[Secure-testing-commits] r38767 - in data: CVE DLA
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Fri Jan 8 06:40:14 UTC 2016
Author: carnil
Date: 2016-01-08 06:40:14 +0000 (Fri, 08 Jan 2016)
New Revision: 38767
Modified:
data/CVE/list
data/DLA/list
Log:
More cleanups for REJECTED entries
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-01-08 06:24:27 UTC (rev 38766)
+++ data/CVE/list 2016-01-08 06:40:14 UTC (rev 38767)
@@ -62033,7 +62033,6 @@
REJECTED
CVE-2013-4336
REJECTED
- NOT-FOR-US: Drupal module
CVE-2013-4335
RESERVED
NOT-FOR-US: opOpenSocialPlugin
@@ -78757,8 +78756,6 @@
NOT-FOR-US: Sophos SafeGuard Enterprise
CVE-2012-4735
REJECTED
- NOTE: CVE-2012-4735 rejected in favour of CVE-2012-6578, CVE-2012-6579, CVE-2012-6580, CVE-2012-6581.
- NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=870406#c3
CVE-2012-4734 (Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows ...)
{DSA-2567-1}
- request-tracker3.8 <removed>
@@ -82000,7 +81997,6 @@
- keystone 2012.1.1-5
CVE-2012-3541
REJECTED
- {DLA-108-1}
CVE-2012-3540 (Open redirect vulnerability in views/auth_forms.py in OpenStack ...)
- horizon 2012.1.1-4 (bug #686050)
CVE-2012-3539
@@ -82385,8 +82381,6 @@
- condor 7.8.2~dfsg.1-1 (bug #685366)
CVE-2012-3415
REJECTED
- - plpupload <itp> (bug #668396)
- - wordpress 3.3.2
CVE-2012-3414 (Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFUpload ...)
- libjs-swfupload 2.2.0.1+ds1-2 (low; bug #681323)
- wordpress 3.5.1+dfsg-1 (bug #698934)
@@ -110524,9 +110518,8 @@
CVE-2010-3091 (The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x ...)
{DSA-2113-1}
- drupal6 6.18-1 (low; bug #592716)
-CVE-2010-3090 [mailman, will be rejected]
+CVE-2010-3090
REJECTED
- NOT-FOR-US: ** REJECT ** mailman
CVE-2010-3089 (Multiple cross-site scripting (XSS) vulnerabilities in GNU Mailman ...)
{DSA-2170-1}
- mailman 1:2.1.13-4.1 (bug #599833)
@@ -126936,7 +126929,6 @@
[lenny] - stardict 3.0.1-4+lenny1
CVE-2009-2259
REJECTED
- NOT-FOR-US: PHP Address Book
CVE-2009-2258 (Directory traversal vulnerability in cgi-bin/webcm in the ...)
NOT-FOR-US: Netgear DG632
CVE-2009-2257 (The administrative web interface on the Netgear DG632 with firmware ...)
@@ -163272,7 +163264,6 @@
NOT-FOR-US: SnapGear
CVE-2007-1323
REJECTED
- NOTE: replaced by both CVE-2007-5729 and CVE-2007-5730
CVE-2007-1322 (QEMU 0.8.2 allows local users to halt a virtual machine by executing ...)
{DSA-1284-1 DTSA-38-1 DTSA-133-1}
- qemu 0.9.0-2 (bug #424070)
@@ -165231,7 +165222,6 @@
NOT-FOR-US: Phorum
CVE-2006-6967
REJECTED
- NOT-FOR-US: Check Point Firewall-1
CVE-2006-6966 (phpGraphy before 0.9.13a does not properly unset variables when the ...)
NOT-FOR-US: phpGraphy
CVE-2007-XXXX [remctl ACL bypass vulnerability]
@@ -174855,7 +174845,6 @@
RESERVED
CVE-2006-3432
REJECTED
- NOTE: duplicate of CVE-2007-0028
CVE-2006-3431 (Buffer overflow in certain Asian language versions of Microsoft Excel ...)
NOT-FOR-US: Microsoft Excel
CVE-2006-3430 (SQL injection vulnerability in checkprofile.asp in (1) PatchLink ...)
@@ -178557,8 +178546,6 @@
NOT-FOR-US: PHP-Nuke
CVE-2006-1845
REJECTED
- NOT-FOR-US: Microsoft Exchange
- NOTE: Duplicate of CVE-2006-0537
CVE-2006-1844 (The Debian installer for the (1) shadow 4.0.14 and (2) base-config ...)
[sarge] - shadow 1:4.0.3-31sarge8
[sarge] - base-config <not-affected>
@@ -182558,7 +182545,6 @@
NOT-FOR-US: Oracle
CVE-2006-0264
REJECTED
- NOT-FOR-US: Oracle
CVE-2006-0263 (Multiple unspecified vulnerabilities in Oracle Database server ...)
NOT-FOR-US: Oracle
CVE-2006-0262 (Unspecified vulnerability in the Net Foundation Layer component of ...)
@@ -183015,7 +183001,6 @@
NOT-FOR-US: @Card ME PHP
CVE-2006-0092
REJECTED
- NOT-FOR-US: SiteSuite CMS
CVE-2006-0091 (Cross-site scripting (XSS) vulnerability in webmail in Open-Xchange ...)
- open-xchange <itp> (bug #269329)
CVE-2006-0090 (Directory traversal vulnerability in index.php in IDV Directory Viewer ...)
@@ -183038,7 +183023,6 @@
NOT-FOR-US: ActiveCampaign SupportTrio
CVE-2005-4633
REJECTED
- NOT-FOR-US: phpoutsourcing Zorum Forum
CVE-2005-4632 (SQL injection vulnerability in poll_frame.php in Vote! Pro 4.0 and ...)
NOT-FOR-US: Vote!Pro
CVE-2005-4631 (SQL injection vulnerability in index.php in Zina 0.12.07 and earlier ...)
@@ -183996,7 +183980,6 @@
NOT-FOR-US: Alt-N MDaemon and WorldClient
CVE-2005-4265
REJECTED
- NOT-FOR-US: Alt-N MDaemon and WorldClient
CVE-2005-4264 (Multiple SQL injection vulnerabilities in index.php in PHP Support ...)
NOT-FOR-US: PHP Support Tickets
CVE-2005-4263 (SQL injection vulnerability in the News module in Envolution allows ...)
@@ -184284,10 +184267,8 @@
REJECTED
CVE-2005-4128
REJECTED
- NOT-FOR-US: Apple Quicktime
CVE-2005-4127
REJECTED
- NOT-FOR-US: iTunes
CVE-2005-4126 (** UNVERIFIABLE, PRERELEASE ** ...)
NOT-FOR-US: Pre-Notification for RealMedia vulnerability, which never appeared
CVE-2005-4125
@@ -184569,7 +184550,6 @@
NOTE: Checked obexserver source package, not vulnerable
CVE-2005-3994
REJECTED
- NOT-FOR-US: Atlassian Confluence
CVE-2005-3993 (Multiple unspecified vulnerabilities in MailEnable Professional 1.6 ...)
NOT-FOR-US: MailEnable
CVE-2005-3992 (Multiple buffer overflows in WinEggDropShell remote access trojan ...)
@@ -184578,7 +184558,6 @@
NOT-FOR-US: phpMyChat
CVE-2005-3990
REJECTED
- NOTE: duplicate of CVE-2006-3619
CVE-2005-3989 (Memory leak in Avaya TN2602AP IP Media Resource 320 circuit pack ...)
NOT-FOR-US: Avaya hardware
CVE-2005-3988 (SQL injection vulnerability in article.php in Pineapple Technologies ...)
@@ -185881,7 +185860,6 @@
REJECTED
CVE-2005-3561
REJECTED
- NOT-FOR-US: ATutor
CVE-2005-3560 (Zone Labs (1) ZoneAlarm Pro 6.0, (2) ZoneAlarm Internet Security Suite ...)
NOT-FOR-US: Zone Labs
CVE-2005-3559 (Directory traversal vulnerability in vmail.cgi in Asterisk 1.0.9 ...)
@@ -185921,7 +185899,6 @@
NOT-FOR-US: Phorum
CVE-2005-3542
REJECTED
- NOT-FOR-US: Tonio Gallery
CVE-2005-3541
RESERVED
CVE-2005-3540 (Buffer overflow in petris before 1.0.1 allows remote attackers to ...)
@@ -186183,7 +186160,6 @@
NOT-FOR-US: Winamp
CVE-2002-2194
REJECTED
- NOT-FOR-US: Solaris
CVE-2002-2193 (Cross-site scripting (XSS) vulnerability in mojo.cgi for Mojo Mail 2.7 ...)
NOT-FOR-US: Mojo Mail
CVE-2002-2192 (Cross-site scripting (XSS) vulnerability in Perception LiteServe 2.0.1 ...)
@@ -186252,14 +186228,12 @@
NOT-FOR-US: Kerio Personal Firewall
CVE-2002-2160
REJECTED
- NOT-FOR-US: MidiCart
CVE-2002-2159 (Linksys EtherFast Cable/DSL BEFSR11, BEFSR41 and BEFSRU31 with the ...)
NOT-FOR-US: Linksys hardware
CVE-2002-2158 (zenTrack 2.0.3 and earlier allows remote attackers to obtain the full ...)
NOT-FOR-US: zenTrack
CVE-2002-2157
REJECTED
- NOT-FOR-US: vBulletin
CVE-2002-2156 (Buffer overflow in Trillian 0.73 allows remote IRC servers to execute ...)
NOT-FOR-US: Cerulean Trillian
CVE-2002-2155 (Format string vulnerability in the error handling of IRC invite ...)
@@ -186272,7 +186246,6 @@
NOT-FOR-US: Software602
CVE-2002-2151
REJECTED
- NOT-FOR-US: Search97
CVE-2002-2150 (Firewalls from multiple vendors empty state tables more slowly than ...)
NOTE: SYN floods etc generally filed as issues in linux specifically
NOTE: if it is affected
@@ -186282,7 +186255,6 @@
NOT-FOR-US: Lucent MAX Router
CVE-2002-2147
REJECTED
- NOT-FOR-US: Savant Web Server
CVE-2002-2146 (cgitest.exe in Savant Web Server 3.1 and earlier allows remote ...)
NOT-FOR-US: Savant Web Server
CVE-2002-2145 (Savant Web Server 3.1 and earlier allows remote attackers to bypass ...)
@@ -186305,10 +186277,8 @@
NOT-FOR-US: GlobalSunTech Wireless Access Points
CVE-2002-2136
REJECTED
- NOT-FOR-US: SUNW*
CVE-2002-2135
REJECTED
- NOT-FOR-US: HP-UX
CVE-2002-2134 (haut.php in PEEL 1.0b allows remote attackers to execute arbitrary PHP ...)
NOT-FOR-US: PEEL
CVE-2002-2133 (Telindus 1100 ASDL router running firmware 6.0.x uses weak encryption ...)
@@ -188070,7 +188040,6 @@
NOT-FOR-US: Land Down Under
CVE-2005-2883
REJECTED
- NOT-FOR-US: Unclassified News Board
CVE-2005-2882 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
NOT-FOR-US: phpCommunityCalendar
CVE-2005-2881 (phpCommunityCalendar 4.0.3 allows remote attackers to bypass ...)
@@ -188912,7 +188881,6 @@
NOT-FOR-US: F-Secure Anti-Virus
CVE-2004-2404
REJECTED
- NOT-FOR-US: Leif Wright Web Blog
CVE-2004-2403 (Cross-site request forgery (CSRF) vulnerability in YaBB 1 GOLD SP ...)
NOT-FOR-US: YaBB
CVE-2004-2402 (Cross-site scripting (XSS) vulnerability in YaBB.pl in YaBB 1 GOLD SP ...)
@@ -189755,7 +189723,6 @@
NOT-FOR-US: hardware issue
CVE-2005-2418
REJECTED
- NOT-FOR-US: Realchat
CVE-2005-2417 (Contrexx before 1.0.5 allows remote attackers to obtain sensitive ...)
NOT-FOR-US: Contrexx
CVE-2005-2416 (Multiple cross-site scripting (XSS) vulnerabilities in Contrexx before ...)
@@ -189813,7 +189780,6 @@
NOT-FOR-US: ActivePerl
CVE-2004-2285
REJECTED
- NOT-FOR-US: Perl on Windows
CVE-2003-1219 (Cross-site scripting (XSS) vulnerability in the tep_href_link function ...)
NOT-FOR-US: osCommerce
CVE-2005-2404 (SQL injection vulnerability in sendcard.php in Sendcard 3.2.3 allows ...)
@@ -189943,7 +189909,6 @@
NOT-FOR-US: EMC Navisphere Manager
CVE-2005-2355
REJECTED
- NOTE: see CVE-2005-2356
CVE-2005-2347
RESERVED
CVE-2005-2346 (Buffer overflow in Novell GroupWise 6.5 Client allows remote attackers ...)
@@ -190037,7 +190002,6 @@
NOT-FOR-US: Microsoft
CVE-2005-2303
REJECTED
- NOT-FOR-US: Microsoft
CVE-2005-2302 (PowerDNS before 2.9.18, when allowing recursion to a restricted range ...)
{DSA-771-1}
- pdns 2.9.18-1 (medium; bug #318798)
@@ -191085,7 +191049,6 @@
NOT-FOR-US: NetBSD
CVE-2005-2133
REJECTED
- NOT-FOR-US: log4sh
CVE-2005-2132 (RPC portmapper (rpcbind) in SCO UnixWare 7.1.1 m5, 7.1.3 mp5, and ...)
NOT-FOR-US: SCO UnixWare
CVE-2005-2131
@@ -192291,7 +192254,6 @@
NOT-FOR-US: JamMail
CVE-2005-1958
REJECTED
- NOTE: see CVE-2005-1855
CVE-2005-1957 (mtnpeak.net File Upload Manager does not properly check user ...)
NOT-FOR-US: File Upload Manager
CVE-2005-1956 (File Upload Manager allows remote attackers to upload arbitrary files ...)
@@ -193935,7 +193897,6 @@
NOT-FOR-US: no_package
CVE-2004-1886
REJECTED
- NOT-FOR-US: no_package
CVE-2004-1885 (Ipswitch WS_FTP Server 4.0.2 allows remote authenticated users to ...)
NOT-FOR-US: no_package
CVE-2004-1884 (Ipswitch WS_FTP Server 4.0.2 has a backdoor XXSESS_MGRYY username with ...)
@@ -195459,7 +195420,6 @@
NOT-FOR-US: CubeCart
CVE-2005-1032
REJECTED
- NOT-FOR-US: LiteCommerce
CVE-2005-1031 (RUNCMS 1.1A, and possibly other products based on e-Xoops (exoops), ...)
NOT-FOR-US: exoops
CVE-2005-1030 (Multiple cross-site scripting (XSS) vulnerabilities in Active Auction ...)
@@ -195823,7 +195783,6 @@
NOT-FOR-US: Oracle
CVE-2002-1638
REJECTED
- NOT-FOR-US: Oracle
CVE-2002-1637 (Multiple components in Oracle 9i Application Server (9iAS) are ...)
NOT-FOR-US: Oracle
CVE-2002-1636 (Cross-site scripting (XSS) vulnerability in the htp PL/SQL package for ...)
@@ -196999,7 +196958,6 @@
[sarge] - kernel-source-2.6.8 2.6.8-14
CVE-2005-0528
REJECTED
- NOTE: This was a dupe of the mremap kernel issue CVE-2003-0985
CVE-2005-0527 (Firefox 1.0 allows remote attackers to execute arbitrary code via ...)
- mozilla-firefox 1.0.1
NOTE: didn't other with YA mozilla-browser bug, it has enough for 1.7.6 already..
Modified: data/DLA/list
===================================================================
--- data/DLA/list 2016-01-08 06:24:27 UTC (rev 38766)
+++ data/DLA/list 2016-01-08 06:40:14 UTC (rev 38767)
@@ -828,7 +828,6 @@
{CVE-2014-9130}
[squeeze] - libyaml-libyaml-perl 0.33-1+squeeze4
[13 Dec 2014] DLA-108-1 nfs-utils - security update
- {CVE-2012-3541}
[squeeze] - nfs-utils 1:1.2.2-4squeeze3
[12 Dec 2014] DLA-107-1 unbound - security update
{CVE-2014-8602}
More information about the Secure-testing-commits
mailing list