[Secure-testing-commits] r2594 - data/CVE

Thu Oct 27 10:16:33 UTC 2005

Author: jmm-guest
Date: 2005-10-27 10:16:28 +0000 (Thu, 27 Oct 2005)
New Revision: 2594

Modified:
   data/CVE/list
Log:
new ilohamail issue already fixed
new dropbear issue already fixed
lots of NFUs


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2005-10-27 10:04:50 UTC (rev 2593)
+++ data/CVE/list	2005-10-27 10:16:28 UTC (rev 2594)
@@ -138,62 +138,61 @@
 	NOT-FOR-US: DCP-Portal
 CVE-2004-2511 (Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal ...)
 	NOT-FOR-US: DCP-Portal
-begin claimed by jmm
 CVE-2004-2510 (Cross-site scripting (XSS) vulnerability in showflat.php in Infopop ...)
-	TODO: check
+	NOT-FOR-US: Infopop UBB.Threads
 CVE-2004-2509 (Cross-site scripting (XSS) vulnerabilities in (1) calendar.php, (2) ...)
-	TODO: check
+	NOT-FOR-US: Infopop UBB.Threads
 CVE-2004-2508 (Cross-site scripting (XSS) vulnerability in main.cgi in Linksys WVC11B ...)
-	TODO: check
+	NOT-FOR-US: Linksys hardware
 CVE-2004-2507 (Absolute path traversal vulnerability in main.cgi in Linksys WVC11B ...)
-	TODO: check
+	NOT-FOR-US: Linksys hardware
 CVE-2004-2506 (Unparsed web content delivery vulnerability in WIKINDX before 0.9.9g ...)
-	TODO: check
+	NOT-FOR-US: WIKINDX
 CVE-2004-2505 (Macromedia ColdFusion MX before 6.1 does not restrict the size of ...)
-	TODO: check
+	NOT-FOR-US: ColdFusion
 CVE-2004-2504 (The GUI in Alt-N Technologies MDaemon 7.2 and earlier, including 6.8, ...)
-	TODO: check
+	NOT-FOR-US: Alt-N Technologies Mdaemon
 CVE-2004-2503 (INweb Mail Server 2.40 allows remote attackers to cause a denial of ...)
-	TODO: check
+	NOT-FOR-US: Inweb Mail Server
 CVE-2004-2502 (im-switch before 11.4-46.1 in Fedora Core 2 allows local users to ...)
-	TODO: check
+	- im-switch <not-affected> (Debian's version is somehow derived from RH, but not affected)
+	TODO: Please double-check
 CVE-2004-2501 (Buffer overflow in the IMAP service of MailEnable Professional Edition ...)
-	TODO: check
+	NOT-FOR-US: MailEnable Professional
 CVE-2004-2500 (Unknown vulnerability in IlohaMail before 0.8.14-rc1 has unknown ...)
-	TODO: check
+	- ilohamail 0.8.14-0rc1
 CVE-2004-2499 (Unspecified vulnerability in Hitachi Web Page Generator and Web Page ...)
-	TODO: check
+	NOT-FOR-US: Hitachi Web Page Generator
 CVE-2004-2498 (Unspecified vulnerability in the error handler in Hitachi Web Page ...)
-	TODO: check
+	NOT-FOR-US: Hitachi Web Page Generator
 CVE-2004-2497 (Cross-site scripting (XSS) vulnerability in the error handler in ...)
-	TODO: check
+	NOT-FOR-US: Hitachi Web Page Generator
 CVE-2004-2496 (The HTTP daemon in OpenText FirstClass 7.1 and 8.0 allows remote ...)
-	TODO: check
+	NOT-FOR-US: OpenText FirstClass
 CVE-2004-2495 (The (1) Webmail, (2) admin, and (3) SMTP services in Ability Mail ...)
-	TODO: check
+	NOT-FOR-US: Ability Mail Server
 CVE-2004-2494 (Cross-site scripting (XSS) vulnerability in _error in Ability Mail ...)
-	TODO: check
+	NOT-FOR-US: Ability Mail Server
 CVE-2004-2493 (Directory traversal vulnerability in Groupmax World Wide Web (GmaxWWW) ...)
-	TODO: check
+	NOT-FOR-US: GmaxWWW
 CVE-2004-2492 (Cross-site scripting (XSS) vulnerability in Groupmax World Wide Web ...)
-	TODO: check
+	NOT-FOR-US: GmaxWWW
 CVE-2004-2491 (A race condition in Opera web browser 7.53 Build 3850 causes Opera to ...)
-	TODO: check
+	NOT-FOR-US: Opera
 CVE-2004-2490 (Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.xC1 and ...)
-	TODO: check
+	NOT-FOR-US: Informix Dynamic Server
 CVE-2004-2489 (Format string vulnerability in IBM Informix Dynamic Server (IDS) ...)
-	TODO: check
+	NOT-FOR-US: Informix Dynamic Server
 CVE-2004-2488 (Directory traversal vulnerability in Nexgen FTP Server before 2.2.3.23 ...)
-	TODO: check
+	NOT-FOR-US: Nexgen FTP Server
 CVE-2004-2487 (Directory traversal vulnerability in Nexgen FTP Server before 2.2.3.23 ...)
-	TODO: check
+	NOT-FOR-US: Nexgen FTP Server
 CVE-2004-2486 (The DSS verification code in Dropbear SSH Server before 0.43 frees ...)
-	TODO: check
+	- dropbear 0.43-2
 CVE-2004-2485 (Unspecified vulnerability in PHP Live! before 2.8.2, due to a &quot;major ...)
-	TODO: check
+	NOT-FOR-US: PHP Live!
 CVE-2004-2484 (Cross-site scripting (XSS) vulnerability in PHP Gift Registry 1.3.5 ...)
-	TODO: check
-end claimed by jmm
+	NOT-FOR-US: PHP Gift Registry
 CVE-2005-XXXX [kernel: Signedness problems in net/core/filter]
 	- linux-2.6 2.6.12-2
 	[sarge] - kernel-source-2.4.27 <not-affected>


