[Secure-testing-commits] r7863 - data/CVE

nion at alioth.debian.org nion at alioth.debian.org
Wed Jan 9 13:47:56 UTC 2008


Author: nion
Date: 2008-01-09 13:47:55 +0000 (Wed, 09 Jan 2008)
New Revision: 7863

Modified:
   data/CVE/list
Log:
NFUs
CVE-2007-5965 fixed in qt4-x11 4.3.3-1, does not affect qt3


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-01-09 13:09:13 UTC (rev 7862)
+++ data/CVE/list	2008-01-09 13:47:55 UTC (rev 7863)
@@ -134,27 +134,28 @@
 	[etch] - asterisk <not-affected> (Only Asterisk 1.4.x affected)
 	[sarge] - asterisk <not-affected> (Only Asterisk 1.4.x affected)
 CVE-2008-0094 (Multiple directory traversal vulnerabilities in MODx Content ...)
-	TODO: check
+	NOT-FOR-US: MODx Content Management System
 CVE-2008-0093 (Multiple cross-site scripting (XSS) vulnerabilities in newticket.php ...)
-	TODO: check
+	NOT-FOR-US: eTicket
 CVE-2007-6676 (The default configuration of Uber Uploader (UU) 5.3.6 and earlier does ...)
-	TODO: check
+	NOT-FOR-US: Uber Uploader
 CVE-2007-6675 (The b_system_comments_show function in ...)
-	TODO: check
+	NOT-FOR-US: XOOPS
 CVE-2007-6674 (Cross-site scripting (XSS) vulnerability in Default.asp in RapidShare ...)
-	TODO: check
+	NOT-FOR-US: RapidShare Database
 CVE-2007-6673 (Cross-site scripting (XSS) vulnerability in Makale Scripti allows ...)
-	TODO: check
+	NOT-FOR-US: Makale Scripti
 CVE-2007-6672 (Directory traversal vulnerability in Mortbay Jetty 6.1.5 and 6.1.6 ...)
 	TODO: check
+	NOTE: poked upstream if this does affect jetty 5 as well
 CVE-2007-6671 (SQL injection vulnerability in login_form.asp in Instant Softwares ...)
-	TODO: check
+	NOT-FOR-US: Instant Softwares Dating Site
 CVE-2007-6670 (SQL injection vulnerability in search.php in PHCDownload 1.1.0 allows ...)
-	TODO: check
+	NOT-FOR-US: PHCDownload
 CVE-2007-6669 (Cross-site scripting (XSS) vulnerability in search.php in PHCDownload ...)
-	TODO: check
+	NOT-FOR-US: PHCDownload
 CVE-2007-6668 (admin/uploadgames.php in MySpace Content Zone (MCZ) 3.x does not ...)
-	TODO: check
+	NOT-FOR-US: MySpace Content Zone
 CVE-2008-XXXX [splitvt fails to drop group utmp priviledges]
 	- splitvt 1.6.6-4
 CVE-2008-XXXX [wordpress information leak]
@@ -1984,7 +1985,8 @@
 	{DSA-1436-1}
 	- linux-2.6 2.6.23-2
 CVE-2007-5965 (QSslSocket in Trolltech Qt 4.3.0 through 4.3.2 does not properly ...)
-	TODO: check
+	- qt4-x11 4.3.3-1
+	- qt-x11-free <not-affected> (Vulnerable code not present)
 CVE-2007-5964 (The default configuration of autofs 5 in Red Hat Enterprise Linux ...)
 	- autofs 3.1.4-8 (medium)
 	- autofs5 <unfixed>
@@ -2518,7 +2520,7 @@
 CVE-2007-5762
 	RESERVED
 CVE-2007-5761 (The NantSys device 5.0.0.115 in Motorola netOctopus 5.1.2 build 1011 ...)
-	TODO: check
+	NOT-FOR-US: Motorola netOctopus
 CVE-2007-5760
 	RESERVED
 CVE-2007-5759
@@ -3052,7 +3054,7 @@
 CVE-2007-5666
 	RESERVED
 CVE-2007-5665 (STEngine.exe 3.5.0.20 in Novell ZENworks Endpoint Security Management ...)
-	TODO: check
+	NOT-FOR-US: Novell ZENworks Endpoint Security Management
 CVE-2007-5664
 	RESERVED
 CVE-2007-5663
@@ -4241,7 +4243,7 @@
 CVE-2007-5353
 	RESERVED
 CVE-2007-5352 (Unspecified vulnerability in Local Security Authority Subsystem ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Windows
 CVE-2007-5351 (Unspecified vulnerability in Server Message Block Version 2 (SMBv2) ...)
 	NOT-FOR-US: Microsoft Vista
 CVE-2007-5350 (Unspecified vulnerability in the Windows Advanced Local Procedure Call ...)
@@ -17495,13 +17497,13 @@
 CVE-2007-0070
 	RESERVED
 CVE-2007-0069 (Unspecified vulnerability in the kernel in Microsoft Windows XP SP2, ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Windows
 CVE-2007-0068 (IBM Lotus Domino 7.0.x before 7.0.3 does not revalidate the signature ...)
 	NOT-FOR-US: IBM Lotus Domino
 CVE-2007-0067 (Unspecified vulnerability in the Lotus Domino Web Server 6.0, 6.5.x ...)
 	NOT-FOR-US: Lotus Domino Server
 CVE-2007-0066 (Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Windows
 CVE-2007-0065
 	RESERVED
 CVE-2007-0064 (Heap-based buffer overflow in Windows Media Format Runtime 7.1, 9, ...)




More information about the Secure-testing-commits mailing list