[Secure-testing-commits] r10410 - data/CVE

[adeiacovo-guest at alioth.debian.org]

Author: adeiacovo-guest
Date: 2008-11-18 08:54:36 +0000 (Tue, 18 Nov 2008)
New Revision: 10410

Modified:
   data/CVE/list
Log:
checked a bunch of NFUs and a typo3 CVE


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-11-18 07:50:23 UTC (rev 10409)
+++ data/CVE/list	2008-11-18 08:54:36 UTC (rev 10410)
@@ -5,13 +5,16 @@
 	- dovecot <unfixed> (bug #506031)
 	TODO: request CVE id
 CVE-2008-5097 (SQL injection vulnerability in index.php in MyFWB 1.0 allows remote ...)
-	TODO: check
+	NOT-FOR-US: MyFWB
 CVE-2008-5096 (Unspecified vulnerability in the TYPO3 File List (file_list) extension ...)
-	TODO: check
+	- typo3-src-4.2 <unfixed> (bug filed; medium)
+	- typo3-src-4.0 <unfixed> (bug filed; medium)
+	NOTE: upstream is not going to fix the bug,
+	NOTE: they recommend to remove the extension until it is not fixed.
 CVE-2008-5095 (Cross-site scripting (XSS) vulnerability in the Novell User ...)
-	TODO: check
+	NOT-FOR-US: Novell User Application
 CVE-2008-5094 (Heap-based buffer overflow in the NDS Service in Novell eDirectory ...)
-	TODO: check
+	NOT-FOR-US: eDirectory
 CVE-2008-5093 (Cross-site scripting (XSS) vulnerability in the HTTP Protocol Stack ...)
 	TODO: check
 CVE-2008-5092 (Heap-based buffer overflows in Novell eDirectory HTTP protocol stack ...)
@@ -19,11 +22,11 @@
 CVE-2008-5091 (Buffer overflow in the LDAP Service in Novell eDirectory before 8.8 ...)
 	TODO: check
 CVE-2008-5090 (Electron Inc. Advanced Electron Forum before 1.0.7 allows remote ...)
-	TODO: check
+	NOT-FOR-US: Advanced Electron Forum
 CVE-2008-5089 (Multiple insecure method vulnerabilities in the ...)
 	TODO: check
 CVE-2008-5088 (Multiple SQL injection vulnerabilities in PHPKB Knowledge Base ...)
-	TODO: check
+	NOT-FOR-US: PHPKB
 CVE-2008-5087 (SQL injection vulnerability in TYPO3 Another Backend Login ...)
 	TODO: check
 CVE-2008-5086