[Secure-testing-commits] r20259 - data/CVE

Yves-Alexis Perez corsac at alioth.debian.org
Sun Sep 30 11:59:27 UTC 2012 

Author: corsac
Date: 2012-09-30 11:59:27 +0000 (Sun, 30 Sep 2012)
New Revision: 20259

Modified:
   data/CVE/list
Log:
add a bunch of NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-09-29 20:38:28 UTC (rev 20258)
+++ data/CVE/list	2012-09-30 11:59:27 UTC (rev 20259)
@@ -59,11 +59,11 @@
 CVE-2012-5165
 	RESERVED
 CVE-2012-5164 (Multiple cross-site scripting (XSS) vulnerabilities in Fork CMS before ...)
-	TODO: check
+	NOT-FOR-US: Fork CMS
 CVE-2012-5163 (Cross-site scripting (XSS) vulnerability in oc-admin/ajax/ajax.php in ...)
-	TODO: check
+	NOT-FOR-US: OSClass not in Debian
 CVE-2012-5162 (Multiple SQL injection vulnerabilities in oc-admin/ajax/ajax.php in ...)
-	TODO: check
+	NOT-FOR-US: OSClass not in Debian
 CVE-2012-5161
 	RESERVED
 CVE-2012-5160
@@ -2960,7 +2960,7 @@
 CVE-2012-4052 (Multiple cross-site scripting (XSS) vulnerabilities in Jease before ...)
 	NOT-FOR-US: Jease
 CVE-2012-4051 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
-	TODO: check
+	NOT-FOR-US: JAMF Casper suite
 CVE-2007-6754 (The ipalloc function in libc/stdlib/malloc.c in jemalloc in libc for ...)
 	NOT-FOR-US: NetBSD/FreeBSD libc
 CVE-2006-7252 (Integer overflow in the calloc function in libc/stdlib/malloc.c in ...)
@@ -3045,9 +3045,9 @@
 CVE-2012-4018
 	RESERVED
 CVE-2012-4017 (The jigbrowser+ application before 1.5.0 for Android does not properly ...)
-	TODO: check
+	NOT-FOR-US: Android application
 CVE-2012-4016 (The ATOK application before 1.0.4 for Android allows remote attackers ...)
-	TODO: check
+	NOT-FOR-US: Android application
 CVE-2012-4015 (Cross-site scripting (XSS) vulnerability in the management screen in ...)
 	NOT-FOR-US: My Little tool / My little admin SQL server 2000
 CVE-2012-4014 (Unspecified vulnerability in McAfee Email Anti-virus (formerly ...)
@@ -8928,7 +8928,7 @@
 	RESERVED
 	- libpgjava <not-affected> (Even the version in oldstable had 8.2)
 CVE-2012-1617 (Directory traversal vulnerability in combine.php in OSClass before ...)
-	TODO: check
+	NOT-FOR-US: OSClass not in Debian
 CVE-2012-1616 (Use-after-free vulnerability in icclib before 2.13, as used by Argyll ...)
 	- argyll 1.4.0-1
 	NOTE: Starting with 1.4.0 argyll includes icclib 2.13, but it's hard to identify the

More information about the Secure-testing-commits mailing list