[Secure-testing-commits] r10918 - data/CVE

jmm-guest at alioth.debian.org jmm-guest at alioth.debian.org
Sat Jan 10 11:44:34 UTC 2009 

Author: jmm-guest
Date: 2009-01-10 11:44:33 +0000 (Sat, 10 Jan 2009)
New Revision: 10918

Modified:
   data/CVE/list
Log:
- new openslp issue doesn't affect debian
- NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-01-10 11:16:49 UTC (rev 10917)
+++ data/CVE/list	2009-01-10 11:44:33 UTC (rev 10918)
@@ -1,31 +1,33 @@
+CVE-2009-XXXX [openslp: insecure cert validation through openssl api misuse]
+	- openslp-dfsg <not-affected> (Debian's openslp doesn't build with SSL support)
 CVE-2009-0114
 	RESERVED
 CVE-2009-0113 (Directory traversal vulnerability in attachmentlibrary.php in the ...)
-	TODO: check
+	NOT-FOR-US: Joomla! component
 CVE-2009-0112 (Cross-site request forgery (CSRF) vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: PollPro
 CVE-2009-0111 (SQL injection vulnerability in frontpage.php in Goople CMS 1.8.2 and ...)
-	TODO: check
+	NOT-FOR-US: Goople CMS
 CVE-2009-0110 (SQL injection vulnerability in read.php in RiotPix 0.61 and earlier ...)
-	TODO: check
+	NOT-FOR-US: RiotPix
 CVE-2009-0109 (SQL injection vulnerability in index.php in RiotPix 0.61 and earlier ...)
-	TODO: check
+	NOT-FOR-US: RiotPix
 CVE-2009-0108 (PHPAuctions (aka PHPAuctionSystem) allows remote attackers to bypass ...)
-	TODO: check
+	NOT-FOR-US: PHPAuctions
 CVE-2009-0107 (Cross-site scripting (XSS) vulnerability in profile.php in PHPAuctions ...)
-	TODO: check
+	NOT-FOR-US: PHPAuctions
 CVE-2009-0106 (SQL injection vulnerability in profile.php in PHPAuctions (aka ...)
-	TODO: check
+	NOT-FOR-US: PHPAuctions
 CVE-2009-0105 (Cross-site scripting (XSS) vulnerability in index.php in EZpack 4.2b2 ...)
-	TODO: check
+	NOT-FOR-US: EZpack
 CVE-2009-0104 (SQL injection vulnerability in index.php in EZpack 4.2b2 allows remote ...)
-	TODO: check
+	NOT-FOR-US: EZpack
 CVE-2009-0103 (Multiple PHP remote file inclusion vulnerabilities in playSMS 0.9.3 ...)
-	TODO: check
+	NOT-FOR-US: playSMS
 CVE-2008-5882 (SQL injection vulnerability in login.asp in Citrix Application Gateway ...)
-	TODO: check
+	NOT-FOR-US: Citrix
 CVE-2008-5881 (Multiple directory traversal vulnerabilities in playSMS 0.9.3 allow ...)
-	TODO: check
+	NOT-FOR-US: playSMS
 CVE-2009-0102
 	RESERVED
 CVE-2009-0101

More information about the Secure-testing-commits mailing list