[Secure-testing-commits] r11036 - data/CVE

Sat Jan 24 19:23:40 UTC 2009

Author: atomo64-guest
Date: 2009-01-24 19:23:40 +0000 (Sat, 24 Jan 2009)
New Revision: 11036

Modified:
   data/CVE/list
Log:
php5 xss issue require further investigation, NFUs


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2009-01-24 02:17:22 UTC (rev 11035)
+++ data/CVE/list	2009-01-24 19:23:40 UTC (rev 11036)
@@ -738,7 +738,9 @@
 CVE-2008-5815 (SQL injection vulnerability in Acomment.php in phpAlumni allows remote ...)
 	NOT-FOR-US: phpAlumni
 CVE-2008-5814 (Cross-site scripting (XSS) vulnerability in PHP, possibly 5.2.7 and ...)
-	TODO: check
+	- php5 <unfixed> (low)
+	TODO: check php4
+	NOTE: status is unclear, further investigation is needed
 CVE-2008-5813 (SQL injection vulnerability in inc/rubriques.php in SPIP 1.8 before ...)
 	NOT-FOR-US: SPIP
 CVE-2008-5812 (Multiple unspecified vulnerabilities in SPIP 1.8 before 1.8.3b, 1.9 ...)
@@ -4242,7 +4244,7 @@
 CVE-2008-4389
 	RESERVED
 CVE-2008-4388 (The LaunchObj ActiveX control before 5.2.2.865 in launcher.dll in ...)
-	TODO: check
+	NOT-FOR-US: LaunchObj ActiveX
 CVE-2008-4387 (Unspecified vulnerability in the Simba MDrmSap ActiveX control in ...)
 	NOT-FOR-US: ActiveX
 CVE-2008-4386
@@ -5509,11 +5511,11 @@
 CVE-2008-3867 (SQL injection vulnerability in spaces/emailuser.php in Interact 2.4.1 ...)
 	NOT-FOR-US: Interact
 CVE-2008-3866 (The Trend Micro Personal Firewall service (aka TmPfw.exe) in Trend ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro Personal Firewall
 CVE-2008-3865 (Multiple heap-based buffer overflows in the ApiThread function in the ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro Network Security Component
 CVE-2008-3864 (The ApiThread function in the firewall service (aka TmPfw.exe) in ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro Network Security Component
 CVE-2008-3863 (Stack-based buffer overflow in the read_special_escape function in ...)
 	{DSA-1670-1}
 	- enscript 1.6.4-13 (bug #506261)


