[Secure-testing-commits] r19999 - data/CVE

Raphael Geissert geissert at alioth.debian.org
Tue Aug 21 14:59:11 UTC 2012 

Author: geissert
Date: 2012-08-21 14:59:11 +0000 (Tue, 21 Aug 2012)
New Revision: 19999

Modified:
   data/CVE/list
Log:
some NFUs, one ruby-sqlite3 issue


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-08-21 13:18:05 UTC (rev 19998)
+++ data/CVE/list	2012-08-21 14:59:11 UTC (rev 19999)
@@ -1,17 +1,17 @@
 CVE-2012-4359 (Sielco Sistemi Winlog Pro SCADA before 2.07.18 and Winlog Lite SCADA ...)
-	TODO: check
+	NOT-FOR-US: Sielco Sistemi Winlog SCADA
 CVE-2012-4358 (Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA ...)
-	TODO: check
+	NOT-FOR-US: Sielco Sistemi Winlog SCADA
 CVE-2012-4357 (Array index error in Sielco Sistemi Winlog Pro SCADA before 2.07.17 ...)
-	TODO: check
+	NOT-FOR-US: Sielco Sistemi Winlog SCADA
 CVE-2012-4356 (Multiple directory traversal vulnerabilities in Sielco Sistemi Winlog ...)
-	TODO: check
+	NOT-FOR-US: Sielco Sistemi Winlog SCADA
 CVE-2012-4355 (TCPIPS_Story.dll in Sielco Sistemi Winlog Pro SCADA before 2.07.18 and ...)
-	TODO: check
+	NOT-FOR-US: Sielco Sistemi Winlog SCADA
 CVE-2012-4354 (TCPIPS_Story.dll in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and ...)
-	TODO: check
+	NOT-FOR-US: Sielco Sistemi Winlog SCADA
 CVE-2012-4353 (Stack-based buffer overflow in RunTime.exe in Sielco Sistemi Winlog ...)
-	TODO: check
+	NOT-FOR-US: Sielco Sistemi Winlog SCADA
 CVE-2012-4352
 	RESERVED
 CVE-2012-XXXX [geshi XSS in contrib/langwiz.php]
@@ -770,9 +770,9 @@
 CVE-2012-4008
 	RESERVED
 CVE-2012-4007 (The mixi application before 4.3.0 for Android allows remote attackers ...)
-	TODO: check
+	NOT-FOR-US: mixi application for Android
 CVE-2012-4006 (The GREE application before 1.4.0, GREE Tanken Dorirando application ...)
-	TODO: check
+	NOT-FOR-US: GREE application for Android
 CVE-2012-4005 (The NHN Japan NAVER LINE application before 2.5.5 for Android does not ...)
 	NOT-FOR-US: NHN Japan NAVER LINE 
 CVE-2012-4004 (Cross-site scripting (XSS) vulnerability in the Sleipnir Mobile ...)
@@ -3001,9 +3001,9 @@
 CVE-2012-3026
 	RESERVED
 CVE-2012-3025 (The default configuration of Tridium Niagara AX Framework through 3.6 ...)
-	TODO: check
+	NOT-FOR-US: Tridium Niagara AX Framework
 CVE-2012-3024 (Tridium Niagara AX Framework through 3.6 uses predictable values for ...)
-	TODO: check
+	NOT-FOR-US: Tridium Niagara AX Framework
 CVE-2012-3023
 	RESERVED
 CVE-2012-3022
@@ -5046,7 +5046,7 @@
 CVE-2012-2206 (The Web Gateway component in IBM WebSphere MQ File Transfer Edition ...)
 	NOT-FOR-US: IBM WebSphere MQ File Transfer Edition
 CVE-2012-2205 (Cross-site scripting (XSS) vulnerability in IBM Rational ClearQuest ...)
-	TODO: check
+	NOT-FOR-US: IBM Rational ClearQuest
 CVE-2012-2204
 	RESERVED
 CVE-2012-2203 (IBM Global Security Kit (aka GSKit) before 8.0.14.22, as used in IBM ...)
@@ -5120,15 +5120,15 @@
 CVE-2012-2169 (Cross-site scripting (XSS) vulnerability in the file-upload ...)
 	TODO: check
 CVE-2012-2168 (IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 ...)
-	TODO: check
+	NOT-FOR-US: IBM Rational ClearQuest
 CVE-2012-2167
 	RESERVED
 CVE-2012-2166
 	RESERVED
 CVE-2012-2165 (IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3, ...)
-	TODO: check
+	NOT-FOR-US: IBM Rational ClearQuest
 CVE-2012-2164 (The Web client in IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x ...)
-	TODO: check
+	NOT-FOR-US: IBM Rational ClearQuest
 CVE-2012-2163 (IBM Scale Out Network Attached Storage (SONAS) 1.1 through 1.3.1 ...)
 	NOT-FOR-US: IBM Scale Out Network Attached Storage
 CVE-2012-2162 (The Web Server Plug-in in IBM WebSphere Application Server (WAS) 8.0 ...)
@@ -8666,7 +8666,7 @@
 CVE-2012-0745 (The getpwnam function in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.1.0.10 ...)
 	NOT-FOR-US: IBM AIX
 CVE-2012-0744 (IBM Rational ClearQuest 7.1.x through 7.1.2.7 and 8.x through 8.0.0.3 ...)
-	TODO: check
+	NOT-FOR-US: IBM Rational ClearQuest
 CVE-2012-0743 (IBM Tivoli Directory Server (TDS) 6.3 and earlier allows remote ...)
 	NOT-FOR-US: IBM Tivoli Directory Server
 CVE-2012-0742 (IBM Tivoli Event Pump 4.2.2, when the LOG_REQUESTS and ...)
@@ -22701,6 +22701,7 @@
 	- dhcpcd <not-affected> (old shell quoting code is not vulnerable)
 	NOTE: Debian's dhcpcd.sh is not vulnerable.
 CVE-2011-0995 (The sqlite3-ruby gem in the rubygem-sqlite3 package before 1.2.4-0.5.1 ...)
+	- ruby-sqlite3 <unfixed>
 	TODO: check
 CVE-2011-0994 (Stack-based buffer overflow in NFRAgent.exe in Novell File Reporter ...)
 	NOT-FOR-US: Novell File Reporter

More information about the Secure-testing-commits mailing list