[Secure-testing-commits] r5042 - data/CVE

Stefan Fritsch stef-guest at alioth.debian.org
Fri Dec 1 23:53:29 CET 2006 

Author: stef-guest
Date: 2006-12-01 23:53:26 +0100 (Fri, 01 Dec 2006)
New Revision: 5042

Modified:
   data/CVE/list
Log:
remove some more 2002 TODOs

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-12-01 22:39:30 UTC (rev 5041)
+++ data/CVE/list	2006-12-01 22:53:26 UTC (rev 5042)
@@ -17368,7 +17368,6 @@
 	NOT-FOR-US: Macromedia JRun
 CVE-2002-2185 (The Internet Group Management Protocol (IGMP) allows local users to ...)
 	NOTE: fixed in IRIX..
-	TODO: check
 CVE-2002-2184 (Digi-Net Technologies DigiChat 3.5 allows chat users to obtain the IP ...)
 	NOT-FOR-US: DigiChat
 CVE-2002-2183 (phpShare.php in phpShare before 0.6 beta 3 allows remote attackers to ...)
@@ -20754,7 +20753,7 @@
 CVE-2002-2088 (The MOSIX Project clump/os 5.4 creates a default VNC account without a ...)
 	NOT-FOR-US: clump/os
 CVE-2002-2087 (Buffer overflow in Borland InterBase 6.0 allows local users to execute ...)
-	TODO: check firebird as it's based on InterBase 6.0
+	NOT-FOR-US: Data pre-dating the Security Tracker
 CVE-2001-1580 (Directory traversal vulnerability in ScriptEase viewcode.jse for ...)
 	NOT-FOR-US: ScriptEase
 CVE-2001-1579 (The timed program (in.timed) in UnixWare 7 and OpenUnix 8.0.0 does not ...)
@@ -21628,13 +21627,13 @@
 CVE-2002-2014 (Lotus Domino 5.0.8 web server returns different error messages when a ...)
 	NOT-FOR-US: Lotus Domino
 CVE-2002-2013 (Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote ...)
-	TODO: Check this, Mozilla is in the archive
+	NOT-FOR-US: Data pre-dating the Security Tracker
 CVE-2002-2012 (Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for ...)
 	NOT-FOR-US: Apache
 CVE-2002-2011 (Cross-site scripting (XSS) vulnerability in the fom CGI program ...)
 	NOT-FOR-US: faqomatic
 CVE-2002-2010 (Cross-site scripting (XSS) vulnerability in htsearch.cgi in htdig ...)
-	TODO: Check this, htdig is in the archive
+	NOT-FOR-US: Data pre-dating the Security Tracker
 CVE-2002-2009 (Apache Tomcat 4.0.1 allows remote attackers to obtain the web root ...)
 	NOT-FOR-US: Tomcat
 CVE-2002-2008 (Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the ...)
@@ -35642,9 +35641,6 @@
 	- openssl 0.9.6g-1
 CVE-2002-1567 (Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows ...)
 	NOTE: tomcat4 cross-site scripting vuln
-	NOTE: not sure if it's a problem or not
-	NOTE: contacted package maintainers, they think it's not vulnerable.
-	TODO: waiting for further information.
 CVE-2002-1566 (netris 0.5, and possibly other versions before 0.52, when running with ...)
 	- netris 0.52-1
 CVE-2002-1565 (Buffer overflow in url_filename function for wget 1.8.1 allows ...)
@@ -35820,7 +35816,6 @@
 	NOT-FOR-US: HP
 CVE-2002-1423 (tmp_view.php in FUDforum before 2.2.0 allows remote attackers to read ...)
 	- phpgroupware <not-affected> (Issue in fudforum 2.2.0. fudforum in phpgroupware-fudforum is 2.5.x)
-	TODO: Check egroupware for this and CVE-2002-1422 and CVE-2004-1421
 CVE-2002-1422 (admbrowse.php in FUDforum before 2.2.0 allows remote attackers to ...)
 	- phpgroupware <not-affected> (Issue in fudforum 2.2.0. fudforum in phpgroupware-fudforum is 2.5.x)
 CVE-2002-1421 (SQL injection vulnerabilities in FUDforum before 2.2.0 allow remote ...)
@@ -35921,7 +35916,6 @@
 	RESERVED
 CVE-2002-1345 (Directory traversal vulnerabilities in multiple FTP clients on UNIX ...)
 	NOTE: multiple ftp client issues
-	TODO: check wget, ftp, ncftp, etc.
 CVE-2002-1344 (Directory traversal vulnerability in wget before 1.8.2-4 allows a ...)
 	{DSA-209}
 	- wget 1.8.2-8
@@ -36203,7 +36197,6 @@
 	- purity 1-16
 CVE-2002-1121 (SMTP content filter engines, including (1) GFI MailSecurity for ...)
 	NOTE: Some SMTP mailscanners can be bypassed by fragmenting messages.
-	TODO: check Debian mailscanners, if any.
 CVE-2002-1120 (Buffer overflow in Savant Web Server 3.1 and earlier allows remote ...)
 	NOT-FOR-US: Savant Web Server
 CVE-2002-1115 (Mantis 0.17.4a and earlier allows remote attackers to view private ...)
@@ -37463,7 +37456,6 @@
 CVE-2002-1265 (The Sun RPC functionality in multiple libc implementations does not ...)
 	NOTE: don't know which version of glibc fix this
 	NOTE: I've mailed maintainers.
-	TODO: check
 CVE-2002-1264 (Buffer overflow in Oracle iSQL*Plus web application of the Oracle 9 ...)
 	NOT-FOR-US: oracle
 CVE-2002-1260 (The Java Database Connectivity (JDBC) APIs in Microsoft Virtual ...)

More information about the Secure-testing-commits mailing list