CVE-2002-1842 (Perlbot 1.0 beta allows remote attackers to execute arbitrary
commands ...)
- NOTE: not-for-us
+ NOT-FOR-US: Perlbot
CVE-2002-1841 (The document management module in NOLA 1.1.1 and 1.1.2 does not
...)
- NOTE: not-for-us
+ NOT-FOR-US: Nogusta NOLA
CVE-2002-1840 (irssi IRC client 0.8.4, when downloaded after 14-March-2002,
could ...)
- NOTE: not-for-us
+ NOT-FOR-US: some irssi tarballs contained a backdoor
CVE-2002-1839 (Trend Micro InterScan VirusWall for Windows NT 3.52 does not
record ...)
- NOTE: not-for-us
+ NOT-FOR-US: Trend Micro InterScan VirusWall (Windows NT 3.52)
CVE-2002-1838 (Charities.cron 1.0.2 through 1.6.0 allows local users to write
to ...)
- NOTE: not-for-us
+ NOT-FOR-US: Charities.cron
CVE-2002-1837 (The getAlbumToDisplay function in idsShared.pm for Image
Display ...)
- NOTE: not-for-us
+ NOT-FOR-US: Image Display System
CVE-2002-1836 (The default configuration of Xerox DocuTech 6110 and DocuTech
6115 ...)
- NOTE: not-for-us
+ NOT-FOR-US: Xerox Docutech
CVE-2002-1835 (The default configuration of Xerox DocuTech 6110 and DocuTech
6115 ...)
- NOTE: not-for-us
+ NOT-FOR-US: Xerox Docutech
CVE-2002-1834 (The default configuration of Xerox DocuTech 6110 and DocuTech
6115 ...)
- NOTE: not-for-us
+ NOT-FOR-US: Xerox Docutech
CVE-2002-1833 (The default configurations for DocuTech 6110 and DocuTech 6115
have a ...)
- NOTE: not-for-us
+ NOT-FOR-US: Xerox Docutech
CVE-2002-1832 (Unknown vulnerability in the "ipopts decode"
functionality in ...)
- NOTE: not-for-us
+ NOT-FOR-US: Firestorm IDS
CVE-2002-1831 (Microsoft MSN Messenger Service 1.0 through 4.6 allows remote
...)
- NOTE: not-for-us
+ NOT-FOR-US: Microsoft MSN Messenger Service
CVE-2002-1830 (Open Bulletin Board (OpenBB) 1.0.0 RC3 allows remote attackers
to ...)
- NOTE: not-for-us
+ NOT-FOR-US: Open Bulletin Board
CVE-2002-1829 (Cross-site scripting (XSS) vulnerability in codeparse.php in
Open ...)
- NOTE: not-for-us
+ NOT-FOR-US: Open Bulletin Board
CVE-2002-1828 (Savant Webserver 3.1 allows remote attackers to cause a denial
of ...)
- NOTE: not-for-us
+ NOT-FOR-US: Savant Webserver
CVE-2002-1827 (Sendmail 8.9.0 through 8.12.3 allows local users to cause a
denial of ...)
- sendmail 8.12-4
CVE-2002-1826 (grsecurity 1.9.4 for Linux kernel 2.4.18 allows local users to
bypass ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
