[Secure-testing-commits] r20510 - data/CVE

Helmut Grohne helmut-guest at alioth.debian.org
Sun Nov 18 16:40:58 UTC 2012 

Author: helmut-guest
Date: 2012-11-18 16:40:58 +0000 (Sun, 18 Nov 2012)
New Revision: 20510

Modified:
   data/CVE/list
Log:
NFUs

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-11-18 14:36:50 UTC (rev 20509)
+++ data/CVE/list	2012-11-18 16:40:58 UTC (rev 20510)
@@ -136,7 +136,8 @@
 CVE-2011-5240 (Magento 1.5 and 1.6.2 does not verify that the server hostname matches ...)
 	NOT-FOR-US: Magento
 CVE-2011-5239 (CiviCRM 4.0.5 and 4.1.1 does not verify that the server hostname ...)
-	TODO: check
+	NOT-FOR-US: CiviCRM
+	NOTE: RFP #645700
 CVE-2011-5238 (google-checkout-php-sample-code before 1.3.2 does not verify that the ...)
 	NOT-FOR-US: google-checkout-php-sample-code
 CVE-2011-5237 (PayPal WPS ToolKit does not verify that the server hostname matches a ...)
@@ -226,7 +227,8 @@
 CVE-2012-5786 (The wsdl_first_https sample code in ...)
 	NOT-FOR-US: Apache CXF
 CVE-2012-5785 (Apache Axis2/Java 1.6.2 and earlier does not verify that the server ...)
-	TODO: check
+	NOT-FOR-US: Axis2/Java
+	NOTE: Axis2/C is packaged as axis2c, but this is a different software.
 CVE-2012-5784 (Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal ...)
 	- axis <unfixed> (bug #692650)
 CVE-2012-5783 (Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments ...)
@@ -386,7 +388,7 @@
 CVE-2012-5706
 	RESERVED
 CVE-2012-5705 (Cross-site scripting (XSS) vulnerability in the settings page ...)
-	TODO: check
+	NOT-FOR-US: Drupal addon not packaged in Debian
 CVE-2012-5704 (The Hotblocks module 6.x-1.x before 6.x-1.8 for Drupal allows remote ...)
 	NOT-FOR-US: Drupal addon not packaged in Debian
 CVE-2012-5703
@@ -1656,7 +1658,7 @@
 CVE-2012-5172
 	RESERVED
 CVE-2012-5171 (Directory traversal vulnerability in Be Graph BeZIP before 3.10 allows ...)
-	TODO: check
+	NOT-FOR-US: Be Graph's BeZIP
 CVE-2012-5170 (Open redirect vulnerability in Pebble before 2.6.4 allows remote ...)
 	NOT-FOR-US: Pebble blog
 CVE-2012-5169 (Multiple cross-site scripting (XSS) vulnerabilities in ...)

More information about the Secure-testing-commits mailing list