[Secure-testing-commits] r11672 - data/CVE

[Nico Golde]

Author: nion
Date: 2009-04-20 21:57:47 +0000 (Mon, 20 Apr 2009)
New Revision: 11672

Modified:
   data/CVE/list
Log:
- CVE-2008-6505 doesn't affect struts in Debian
- NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-04-20 21:14:20 UTC (rev 11671)
+++ data/CVE/list	2009-04-20 21:57:47 UTC (rev 11672)
@@ -11,15 +11,15 @@
 CVE-2009-1336
 	RESERVED
 CVE-2009-1335 (Microsoft Internet Explorer 7 and 8 on Windows XP and Vista allows ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2009-1334 (Cross-site scripting (XSS) vulnerability in login/FilepathLogin.html ...)
-	TODO: check
+	NOT-FOR-US: IBM Tivoli Continuous Data Protection
 CVE-2009-1333 (Cross-site scripting (XSS) vulnerability in refresh_rate.htm in the ...)
-	TODO: check
+	NOT-FOR-US: HP Deskjet
 CVE-2009-1332 (The Online Help feature in Sun Java System Directory Server 5.2 and ...)
-	TODO: check
+	NOT-FOR-US: Sun Java System Directory Server
 CVE-2009-1331 (Integer overflow in Microsoft Windows Media Player (WMP) ...)
-	TODO: check
+	NOT-FOR-US: Windows Media Player
 CVE-2009-XXXX [linux-2.6: /dev/mem rootkit vulnerability]
 	- linux-2.6 2.6.29-1 (low; bug #524373)
 	NOTE: according to the kernel team (see bug report), they have no interest in backporting a
@@ -1245,7 +1245,8 @@
 CVE-2008-6507 (Unspecified vulnerability in phpBB before 3.0.4 allows attackers to ...)
 	- phpbb3 3.0.2-4
 CVE-2008-6505 (Multiple directory traversal vulnerabilities in Apache Struts 2.0.x ...)
-	TODO: check
+	- libstruts1.2-java <not-affected> (Vulnerable code not present)
+	NOTE: looks like this was introduced in 2.x, see upstream trunk r688095
 CVE-2008-6504 (ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and ...)
 	NOT-FOR-US: OpenSymphony XWork
 CVE-2009-1040 (Buffer overflow in WinAsm Studio 5.1.5.0 allows user-assisted remote ...)