[Secure-testing-commits] r20510 - data/CVE

Sun, 18 Nov 2012 08:41:07 -0800 

Author: helmut-guest
Date: 2012-11-18 16:40:58 +0000 (Sun, 18 Nov 2012)
New Revision: 20510

Modified:
   data/CVE/list
Log:
NFUs

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2012-11-18 14:36:50 UTC (rev 20509)
+++ data/CVE/list       2012-11-18 16:40:58 UTC (rev 20510)
@@ -136,7 +136,8 @@
 CVE-2011-5240 (Magento 1.5 and 1.6.2 does not verify that the server hostname 
matches ...)
        NOT-FOR-US: Magento
 CVE-2011-5239 (CiviCRM 4.0.5 and 4.1.1 does not verify that the server 
hostname ...)
-       TODO: check
+       NOT-FOR-US: CiviCRM
+       NOTE: RFP #645700
 CVE-2011-5238 (google-checkout-php-sample-code before 1.3.2 does not verify 
that the ...)
        NOT-FOR-US: google-checkout-php-sample-code
 CVE-2011-5237 (PayPal WPS ToolKit does not verify that the server hostname 
matches a ...)
@@ -226,7 +227,8 @@
 CVE-2012-5786 (The wsdl_first_https sample code in ...)
        NOT-FOR-US: Apache CXF
 CVE-2012-5785 (Apache Axis2/Java 1.6.2 and earlier does not verify that the 
server ...)
-       TODO: check
+       NOT-FOR-US: Axis2/Java
+       NOTE: Axis2/C is packaged as axis2c, but this is a different software.
 CVE-2012-5784 (Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, 
PayPal ...)
        - axis <unfixed> (bug #692650)
 CVE-2012-5783 (Apache Commons HttpClient 3.x, as used in Amazon Flexible 
Payments ...)
@@ -386,7 +388,7 @@
 CVE-2012-5706
        RESERVED
 CVE-2012-5705 (Cross-site scripting (XSS) vulnerability in the settings page 
...)
-       TODO: check
+       NOT-FOR-US: Drupal addon not packaged in Debian
 CVE-2012-5704 (The Hotblocks module 6.x-1.x before 6.x-1.8 for Drupal allows 
remote ...)
        NOT-FOR-US: Drupal addon not packaged in Debian
 CVE-2012-5703
@@ -1656,7 +1658,7 @@
 CVE-2012-5172
        RESERVED
 CVE-2012-5171 (Directory traversal vulnerability in Be Graph BeZIP before 3.10 
allows ...)
-       TODO: check
+       NOT-FOR-US: Be Graph's BeZIP
 CVE-2012-5170 (Open redirect vulnerability in Pebble before 2.6.4 allows 
remote ...)
        NOT-FOR-US: Pebble blog
 CVE-2012-5169 (Multiple cross-site scripting (XSS) vulnerabilities in ...)


_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to