[Secure-testing-commits] r6410 - data/CVE

[nion at alioth.debian.org]

Author: nion
Date: 2007-08-26 17:57:30 +0000 (Sun, 26 Aug 2007)
New Revision: 6410

Modified:
   data/CVE/list
Log:
NFUs
ampache itp


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-08-26 15:18:28 UTC (rev 6409)
+++ data/CVE/list	2007-08-26 17:57:30 UTC (rev 6410)
@@ -18,15 +18,16 @@
 CVE-2007-4457 (Directory traversal vulnerability in forumreply.php in Dalai Forum 1.1 ...)
 	NOT-FOR-US: Dalai Forum
 CVE-2007-4456 (SQL injection vulnerability in index.php in the SimpleFAQ ...)
-	TODO: check
+	NOT-FOR-US: mambo
+	NOTE: mambo is in experimental though
 CVE-2007-4455 (The SIP channel driver (chan_sip) in Asterisk Open Source 1.4.x before ...)
 	- asterisk 1:1.4.11~dfsg-1
 	[sarge] - asterisk <not-affected> (not affected according to advisory)
 	[etch] - asterisk <not-affected> (not affected according to advisory)
 CVE-2007-4454 (Eval injection vulnerability in environment.php in Olate Download (od) ...)
-	TODO: check
+	NOT-FOR-US: Olate Download
 CVE-2007-4453 (** DISPUTED ** ...)
-	TODO: check
+	NOT-FOR-US: vBulletin
 CVE-2007-4452 (The client in Toribash 2.71 and earlier allows remote attackers to ...)
 	NOT-FOR-US: Toribash
 CVE-2007-4451 (The server in Toribash 2.71 and earlier on Windows allows remote ...)
@@ -42,31 +43,31 @@
 CVE-2007-4446 (Format string vulnerability in the server in Toribash 2.71 and earlier ...)
 	NOT-FOR-US: Toribash
 CVE-2007-4445 (Image Space rFactor 1.250 and earlier allows remote attackers to cause ...)
-	TODO: check
+	NOT-FOR-US: Image space rfactor
 CVE-2007-4444 (Multiple buffer overflows in Image Space rFactor 1.250 and earlier ...)
-	TODO: check
+	NOT-FOR-US: Image space rfactor
 CVE-2007-4443 (The UCC dedicated server for the Unreal engine, possibly 2003 and ...)
-	TODO: check
+	NOT-FOR-US: Unreal on Windows
 CVE-2007-4442 (Stack-based buffer overflow in the logging function in the Unreal ...)
-	TODO: check
+	NOT-FOR-US: Unreal on Windows
 CVE-2007-4441 (Buffer overflow in php_win32std.dll in the win32std extension for PHP ...)
 	- php5 <not-affected> (Windows-specific)
 CVE-2007-4440 (Stack-based buffer overflow in the SMTP server in Mercury Mail ...)
-	TODO: check
+	NOT-FOR-US: Mercury mail system
 CVE-2007-4439 (PHP remote file inclusion vulnerability in popup_window.php in ...)
-	TODO: check
+	NOT-FOR-US: Squirrelcart
 CVE-2007-4438 (Session fixation vulnerability in Ampache before 3.3.3.5 allows remote ...)
-	TODO: check
+	- ampache <itp> (bug #407337)
 CVE-2007-4437 (SQL injection vulnerability in albums.php in Ampache before 3.3.3.5 ...)
-	TODO: check
+	- ampache <itp> (bug #407337)
 CVE-2007-4436 (The Drupal Project module before 5.x-1.0, 4.7.x-2.3, and 4.7.x-1.3 and ...)
 	- drupal <not-affected> (External addon, see bug #439379)
 CVE-2007-4435 (Multiple SQL injection vulnerabilities in TorrentTrader before 1.07 ...)
-	TODO: check
+	NOT-FOR-US: TorrentTrader
 CVE-2007-4434 (Cross-site scripting (XSS) vulnerability in textfilesearch.asp in the ...)
-	TODO: check
+	NOT-FOR-US: Text File Search ASP
 CVE-2007-4433 (Cross-site scripting (XSS) vulnerability in textfilesearch.aspx in the ...)
-	TODO: check
+	NOT-FOR-US: Text File Search ASP
 CVE-2007-4432 (Untrusted search path vulnerability in the wrapper scripts for the (1) ...)
 	NOT-FOR-US: SUSE
 CVE-2007-4431 (Cross-domain vulnerability in Apple Safari for Windows 3.0.3 and ...)
@@ -76,9 +77,9 @@
 CVE-2007-4429 (Unspecified vulnerability in Skype allows remote attackers to cause a ...)
 	NOT-FOR-US: Skype
 CVE-2007-4428 (Lhaz 1.33 allows remote attackers to execute arbitrary code via ...)
-	TODO: check
+	NOT-FOR-US: lhaz
 CVE-2007-4427 (Unspecified vulnerability in the login page redirection logic in the ...)
-	TODO: check
+	NOT-FOR-US: InterSystems Cache
 CVE-2007-4426 (Live for Speed (LFS) S1 and S2 allows remote attackers to cause a ...)
 	TODO: check
 CVE-2007-4425 (Multiple buffer overflows in Live for Speed (LFS) demo, S1, and S2 ...)