[Secure-testing-commits] r3315 - data/CVE

[Micah Anderson]

Author: micah
Date: 2006-01-18 04:43:21 +0000 (Wed, 18 Jan 2006)
New Revision: 3315

Modified:
   data/CVE/list
Log:
Some NFUs and false positive checks


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-01-17 23:06:44 UTC (rev 3314)
+++ data/CVE/list	2006-01-18 04:43:21 UTC (rev 3315)
@@ -97,15 +97,15 @@
 CVE-2005-4652 (SQL injection vulnerability in PHlyMail 3.02.01 allows remote ...)
 	TODO: check
 CVE-2005-4651 (SQL injection vulnerability in index.php in AlstraSoft EPay Pro 2.0 ...)
-	TODO: check
+	NOT-FOR-US: AlstraSoft EPay Pro
 CVE-2005-4650 (Joomla! 1.03 does not restrict the number of "Search" Mambots, which ...)
-	TODO: check
+	NOT-FOR-US: Joomla!
 CVE-2005-4649 (Multiple cross-site scripting (XSS) vulnerabilities in Advanced ...)
-	TODO: check
+	NOT-FOR-US: Advanced Guestbook
 CVE-2005-4648 (Buffer overflow in Illustrate dBpowerAMP Music Converter 11.5 and ...)
-	TODO: check
+	NOT-FOR-US: Illustrate dBpowerAMP Music Converter
 CVE-2003-1290 (BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, with RMI ...)
-	TODO: check
+	NOT-FOR-US: BEA WebLogic Server
 CVE-2006-XXXX [knowledgetree information disclosure]
 	- knowledgetree <unfixed> (bug #348306; medium)
 CVE-2006-XXXX [php5 response splitting]
@@ -12613,7 +12613,8 @@
 	- netapplet <not-affected> (Not vulerable, see bug #310833)
 CVE-2005-1039 (Race condition in Core Utilities (coreutils) 5.2.1, when (1) mkdir, ...)
 	- coreutils <unfixed> (bug #304556; low)
-	NOTE: Setting up a sarge/oldstable chroot to see if this affects -- micah
+	[woody] - fileutils <unfixed> (bug #304556; low)
+	NOTE: Sarge is affected
 CVE-2005-1038 (crontab in Vixie cron 4.1, when running with the -e option, allows ...)
 	NOTE: long fixed in Debian's cron
 CVE-2005-1037 (Unknown vulnerability in AIX 5.3.0, when configured as an NIS client, ...)