[Secure-testing-commits] r16243 - data/CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Wed Feb 23 21:41:53 UTC 2011 

Author: jmm
Date: 2011-02-23 21:41:51 +0000 (Wed, 23 Feb 2011)
New Revision: 16243

Modified:
   data/CVE/list
Log:
NFUs
two new rails issues (Thijs, can you add this to the existing ticket?)


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2011-02-23 21:26:32 UTC (rev 16242)
+++ data/CVE/list	2011-02-23 21:41:51 UTC (rev 16243)
@@ -32,11 +32,10 @@
 	- pam-pgsql 0.7.1-5 (bug #603436)
 CVE-2011-1044 (The ib_uverbs_poll_cq function in drivers/infiniband/core/uverbs_cmd.c ...)
 	- linux-2.6 <unfixed>
-	TODO: check
 CVE-2011-1043
 	RESERVED
 CVE-2011-1042 (Use-after-free vulnerability in flimflamd in flimflam in Google Chrome ...)
-	TODO: check
+	NOT-FOR-US: flimflam in Google Chrome OS
 CVE-2011-1041
 	RESERVED
 CVE-2011-1040
@@ -50,7 +49,7 @@
 CVE-2011-1036
 	RESERVED
 CVE-2011-1035 (The password reset in PivotX before 2.2.4 allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: PivotX
 CVE-2010-4744 (Multiple unspecified vulnerabilities in abcm2ps before 5.9.13 have ...)
 	- abcm2ps 5.9.22-1 (low)
 	[squeeze] - abcm2ps <no-dsa> (Minor issue)
@@ -60,23 +59,23 @@
 	[squeeze] - abcm2ps <no-dsa> (Minor issue)
 	[lenny] - abcm2ps <no-dsa> (Minor issue)
 CVE-2010-4742 (Stack-based buffer overflow in a certain ActiveX control in ...)
-	TODO: check
+	NOT-FOR-US: MediaDBPlayback.DLL
 CVE-2010-4741 (Stack-based buffer overflow in MDMUtil.dll in MDMTool.exe in MDM Tool ...)
-	TODO: check
+	NOT-FOR-US: Moxa Device Manager 
 CVE-2011-1034 (Cross-site scripting (XSS) vulnerability in the UI in IBM Rational ...)
 	NOT-FOR-US: IBM Rational Build Forge
 CVE-2010-4740 (Stack-based buffer overflow in WTclient.dll in SCADA Engine BACnet OPC ...)
 	NOT-FOR-US: SCADA Engine BACnet
 CVE-2010-4739 (SQL injection vulnerability in the Maian Media Silver (com_maianmedia) ...)
-	TODO: check
+	NOT-FOR-US: Maian Media Silver
 CVE-2010-4738 (Multiple SQL injection vulnerabilities in Rae Media INC Real Estate ...)
-	TODO: check
+	NOT-FOR-US: Rae Media INC Real Estate Single and Multi Agent System
 CVE-2010-4737 (SQL injection vulnerability in resorts.asp in HotWebScripts HotWeb ...)
-	TODO: check
+	NOT-FOR-US: HotWebScripts HotWeb Rentals 
 CVE-2010-4736 (SQL injection vulnerability in ECO.asp in GateSoft DocuSafe 4.1.0 and ...)
 	NOT-FOR-US: GateSoft DocuSafe
 CVE-2010-4735 (SQL injection vulnerability in shoppingcart.asp in Ecommercemax ...)
-	TODO: check
+	NOT-FOR-US: Ecommercemax Solutions Digital-goods seller
 CVE-2010-4734 (Multiple cross-site scripting (XSS) vulnerabilities in the comment ...)
 	NOT-FOR-US: Skeletonz CMS
 CVE-2011-1033 (Stack-based buffer overflow in oninit in IBM Informix Dynamic Server ...)
@@ -404,11 +403,11 @@
 CVE-2011-0911 (Cross-site scripting (XSS) vulnerability in the Users module in Zikula ...)
 	NOT-FOR-US: zikula
 CVE-2011-0910 (The cookie implementation in Vanilla Forums before 2.0.17.6 makes it ...)
-	TODO: check
+	NOT-FOR-US: Vanilla Forums
 CVE-2011-0909 (Cross-site scripting (XSS) vulnerability in Vanilla Forums before ...)
-	TODO: check
+	NOT-FOR-US: Vanilla Forums
 CVE-2011-0908 (Open redirect vulnerability in Vanilla Forums before 2.0.17.6 allows ...)
-	TODO: check
+	NOT-FOR-US: Vanilla Forums
 CVE-2011-0907
 	RESERVED
 CVE-2011-0906
@@ -430,7 +429,7 @@
 	[lenny] - tsclient <no-dsa> (Minor issue)
 	[squeeze] - tsclient <no-dsa> (Minor issue)
 CVE-2011-0899 (The AES encryption module 7.x-1.4 for Drupal leaves certain debugging ...)
-	TODO: check
+	NOT-FOR-US: AES module for Drupal
 CVE-2011-0898
 	RESERVED
 CVE-2011-0897
@@ -974,7 +973,7 @@
 	RESERVED
 	- linux-2.6 <unfixed>
 CVE-2011-0694 (RealNetworks RealPlayer 11.0 through 11.1, SP 1.0 through 1.1.5, and ...)
-	TODO: check
+	NOT-FOR-US: RealPlayer
 CVE-2011-0693
 	RESERVED
 CVE-2011-0692
@@ -1068,7 +1067,7 @@
 CVE-2011-0655
 	RESERVED
 CVE-2011-0654 (Integer underflow in the BowserWriteErrorLogEntry function in the ...)
-	TODO: check
+	NOT-FOR-US: Windows 2003
 CVE-2011-0653
 	RESERVED
 CVE-2011-0652 (lnsfw1.sys 6.0.2900.5512 in Look 'n' Stop Firewall 2.06p4 and 2.07 ...)
@@ -1372,7 +1371,7 @@
 CVE-2011-0527
 	RESERVED
 CVE-2011-0526 (Cross-site scripting (XSS) vulnerability in index.php in Vanilla ...)
-	TODO: check
+	NOT-FOR-US: Vanilla Forums
 CVE-2011-0525
 	RESERVED
 CVE-2011-0524
@@ -1578,7 +1577,7 @@
 CVE-2011-0454
 	RESERVED
 CVE-2011-0453 (F-Secure Internet Gatekeeper for Linux 3.x before 3.03 does not ...)
-	TODO: check
+	NOT-FOR-US: F-Secure Internet Gatekeeper
 CVE-2011-0452
 	RESERVED
 CVE-2011-0451 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
@@ -1586,13 +1585,13 @@
 CVE-2011-0450 (The downloads manager in Opera before 11.01 on Windows does not ...)
 	NOT-FOR-US: Opera
 CVE-2011-0449 (actionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x ...)
-	TODO: check
+	- rails <not-affected> (Only affects 3.x)
 CVE-2011-0448 (Ruby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the ...)
-	TODO: check
+	- rails <not-affected> (Only affects 3.x)
 CVE-2011-0447 (Ruby on Rails 2.1.x, 2.2.x, and 2.3.x before 2.3.11, and 3.x before ...)
-	TODO: check
+	- rails <unfixed>
 CVE-2011-0446 (Multiple cross-site scripting (XSS) vulnerabilities in the mail_to ...)
-	TODO: check
+	- rails <unfixed>
 CVE-2010-4695 (A certain Fedora patch for gif2png.c in gif2png 2.5.1 and 2.5.2, as ...)
 	- gif2png 2.5.4-2 (low; bug #610479)
 	[lenny] - gif2png <no-dsa> (Minor issue)

More information about the Secure-testing-commits mailing list