[Secure-testing-commits] r10423 - data/CVE

[nion at alioth.debian.org]

Author: nion
Date: 2008-11-19 19:00:51 +0000 (Wed, 19 Nov 2008)
New Revision: 10423

Modified:
   data/CVE/list
Log:
NFUs
CVE-2008-5102 doesn't affect zope3 for zope2 on debian -> non-issue


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-11-19 17:35:00 UTC (rev 10422)
+++ data/CVE/list	2008-11-19 19:00:51 UTC (rev 10423)
@@ -3,9 +3,9 @@
 CVE-2008-XXXX [no-ip DUC remote code execution]
 	- no-ip <unfixed> (bug #506179)
 CVE-2008-5132 (SQL injection vulnerability in inc/ajax/ajax_rating.php in MemHT ...)
-	TODO: check
+	NOT-FOR-US: MemHT Portal
 CVE-2008-5131 (Multiple SQL injection vulnerabilities in Develop It Easy News And ...)
-	TODO: check
+	NOT-FOR-US: Develop It Easy News And Article System
 CVE-2008-5130 (Ocean12 Calendar Manager Gold 2.04 stores sensitive information under ...)
 	NOT-FOR-US: Ocean12 software
 CVE-2008-5129 (Ocean12 Poll Manager Pro 1.00 stores sensitive information under the ...)
@@ -15,31 +15,31 @@
 CVE-2008-5127 (Ocean12 Contact Manager Pro 1.02 stores sensitive information under ...)
 	NOT-FOR-US: Ocean12 software
 CVE-2008-5126 (Cross-site scripting (XSS) vulnerability in search.php in BoutikOne ...)
-	TODO: check
+	NOT-FOR-US: BoutikOne
 CVE-2008-5125 (admin.php in CCleague Pro 1.2 allows remote attackers to bypass ...)
-	TODO: check
+	NOT-FOR-US: CCleague Pro
 CVE-2008-5124 (JSCAPE Secure FTP Applet 4.8.0 and earlier does not ask the user to ...)
-	TODO: check
+	NOT-FOR-US: JSCAPE Secure FTP Applet
 CVE-2008-5123 (SQL injection vulnerability in admin.php in CCleague Pro 1.2 allows ...)
-	TODO: check
+	NOT-FOR-US: CCleague Pro
 CVE-2008-5122 (SQL injection vulnerability in ContentRatingGraph.aspx in Ektron ...)
-	TODO: check
+	NOT-FOR-US: Ektron CMS400.NET
 CVE-2008-5121 (dne2000.sys in Citrix Deterministic Network Enhancer (DNE) 2.21.7.233 ...)
-	TODO: check
+	NOT-FOR-US: Citrix Deterministic Network Enhancer
 CVE-2008-5120 (Stack-based buffer overflow in the Process Software MultiNet finger ...)
-	TODO: check
+	NOT-FOR-US: MultiNet finger service
 CVE-2008-5119 (Cross-site scripting (XSS) vulnerability in search.php in ...)
-	TODO: check
+	NOT-FOR-US: Scripts4Profit DXShopCart
 CVE-2008-5118 (Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 ...)
-	TODO: check
+	NOT-FOR-US: Sun Java System Identity Manager
 CVE-2008-5117 (Open redirect vulnerability in Sun Java System Identity Manager 6.0 ...)
-	TODO: check
+	NOT-FOR-US: Sun Java System Identity Manager
 CVE-2008-5116 (Unspecified vulnerability in Sun Java System Identity Manager 6.0 ...)
-	TODO: check
+	NOT-FOR-US: Sun Java System Identity Manager
 CVE-2008-5115 (Cross-site request forgery (CSRF) vulnerability in Sun Java System ...)
-	TODO: check
+	NOT-FOR-US: Sun Java System Identity Manager
 CVE-2008-5114 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System ...)
-	TODO: check
+	NOT-FOR-US: Sun Java System Identity Manager
 CVE-2008-5112 (The LDAP server in Active Directory in Microsoft Windows 2000 SP4 and ...)
 	NOT-FOR-US: Microsoft
 CVE-2008-5111 (Unspecified vulnerability in the socket function in Sun Solaris 10 and ...)
@@ -59,7 +59,11 @@
 CVE-2008-5103 (The (1) python-vm-builder and (2) ubuntu-vm-builder implementations in ...)
 	NOT-FOR-US: VMBuilder
 CVE-2008-5102 (PythonScripts in Zope 2 2.11.2 and earlier, as used in Conga and other ...)
-	TODO: check
+	- zope2.10 <unfixed> (unimportant)
+	NOTE: this only affects installations in which users have unrestricted access to the management
+	NOTE: interface. On Debian there one admin user is added for this at installation time and
+	NOTE: non-trustworthy users shouldn't have access to the interface.
+	- zope3 <not-affected> (Vulnerable code not present)
 CVE-2008-5100 (The strong name (SN) implementation in Microsoft .NET Framework ...)
 	NOT-FOR-US: Microsoft .NET Framework
 CVE-2008-5099 (Sun Logical Domain Manager (aka LDoms Manager or ldm) 1.0 through ...)