[Secure-testing-commits] r5334 - data/CVE

Alex de Oliveira Silva enerv-guest at alioth.debian.org
Tue Jan 23 21:46:17 CET 2007 

Author: enerv-guest
Date: 2007-01-23 21:46:15 +0100 (Tue, 23 Jan 2007)
New Revision: 5334

Modified:
   data/CVE/list
Log:
some NFUs fixed.
fixed wzdftpd and gxine issues.



Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-01-23 20:14:08 UTC (rev 5333)
+++ data/CVE/list	2007-01-23 20:46:15 UTC (rev 5334)
@@ -1,75 +1,75 @@
 CVE-2007-0435 (T-Com Speedport 500V routers with firmware 1.31 allow remote attackers ...)
-	TODO: check
+	NOT-FOR-US: T-Com Speedport
 CVE-2007-0434 (BEA AquaLogic Enterprise Security 2.0 through 2.0 SP2, 2.1 through 2.1 ...)
-	TODO: check
+	NOT-FOR-US: BEA
 CVE-2007-0433 (Unspecified vulnerability in BEA AquaLogic Enterprise Security 2.0 ...)
-	TODO: check
+	NOT-FOR-US: BEA
 CVE-2007-0432 (BEA AquaLogic Service Bus 2.0, 2.1, and 2.5 does not properly reject ...)
-	TODO: check
+	NOT-FOR-US: BEA
 CVE-2007-0431 (AVM Fritz!Box 7050, and possibly other product models, allows remote ...)
-	TODO: check
+	NOT-FOR-US AVM
 CVE-2007-0430 (The shared_region_map_file_np function in Apple Mac OS X 10.4.8 and ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS
 CVE-2007-0429 (DivXBrowserPlugin (aka DivX Web Player) npdivx32.dll, as distributed ...)
-	TODO: check
+	NOT-FOR-US: DivX Web Player
 CVE-2007-0428 (Unspecified vulnerability in the chtbl_lookup function in hash.c for ...)
-	TODO: check
+	- wzdftpd 0.8.1-1 (medium)
 CVE-2007-0427 (Stack-based buffer overflow in Microsoft Help Workshop 4.03.0002 ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2007-0426 (BEA WebLogic Portal 9.2, when running in a WebLogic Server clustered ...)
-	TODO: check
+	NOT-FOR-US: BEA
 CVE-2007-0425 (Unspecified vulnerability in BEA WebLogic Platform and Server 8.1 ...)
-	TODO: check
+	NOT-FOR-US: BEA
 CVE-2007-0424 (Unspecified vulnerability in the BEA WebLogic Server proxy plug-in for ...)
-	TODO: check
+	NOT-FOR-US: BEA
 CVE-2007-0423 (BEA WebLogic Portal 9.2 does not properly handle when an administrator ...)
-	TODO: check
+	NOT-FOR-US: BEA
 CVE-2007-0422 (BEA WebLogic Server 9.0, 9.1, and 9.2 Gold, when running on Solaris 9, ...)
-	TODO: check
+	NOT-FOR-US: BEA
 CVE-2007-0421 (BEA WebLogic Server 6.1 through 6.1 SP7, and 7.0 through 7.0 SP7 ...)
-	TODO: check
+	NOT-FOR-US: BEA
 CVE-2007-0420 (BEA WebLogic Server 9.0, 9.1, and 9.2 Gold allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: BEA
 CVE-2007-0419 (The BEA WebLogic Server proxy plug-in before June 2006 for the Apache ...)
-	TODO: check
+	NOT-FOR-US: BEA
 CVE-2007-0418 (BEA WebLogic Server 7.0 through 7.0 SP6, 8.1 through 8.1 SP5, 9.0, and ...)
-	TODO: check
+	NOT-FOR-US: BEA
 CVE-2007-0417 (BEA WebLogic Server 7.0 through 7.0 SP7, 8.1 through 8.1 SP5, 9.0, and ...)
-	TODO: check
+	NOT-FOR-US: BEA
 CVE-2007-0416 (The WSEE runtime (WS-Security runtime) in BEA WebLogic Server 9.0 and ...)
-	TODO: check
+	NOT-FOR-US: BEA
 CVE-2007-0415 (BEA WebLogic Server 8.1 through 8.1 SP5 does not properly enforce ...)
-	TODO: check
+	NOT-FOR-US: BEA
 CVE-2007-0414 (BEA WebLogic Server 6.1 through 6.1 SP7, 7.0 through 7.0 SP6, 8.1 ...)
-	TODO: check
+	NOT-FOR-US: BEA
 CVE-2007-0413 (BEA WebLogic Server 8.1 through 8.1 SP5 improperly cleartext data in a ...)
-	TODO: check
+	NOT-FOR-US: BEA
 CVE-2007-0412 (BEA WebLogic Server 6.1 through 6.1 SP7, 7.0 through 7.0 SP7, and 8.1 ...)
-	TODO: check
+	NOT-FOR-US: BEA
 CVE-2007-0411 (BEA WebLogic Server 8.1 through 8.1 SP5, 9.0, 9.1, and 9.2 Gold, when ...)
-	TODO: check
+	NOT-FOR-US: BEA
 CVE-2007-0410 (Unspecified vulnerability in the thread management in BEA WebLogic 7.0 ...)
-	TODO: check
+	NOT-FOR-US: BEA
 CVE-2007-0409 (BEA WebLogic 7.0 through 7.0 SP6, 8.1 through 8.1 SP4, and 9.0 initial ...)
-	TODO: check
+	NOT-FOR-US: BEA
 CVE-2007-0408 (BEA Weblogic Server 8.1 through 8.1 SP4 does not properly validate ...)
-	TODO: check
+	NOT-FOR-US: BEA
 CVE-2007-0407 (Cross-site scripting (XSS) vulnerability in Operation/User.pm in Plain ...)
-	TODO: check
+	NOT-FOR-US: Poplar Gedcom Viewer
 CVE-2007-0406 (Multiple buffer overflows in the (1) main function in (a) client.c, ...)
-	TODO: check
+	- gxine 0.5.8-2 (medium; bug #405876)
 CVE-2007-0405 (The LazyUser class in the AuthenticationMiddleware for Django 0.95 ...)
 	TODO: check
 CVE-2007-0404 (bin/compile-messages.py in Django 0.95 does not quote argument strings ...)
 	TODO: check
 CVE-2007-0403 (SQL injection vulnerability in admin/memberlist.php in Easebay ...)
-	TODO: check
+	NOT-FOR-US: Easebay Resources
 CVE-2007-0402 (Cross-site scripting (XSS) vulnerability in admin/edit_member.php in ...)
-	TODO: check
+	NOT-FOR-US: Easebay Resources
 CVE-2007-0401 (SQL injection vulnerability in admin/memberlist.php in Easebay ...)
-	TODO: check
+	NOT-FOR-US: Easebay Resources
 CVE-2007-0400 (Cross-site scripting (XSS) vulnerability in admin/memberlist.php in ...)
-	TODO: check
+	NOT-FOR-US: Easebay Resources
 CVE-2007-0399 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
 	TODO: check
 CVE-2007-0398 (Multiple cross-site scripting (XSS) vulnerabilities in MisterSP ...)
@@ -83,9 +83,9 @@
 CVE-2006-6948 (MyODBC Japanese conversion edition 3.51.06, 2.50.29, and 2.50.25 ...)
 	TODO: check
 CVE-2006-6947 (The FTP server in the NEC MultiWriter 1700C allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: NEC
 CVE-2006-6946 (The web server in the NEC MultiWriter 1700C allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: NEC
 CVE-2007-XXXX [wordpress unregister_globals workaround from 2.0.7]
 	- wordpress 2.0.7 (bug #407116; unimportant)
 	NOTE: Non-issue, hash issue fixed since months in Sarge and Etch,

More information about the Secure-testing-commits mailing list