[Secure-testing-commits] r12605 - data/CVE

Giuseppe Iuculano derevko-guest at alioth.debian.org
Sun Aug 16 12:38:43 UTC 2009


Author: derevko-guest
Date: 2009-08-16 12:38:43 +0000 (Sun, 16 Aug 2009)
New Revision: 12605

Modified:
   data/CVE/list
Log:
- NFUs
- wordpress password reset got a CVE id


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-08-16 02:30:36 UTC (rev 12604)
+++ data/CVE/list	2009-08-16 12:38:43 UTC (rev 12605)
@@ -2,10 +2,8 @@
 	RESERVED
 CVE-2009-XXXX [logrotate insecure tempfile]
 	- logrotate 3.7.8-4 (low)
-CVE-2009-2762 (wp-login.php in WordPress 2.8.3 and earlier allows remote attackers to ...)
-	TODO: check
 CVE-2008-6973 (Multiple unspecified vulnerabilities in IBM WebSphere Commerce 6.0 ...)
-	TODO: check
+	NOT-FOR-US: IBM WebSphere 
 CVE-2008-6961 (mailnews in Mozilla Thunderbird before 2.0.0.18 and SeaMonkey before ...)
 	TODO: check
 CVE-2009-XXXX [XSS in drupal printing module]
@@ -215,13 +213,11 @@
 	NOT-FOR-US: TaskDriver 1.3
 CVE-2008-6918 (Unrestricted file upload vulnerability in admin/galeria.php in ...)
 	NOT-FOR-US: ThePortal2
-CVE-2009-XXXX [wordpress password reset]
+CVE-2009-2762 (wp-login.php in WordPress 2.8.3 and earlier allows remote attackers to ...)
 	- wordpress 2.8.3-2 (unimportant; bug #541102)
 	[lenny] - wordpress <not-affected> (Vulnerable code not present)
 	[etch] - wordpress <not-affected> (Vulnerable code not present)
 	NOTE: not really a security issue in my opinion, just an annoying bug
-	NOTE: attacker can gain access to wordpress accounts, which is undesirable,
-	NOTE: but not horribly useful or bad for the rest of the system
 CVE-2009-XXXX [libxerces2-java: xml-based firewall bypass / port scanning]
 	- libxerces2-java <unfixed> (low; bug #540862)
 	[etch] - libxerces2-java <no-dsa> (minor issue)
@@ -2068,25 +2064,25 @@
 CVE-2009-2095 (PHP remote file inclusion vulnerability in ...)
 	NOT-FOR-US: Mundi Mail
 CVE-2009-2094 (Unspecified vulnerability in IBM WebSphere Commerce 6.0 Enterprise ...)
-	TODO: check
+	NOT-FOR-US: IBM WebSphere Commerce
 CVE-2009-2093 (SQL injection vulnerability in the console in IBM WebSphere Partner ...)
-	TODO: check
+	NOT-FOR-US: IBM WebSphere
 CVE-2009-2092 (IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.5 does not ...)
-	TODO: check
+	NOT-FOR-US: IBM WebSphere
 CVE-2009-2091 (The System Management/Repository component in IBM WebSphere ...)
-	TODO: check
+	NOT-FOR-US: IBM WebSphere
 CVE-2009-2090 (Unspecified vulnerability in wsadmin in the System ...)
-	TODO: check
+	NOT-FOR-US: IBM WebSphere
 CVE-2009-2089 (The Migration component in IBM WebSphere Application Server (WAS) 6.1 ...)
-	TODO: check
+	NOT-FOR-US: IBM WebSphere
 CVE-2009-2088 (The Servlet Engine/Web Container component in IBM WebSphere ...)
-	TODO: check
+	NOT-FOR-US: IBM WebSphere
 CVE-2009-2087 (The Web Services functionality in IBM WebSphere Application Server ...)
-	TODO: check
+	NOT-FOR-US: IBM WebSphere
 CVE-2009-2086
 	REJECTED
 CVE-2009-2085 (The Security component in IBM WebSphere Application Server (WAS) 6.1 ...)
-	TODO: check
+	NOT-FOR-US: IBM WebSphere
 CVE-2009-2084 (Simple Linux Utility for Resource Management (SLURM) 1.2 and 1.3 ...)
 	{DSA-1776-1}
 	- slurm-llnl 1.3.15-1 (bug #524980)
@@ -5879,7 +5875,7 @@
 CVE-2009-0907
 	REJECTED
 CVE-2009-0906 (The Service Component Architecture (SCA) feature pack for IBM ...)
-	TODO: check
+	NOT-FOR-US: IBM WebSphere 
 CVE-2009-0905
 	RESERVED
 CVE-2009-0904 (The IBM Stax XMLStreamWriter in the Web Services component in IBM ...)




More information about the Secure-testing-commits mailing list