Author: jmm
Date: 2012-08-15 07:17:08 +0000 (Wed, 15 Aug 2012)
New Revision: 19952
Modified:
data/CVE/list
Log:
NFUs
drop some historic TODOs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-08-14 21:14:19 UTC (rev 19951)
+++ data/CVE/list 2012-08-15 07:17:08 UTC (rev 19952)
@@ -71,13 +71,13 @@
CVE-2012-XXXX
- libapache2-mod-rpaf 0.6-1 (bug #683984)
CVE-2012-4249 (The Amazon Lab126 com.lab126.system sendEvent implementation on
the ...)
- TODO: check
+ NOT-FOR-US: Kindle Touch
CVE-2012-4248 (The Amazon Kindle Touch before 5.1.2 does not properly restrict
access ...)
- TODO: check
+ NOT-FOR-US: Kindle Touch
CVE-2012-4247 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- TODO: check
+ NOT-FOR-US: phplist
CVE-2012-4246 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- TODO: check
+ NOT-FOR-US: phplist
CVE-2012-4245
RESERVED
CVE-2012-4244
@@ -456,9 +456,9 @@
CVE-2012-4071 (Cross-site scripting (XSS) vulnerability in the comments module
in the ...)
NOT-FOR-US: Joomla addon
CVE-2012-4070 (SQL injection vulnerability in system/src/dispatcher.php in
Dir2web ...)
- TODO: check
+ NOT-FOR-US: Dir2Web
CVE-2012-4069 (Dir2web 3.0 stores sensitive information under the web root
with ...)
- TODO: check
+ NOT-FOR-US: Dir2Web
CVE-2012-4068 (Heap-based buffer overflow in the SoapServer service in Citrix
...)
NOT-FOR-US: Citrix
CVE-2012-4067
@@ -527,9 +527,9 @@
CVE-2012-4036
RESERVED
CVE-2012-4035 (The new_password page in PBBoard 2.1.4 allows remote attackers
to ...)
- TODO: check
+ NOT-FOR-US: PBBoard
CVE-2012-4034 (Multiple SQL injection vulnerabilities in PBBoard 2.1.4 allow
remote ...)
- TODO: check
+ NOT-FOR-US: PBBoard
CVE-2012-4050 (Multiple unspecified vulnerabilities in Google Chrome OS before
...)
NOT-FOR-US: Google Chrome OS
CVE-2012-4049 (epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark
1.4.x ...)
@@ -718,9 +718,9 @@
- isc-dhcp <unfixed>
NOTE: https://kb.isc.org/article/AA-00737
CVE-2012-3953 (SQL injection vulnerability in admin/index.php in phpList
before ...)
- TODO: check
+ NOT-FOR-US: phplist
CVE-2012-3952 (Cross-site scripting (XSS) vulnerability in admin/index.php in
phpList ...)
- TODO: check
+ NOT-FOR-US: phplist
CVE-2012-3951 (The MySQL component in Plixer Scrutinizer (aka Dell SonicWALL
...)
NOT-FOR-US: Plixer Scrutinizer
CVE-2012-3950
@@ -1712,23 +1712,23 @@
CVE-2012-3477
RESERVED
CVE-2012-3476 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
- TODO: check
+ NOT-FOR-US: Ushahidi
CVE-2012-3475 (The installer in the Ushahidi Platform before 2.5 omits certain
calls ...)
- TODO: check
+ NOT-FOR-US: Ushahidi
CVE-2012-3474 (The comments API in ...)
- TODO: check
+ NOT-FOR-US: Ushahidi
CVE-2012-3473 (The (1) reports API and (2) administration feature in the
comments API ...)
- TODO: check
+ NOT-FOR-US: Ushahidi
CVE-2012-3472 (The email API in
application/libraries/api/MY_Email_Api_Object.php in ...)
- TODO: check
+ NOT-FOR-US: Ushahidi
CVE-2012-3471 (Multiple SQL injection vulnerabilities in the edit functions in
(1) ...)
- TODO: check
+ NOT-FOR-US: Ushahidi
CVE-2012-3470 (Multiple SQL injection vulnerabilities in ...)
- TODO: check
+ NOT-FOR-US: Ushahidi
CVE-2012-3469 (Multiple SQL injection vulnerabilities in the Ushahidi Platform
before ...)
- TODO: check
+ NOT-FOR-US: Ushahidi
CVE-2012-3468 (Multiple SQL injection vulnerabilities in the Ushahidi Platform
before ...)
- TODO: check
+ NOT-FOR-US: Ushahidi
CVE-2012-3467
RESERVED
- qpid-cpp 0.16-7 (bug #684456)
@@ -2584,7 +2584,7 @@
CVE-2012-3133
RESERVED
CVE-2012-3132 (SQL injection vulnerability in Oracle Database Server 10.2.0.3,
...)
- TODO: check
+ NOT-FOR-US: Oracle Database
CVE-2012-3131 (Unspecified vulnerability in Oracle Sun Solaris 9, 10, and 11
allows ...)
NOT-FOR-US: Oracle Sun Solaris
CVE-2012-3130 (Unspecified vulnerability in Oracle Sun Solaris 11 allows
remote ...)
@@ -2916,19 +2916,19 @@
CVE-2012-2970 (The Synel SY-780/A Time & Attendance terminal allows remote
attackers ...)
NOT-FOR-US: Synel terminal
CVE-2012-2969 (Caucho Quercus, as distributed in Resin before 4.0.29, allows
remote ...)
- TODO: check
+ NOT-FOR-US: Caucho Quercus
CVE-2012-2968 (Directory traversal vulnerability in Caucho Quercus, as
distributed in ...)
- TODO: check
+ NOT-FOR-US: Caucho Quercus
CVE-2012-2967 (Caucho Quercus, as distributed in Resin before 4.0.29, does not
...)
- TODO: check
+ NOT-FOR-US: Caucho Quercus
CVE-2012-2966 (Caucho Quercus, as distributed in Resin before 4.0.29,
overwrites ...)
- TODO: check
+ NOT-FOR-US: Caucho Quercus
CVE-2012-2965 (Caucho Quercus, as distributed in Resin before 4.0.29, does not
...)
- TODO: check
+ NOT-FOR-US: Caucho Quercus
CVE-2012-2964 (The BreakingPoint Storm appliance before 3.0 requires cleartext
...)
- TODO: check
+ NOT-FOR-US: BreakingPoint Storm appliance
CVE-2012-2963 (The administrative interface in the embedded web server on the
...)
- TODO: check
+ NOT-FOR-US: BreakingPoint Storm appliance
CVE-2012-2962 (SQL injection vulnerability in d4d/statusFilter.php in Plixer
...)
NOT-FOR-US: Dell SonicWALL Scrutinizer
CVE-2012-2961 (SQL injection vulnerability in the management console in
Symantec Web ...)
@@ -3805,7 +3805,7 @@
CVE-2012-2603 (The server in CollabNet ScrumWorks Pro before 6.0 allows remote
...)
NOT-FOR-US: CollabNet ScrumWorks Pro
CVE-2012-2602 (Multiple cross-site request forgery (CSRF) vulnerabilities in
...)
- TODO: check
+ NOT-FOR-US: SolarWinds Orion Network Performance Monitor
CVE-2012-2601
RESERVED
CVE-2012-2600
@@ -3829,19 +3829,19 @@
CVE-2012-2591
RESERVED
CVE-2012-2590 (Multiple cross-site scripting (XSS) vulnerabilities in ESCON
...)
- TODO: check
+ NOT-FOR-US: ESCON SupportPortal Professional Edition
CVE-2012-2589
RESERVED
CVE-2012-2588
RESERVED
CVE-2012-2587 (Multiple cross-site scripting (XSS) vulnerabilities in
AfterLogic ...)
- TODO: check
+ NOT-FOR-US: AfterLogic MailSuite Pro
CVE-2012-2586
RESERVED
CVE-2012-2585 (Multiple cross-site scripting (XSS) vulnerabilities in
ManageEngine ...)
- TODO: check
+ NOT-FOR-US: ManageEngine ServiceDesk Plus
CVE-2012-2584 (Multiple cross-site scripting (XSS) vulnerabilities in Alt-N
MDaemon ...)
- TODO: check
+ NOT-FOR-US: Alt-N MDaemon Free
CVE-2012-2583
RESERVED
CVE-2012-2582
@@ -3855,7 +3855,7 @@
CVE-2012-2578
RESERVED
CVE-2012-2577 (Multiple cross-site scripting (XSS) vulnerabilities in
SolarWinds ...)
- TODO: check
+ NOT-FOR-US: SolarWinds Orion Network Performance Monitor
CVE-2012-2576
RESERVED
CVE-2012-2575
@@ -3867,7 +3867,7 @@
CVE-2012-2572
RESERVED
CVE-2012-2571 (Multiple cross-site scripting (XSS) vulnerabilities in
WinWebMail ...)
- TODO: check
+ NOT-FOR-US: WinWebMail
CVE-2012-2570
RESERVED
CVE-2012-2569
@@ -32468,7 +32468,6 @@
NOT-FOR-US: Orbit Downloader
CVE-2010-2103 (Cross-site scripting (XSS) vulnerability in ...)
- axis <not-affected> (axis != axis2, vulnerable code not present)
- TODO: find out if the axis2 c implementation (axis2c) is affected by
this
CVE-2010-2102 (Buffer overflow in Webby Webserver 1.01 allows remote attackers
to ...)
NOT-FOR-US: Webby Webserver
CVE-2010-2101 (The (1) strip_tags, (2) setcookie, (3) strtok, (4) wordwrap,
(5) ...)
@@ -35821,8 +35820,6 @@
NOT-FOR-US: Pulse CMS Basic
CVE-2010-0991 (Multiple heap-based buffer overflows in imlib2 1.4.3 allow ...)
- imlib2 <not-affected> (vulnerable code introduced in 1.4.3)
- NOTE: http://seclists.org/bugtraq/2010/Apr/196
- TODO: recheck when 1.4.3 gets uploaded to unstable
CVE-2010-0990 (Stack-based buffer overflow in Creative Software AutoUpdate
Engine ...)
NOT-FOR-US: Creative Software AutoUpdate
CVE-2010-0989 (Directory traversal vulnerability in delete.php in Pulse CMS
before ...)
@@ -37518,7 +37515,6 @@
CVE-2010-0431 (QEMU-KVM, as used in the Hypervisor (aka rhev-hypervisor) in
Red Hat ...)
- qemu-kvm <not-affected> (QXL support not yet present in Debian
packages)
- kvm <not-affected> (QXL support not yet present in Debian packages)
- TODO: recheck newer uploads
CVE-2010-0430
RESERVED
- spice <not-affected> (Fixed before initial upload to archive)
@@ -37978,7 +37974,6 @@
CVE-2010-0301 (main.C in maildrop 2.3.0 and earlier, when run by root with the
-d ...)
{DSA-1981-1}
- maildrop 2.2.0-3.1 (low; bug #564601)
- TODO: check courier (embeds maildrop)
CVE-2010-0300 (cache.c in ircd-ratbox before 2.2.9 allows remote attackers to
cause a ...)
{DSA-1980-1}
- ircd-ratbox 3.0.6.dfsg-1 (low; bug #567191)
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
