[Secure-testing-commits] r17767 - data/CVE

Helmut Grohne helmut-guest at alioth.debian.org
Fri Dec 9 20:41:00 UTC 2011 

Author: helmut-guest
Date: 2011-12-09 20:41:00 +0000 (Fri, 09 Dec 2011)
New Revision: 17767

Modified:
   data/CVE/list
Log:
NFUs, <undetermined>, <removed>

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2011-12-09 09:14:21 UTC (rev 17766)
+++ data/CVE/list	2011-12-09 20:41:00 UTC (rev 17767)
@@ -2157,7 +2157,7 @@
 CVE-2010-4873 (Cross-site scripting (XSS) vulnerability in confirm.php in WeBid 0.8.5 ...)
 	NOT-FOR-US: WeBid
 CVE-2010-4872 (SQL injection vulnerability in newsroom.asp in ASPilot Pilot Cart 7.3 ...)
-	NOT-FOR-US: SmartFTP
+	NOT-FOR-US: ASPilot Pilot Cart
 CVE-2010-4871 (Unspecified vulnerability in SmartFTP before 4.0 Build 1142 allows ...)
 	NOT-FOR-US: SmartFTP
 CVE-2010-4870 (SQL injection vulnerability in index.php in BloofoxCMS 0.3.5 allows ...)
@@ -3318,6 +3318,7 @@
 CVE-2011-3579 (server/webmail.php in IceWarp WebMail in IceWarp Mail Server before ...)
 	NOT-FOR-US: IceWarp Mail Server
 CVE-2011-3578 (Cross-site scripting (XSS) vulnerability in ...)
+	- mantis <undetermined>
 	TODO: check, whether this was fixed in the DSA for CVE-2011-3357
 CVE-2004-2770
 	REJECTED
@@ -3860,7 +3861,7 @@
 	TODO: file bug for kolab-cyrus-imapd
 	NOTE: medium because it allows to exploit CVE-2011-3208 unauthenticated
 CVE-2011-3371 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
-	NOTE: PunBB
+	NOT-FOR-US: PunBB
 CVE-2011-3370
 	RESERVED
 CVE-2011-3369 (The add_conversation function in conversations.c in EtherApe before ...)
@@ -4778,7 +4779,7 @@
 CVE-2011-3010 (Multiple cross-site scripting (XSS) vulnerabilities in TWiki before ...)
 	NOT-FOR-US: Twiki
 CVE-2011-3009 (Ruby before 1.8.6-p114 does not reset the random seed upon forking, ...)
-	TODO: check
+	- ruby1.8 <undetermined>
 CVE-2011-3008 (The default configuration of Avaya Secure Access Link (SAL) Gateway ...)
 	NOT-FOR-US: Avaya Secure Access Link Gateway
 CVE-2008-7298 (The Android browser in Android cannot properly restrict modifications ...)
@@ -7143,7 +7144,7 @@
 	{DSA-2271-1}
 	- curl 7.21.6-2 (high; bug #631615)
 CVE-2011-2191 (Cross-site request forgery (CSRF) vulnerability in Cherokee-admin in ...)
-	TODO: check
+	- cherokee <undetermined>
 CVE-2011-2189 (net/core/net_namespace.c in the Linux kernel 2.6.32 and earlier does ...)
 	- linux-2.6 2.6.35-1 (low)
 	[lenny] - linux-2.6 <no-dsa> (attacker needs elevated CAP_SYS_ADMIN privileges to abuse this)
@@ -9641,7 +9642,7 @@
 CVE-2011-1341 (Cross-site request forgery (CSRF) vulnerability in Aimluck Aipo before ...)
 	NOT-FOR-US: Aimluck Aipo
 CVE-2011-1340 (Cross-site scripting (XSS) vulnerability in ...)
-	TODO: check
+	- plone3 <removed>
 CVE-2011-1339 (Cross-site scripting (XSS) vulnerability in Google Search Appliance ...)
 	NOT-FOR-US: Google Search Appliance
 CVE-2011-1338 (Untrusted search path vulnerability in XnView before 1.98.1 allows ...)

More information about the Secure-testing-commits mailing list