[Secure-testing-commits] r17570 - data/CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Tue Nov 8 07:26:52 UTC 2011


Author: jmm
Date: 2011-11-08 07:26:51 +0000 (Tue, 08 Nov 2011)
New Revision: 17570

Modified:
   data/CVE/list
Log:
rpm fixed
nss fixed


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2011-11-07 21:14:20 UTC (rev 17569)
+++ data/CVE/list	2011-11-08 07:26:51 UTC (rev 17570)
@@ -251,15 +251,15 @@
 CVE-2011-4278
 	RESERVED
 CVE-2011-4277 (Cross-site scripting (XSS) vulnerability in CourseForum ProjectForum ...)
-	TODO: check
+	NOT-FOR-US: CourseForum
 CVE-2011-4276
 	RESERVED
 CVE-2011-4275
 	RESERVED
 CVE-2011-4274 (Cross-site scripting (XSS) vulnerability in the A-Form PC and ...)
-	TODO: check
+	NOT-FOR-US: Movable Type plugin
 CVE-2011-4273 (Multiple cross-site scripting (XSS) vulnerabilities in GoAhead ...)
-	TODO: check
+	NOT-FOR-US: GoAhead Webserver
 CVE-2011-4272
 	RESERVED
 CVE-2011-4271
@@ -281,9 +281,9 @@
 CVE-2011-4263
 	RESERVED
 CVE-2010-5045 (Cross-site scripting (XSS) vulnerability in poll/default.asp in Smart ...)
-	TODO: check
+	NOT-FOR-US: Smart ASP Survey
 CVE-2010-5044 (SQL injection vulnerability in models/log.php in the Search Log ...)
-	TODO: check
+	NOT-FOR-US: Search log Joomla addon
 CVE-2010-5043 (SQL injection vulnerability in the DJ-ArtGallery (com_djartgallery) ...)
 	TODO: check
 CVE-2010-5042 (Cross-site scripting (XSS) vulnerability in the DJ-ArtGallery ...)
@@ -2139,7 +2139,7 @@
 	RESERVED
 CVE-2011-3640 (** DISPUTED ** Untrusted search path vulnerability in Mozilla Network ...)
 	{DSA-2339-1}
-	- nss <unfixed> (low; bug #647614)
+	- nss 3.13.1.with.ckbi.1.88-1 (low; bug #647614)
 	[lenny] - nss <no-dsa> (Minor issue)
 	[squeeze] - nss <no-dsa> (Minor issue)
 	- chromium-browser <unfixed> (low)
@@ -2870,7 +2870,7 @@
 	[lenny] - php5 <not-affected> (Introduced in 5.3.7)
 CVE-2011-3378
 	RESERVED
-	- rpm <unfixed> (low; bug #645325)
+	- rpm 4.9.1.2-1 (low; bug #645325)
 	[squeeze] - rpm <no-dsa> (rpm isn't used a a package manager, very limited attack vector)
 	[lenny] - rpm <no-dsa> (rpm isn't used a a package manager, very limited attack vector)
 CVE-2011-3377




More information about the Secure-testing-commits mailing list