[Secure-testing-commits] r6332 - data/CVE

nion at alioth.debian.org nion at alioth.debian.org
Thu Aug 16 01:39:01 UTC 2007 

Author: nion
Date: 2007-08-16 01:39:00 +0000 (Thu, 16 Aug 2007)
New Revision: 6332

Modified:
   data/CVE/list
Log:
NFUs
wordpress not affected by CVE-2007-4165 (this theme is not shipped with package)
added bug for fail2ban  CVE-2007-4321


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-08-16 00:19:22 UTC (rev 6331)
+++ data/CVE/list	2007-08-16 01:39:00 UTC (rev 6332)
@@ -63,7 +63,7 @@
 CVE-2007-4322 (BlockHosts before 2.0.4 does not properly parse (1) sshd and (2) ...)
 	NOT-FOR-US: BlockHosts
 CVE-2007-4321 (fail2ban 0.8 and earlier does not properly parse sshd log files, which ...)
-	- fail2ban <unfixed> (medium)
+	- fail2ban <unfixed> (bug #438187; medium)
 	NOTE: only partially fixed in 0.8.0-4 according to maintainer
 CVE-2007-4320 (PHP remote file inclusion vulnerability in ...)
 	NOT-FOR-US: Ncaster
@@ -145,9 +145,9 @@
 	- serendipity 1.1.4-1
 	[etch] - serendipity <not-affected> (introduced in 1.1.x)
 CVE-2007-4281 (Cross-site scripting (XSS) vulnerability in KnowledgeTree Open Source ...)
-	TODO: check
+	NOT-FOR-US: KnowledgeTree
 CVE-2007-4279 (PHP remote file inclusion vulnerability in config.php in ...)
-	TODO: check
+	NOT-FOR-US FrontAccounting
 CVE-2007-4278
 	RESERVED
 CVE-2007-4277
@@ -176,9 +176,9 @@
 CVE-2007-4266
 	RESERVED
 CVE-2007-4265 (Multiple cross-site scripting (XSS) vulnerabilities in VisionProject ...)
-	TODO: check
+	NOT-FOR-US: VisionProject
 CVE-2007-4264 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
-	TODO: check
+	NOT-FOR-US: snif
 CVE-2007-4280 (The Skinny channel driver (chan_skinny) in Asterisk Open Source before ...)
 	- asterisk 1:1.4.10~dfsg-1
 	NOTE: http://ftp.digium.com/pub/asa/ASA-2007-019.html
@@ -380,21 +380,21 @@
 CVE-2007-4173 (SQL injection vulnerability in duyuruoku.asp in Hunkaray Okul Portali ...)
 	NOT-FOR-US: Hunkaray Okul Portali
 CVE-2007-4172 (Multiple cross-site scripting (XSS) vulnerabilities in Open Webmail ...)
-	TODO: check
+	NOT-FOR-US: Openwebmail
 CVE-2007-4171 (SQL injection vulnerability in komentar.php in the Forum Module for ...)
-	TODO: check
+	NOT-FOR-US: Aura CMS
 CVE-2007-4170 (Multiple PHP remote file inclusion vulnerabilities in AL-Athkar 2.0 ...)
-	TODO: check
+	NOT-FOR-US: AL-Athkar
 CVE-2007-4169 (** DISPUTED ** ...)
 	TODO: check
 CVE-2007-4167 (PHP remote file inclusion vulnerability in cat_viewed.php in ...)
-	TODO: check
+	NOT-FOR-US: AL-Caricatier
 CVE-2007-4166 (Cross-site scripting (XSS) vulnerability in index.php in the Unnamed ...)
-	TODO: check
+	NOT-FOR-US: Xu Yiyang
 CVE-2007-4165 (Cross-site scripting (XSS) vulnerability in index.php in the Blue ...)
-	TODO: check
+	- wordpress <not-affected> (Wordpress doesn't ship this theme)
 CVE-2007-4164 (CRLF injection vulnerability in the redirect feature in Sun Java ...)
-	TODO: check
+	NOT-FOR-US: IndexScript
 CVE-2007-4163 (Multiple SQL injection vulnerabilities in IndexScript 2.7 and 2.8 ...)
 	TODO: check
 CVE-2007-4162 (TIBCO Rendezvous (RV) 7.5.2 does not protect confidentiality or ...)

More information about the Secure-testing-commits mailing list