[Secure-testing-commits] r20510 - data/CVE
Helmut Grohne
helmut-guest at alioth.debian.org
Sun Nov 18 16:40:58 UTC 2012
Author: helmut-guest
Date: 2012-11-18 16:40:58 +0000 (Sun, 18 Nov 2012)
New Revision: 20510
Modified:
data/CVE/list
Log:
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-11-18 14:36:50 UTC (rev 20509)
+++ data/CVE/list 2012-11-18 16:40:58 UTC (rev 20510)
@@ -136,7 +136,8 @@
CVE-2011-5240 (Magento 1.5 and 1.6.2 does not verify that the server hostname matches ...)
NOT-FOR-US: Magento
CVE-2011-5239 (CiviCRM 4.0.5 and 4.1.1 does not verify that the server hostname ...)
- TODO: check
+ NOT-FOR-US: CiviCRM
+ NOTE: RFP #645700
CVE-2011-5238 (google-checkout-php-sample-code before 1.3.2 does not verify that the ...)
NOT-FOR-US: google-checkout-php-sample-code
CVE-2011-5237 (PayPal WPS ToolKit does not verify that the server hostname matches a ...)
@@ -226,7 +227,8 @@
CVE-2012-5786 (The wsdl_first_https sample code in ...)
NOT-FOR-US: Apache CXF
CVE-2012-5785 (Apache Axis2/Java 1.6.2 and earlier does not verify that the server ...)
- TODO: check
+ NOT-FOR-US: Axis2/Java
+ NOTE: Axis2/C is packaged as axis2c, but this is a different software.
CVE-2012-5784 (Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal ...)
- axis <unfixed> (bug #692650)
CVE-2012-5783 (Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments ...)
@@ -386,7 +388,7 @@
CVE-2012-5706
RESERVED
CVE-2012-5705 (Cross-site scripting (XSS) vulnerability in the settings page ...)
- TODO: check
+ NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2012-5704 (The Hotblocks module 6.x-1.x before 6.x-1.8 for Drupal allows remote ...)
NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2012-5703
@@ -1656,7 +1658,7 @@
CVE-2012-5172
RESERVED
CVE-2012-5171 (Directory traversal vulnerability in Be Graph BeZIP before 3.10 allows ...)
- TODO: check
+ NOT-FOR-US: Be Graph's BeZIP
CVE-2012-5170 (Open redirect vulnerability in Pebble before 2.6.4 allows remote ...)
NOT-FOR-US: Pebble blog
CVE-2012-5169 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
More information about the Secure-testing-commits
mailing list