[Secure-testing-commits] r38767 - in data: CVE DLA

Salvatore Bonaccorso carnil at moszumanska.debian.org
Fri Jan 8 06:40:14 UTC 2016


Author: carnil
Date: 2016-01-08 06:40:14 +0000 (Fri, 08 Jan 2016)
New Revision: 38767

Modified:
   data/CVE/list
   data/DLA/list
Log:
More cleanups for REJECTED entries

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-01-08 06:24:27 UTC (rev 38766)
+++ data/CVE/list	2016-01-08 06:40:14 UTC (rev 38767)
@@ -62033,7 +62033,6 @@
 	REJECTED
 CVE-2013-4336
 	REJECTED
-	NOT-FOR-US: Drupal module
 CVE-2013-4335
 	RESERVED
 	NOT-FOR-US: opOpenSocialPlugin
@@ -78757,8 +78756,6 @@
 	NOT-FOR-US: Sophos SafeGuard Enterprise
 CVE-2012-4735
 	REJECTED
-	NOTE: CVE-2012-4735 rejected in favour of CVE-2012-6578, CVE-2012-6579, CVE-2012-6580, CVE-2012-6581.
-	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=870406#c3
 CVE-2012-4734 (Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows ...)
 	{DSA-2567-1}
 	- request-tracker3.8 <removed>
@@ -82000,7 +81997,6 @@
 	- keystone 2012.1.1-5
 CVE-2012-3541
 	REJECTED
-	{DLA-108-1}
 CVE-2012-3540 (Open redirect vulnerability in views/auth_forms.py in OpenStack ...)
 	- horizon 2012.1.1-4 (bug #686050)
 CVE-2012-3539
@@ -82385,8 +82381,6 @@
 	- condor 7.8.2~dfsg.1-1 (bug #685366)
 CVE-2012-3415
 	REJECTED
-	- plpupload <itp> (bug #668396)
-	- wordpress 3.3.2
 CVE-2012-3414 (Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFUpload ...)
 	- libjs-swfupload 2.2.0.1+ds1-2 (low; bug #681323)
 	- wordpress 3.5.1+dfsg-1 (bug #698934)
@@ -110524,9 +110518,8 @@
 CVE-2010-3091 (The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x ...)
 	{DSA-2113-1}
 	- drupal6 6.18-1 (low; bug #592716)
-CVE-2010-3090 [mailman, will be rejected]
+CVE-2010-3090
 	REJECTED
-	NOT-FOR-US: ** REJECT ** mailman
 CVE-2010-3089 (Multiple cross-site scripting (XSS) vulnerabilities in GNU Mailman ...)
 	{DSA-2170-1}
 	- mailman 1:2.1.13-4.1 (bug #599833)
@@ -126936,7 +126929,6 @@
 	[lenny] - stardict 3.0.1-4+lenny1
 CVE-2009-2259
 	REJECTED
-	NOT-FOR-US: PHP Address Book
 CVE-2009-2258 (Directory traversal vulnerability in cgi-bin/webcm in the ...)
 	NOT-FOR-US: Netgear DG632
 CVE-2009-2257 (The administrative web interface on the Netgear DG632 with firmware ...)
@@ -163272,7 +163264,6 @@
 	NOT-FOR-US: SnapGear
 CVE-2007-1323
 	REJECTED
-	NOTE: replaced by both CVE-2007-5729 and CVE-2007-5730
 CVE-2007-1322 (QEMU 0.8.2 allows local users to halt a virtual machine by executing ...)
 	{DSA-1284-1 DTSA-38-1 DTSA-133-1}
 	- qemu 0.9.0-2 (bug #424070)
@@ -165231,7 +165222,6 @@
 	NOT-FOR-US: Phorum
 CVE-2006-6967
 	REJECTED
-	NOT-FOR-US: Check Point Firewall-1
 CVE-2006-6966 (phpGraphy before 0.9.13a does not properly unset variables when the ...)
 	NOT-FOR-US: phpGraphy
 CVE-2007-XXXX [remctl ACL bypass vulnerability]
@@ -174855,7 +174845,6 @@
 	RESERVED
 CVE-2006-3432
 	REJECTED
-	NOTE: duplicate of CVE-2007-0028
 CVE-2006-3431 (Buffer overflow in certain Asian language versions of Microsoft Excel ...)
 	NOT-FOR-US: Microsoft Excel
 CVE-2006-3430 (SQL injection vulnerability in checkprofile.asp in (1) PatchLink ...)
@@ -178557,8 +178546,6 @@
 	NOT-FOR-US: PHP-Nuke
 CVE-2006-1845
 	REJECTED
-	NOT-FOR-US: Microsoft Exchange
-	NOTE: Duplicate of CVE-2006-0537
 CVE-2006-1844 (The Debian installer for the (1) shadow 4.0.14 and (2) base-config ...)
 	[sarge] - shadow 1:4.0.3-31sarge8
 	[sarge] - base-config <not-affected>
@@ -182558,7 +182545,6 @@
 	NOT-FOR-US: Oracle
 CVE-2006-0264
 	REJECTED
-	NOT-FOR-US: Oracle
 CVE-2006-0263 (Multiple unspecified vulnerabilities in Oracle Database server ...)
 	NOT-FOR-US: Oracle
 CVE-2006-0262 (Unspecified vulnerability in the Net Foundation Layer component of ...)
@@ -183015,7 +183001,6 @@
 	NOT-FOR-US: @Card ME PHP
 CVE-2006-0092
 	REJECTED
-	NOT-FOR-US: SiteSuite CMS
 CVE-2006-0091 (Cross-site scripting (XSS) vulnerability in webmail in Open-Xchange ...)
 	- open-xchange <itp> (bug #269329)
 CVE-2006-0090 (Directory traversal vulnerability in index.php in IDV Directory Viewer ...)
@@ -183038,7 +183023,6 @@
 	NOT-FOR-US: ActiveCampaign SupportTrio
 CVE-2005-4633
 	REJECTED
-	NOT-FOR-US: phpoutsourcing Zorum Forum
 CVE-2005-4632 (SQL injection vulnerability in poll_frame.php in Vote! Pro 4.0 and ...)
 	NOT-FOR-US: Vote!Pro
 CVE-2005-4631 (SQL injection vulnerability in index.php in Zina 0.12.07 and earlier ...)
@@ -183996,7 +183980,6 @@
 	NOT-FOR-US: Alt-N MDaemon and WorldClient
 CVE-2005-4265
 	REJECTED
-	NOT-FOR-US: Alt-N MDaemon and WorldClient
 CVE-2005-4264 (Multiple SQL injection vulnerabilities in index.php in PHP Support ...)
 	NOT-FOR-US: PHP Support Tickets
 CVE-2005-4263 (SQL injection vulnerability in the News module in Envolution allows ...)
@@ -184284,10 +184267,8 @@
 	REJECTED
 CVE-2005-4128
 	REJECTED
-	NOT-FOR-US: Apple Quicktime
 CVE-2005-4127
 	REJECTED
-	NOT-FOR-US: iTunes
 CVE-2005-4126 (** UNVERIFIABLE, PRERELEASE ** ...)
 	NOT-FOR-US: Pre-Notification for RealMedia vulnerability, which never appeared
 CVE-2005-4125
@@ -184569,7 +184550,6 @@
 	NOTE: Checked obexserver source package, not vulnerable
 CVE-2005-3994
 	REJECTED
-	NOT-FOR-US: Atlassian Confluence
 CVE-2005-3993 (Multiple unspecified vulnerabilities in MailEnable Professional 1.6 ...)
 	NOT-FOR-US: MailEnable
 CVE-2005-3992 (Multiple buffer overflows in WinEggDropShell remote access trojan ...)
@@ -184578,7 +184558,6 @@
 	NOT-FOR-US: phpMyChat
 CVE-2005-3990
 	REJECTED
-	NOTE: duplicate of CVE-2006-3619
 CVE-2005-3989 (Memory leak in Avaya TN2602AP IP Media Resource 320 circuit pack ...)
 	NOT-FOR-US: Avaya hardware
 CVE-2005-3988 (SQL injection vulnerability in article.php in Pineapple Technologies ...)
@@ -185881,7 +185860,6 @@
 	REJECTED
 CVE-2005-3561
 	REJECTED
-	NOT-FOR-US: ATutor
 CVE-2005-3560 (Zone Labs (1) ZoneAlarm Pro 6.0, (2) ZoneAlarm Internet Security Suite ...)
 	NOT-FOR-US: Zone Labs
 CVE-2005-3559 (Directory traversal vulnerability in vmail.cgi in Asterisk 1.0.9 ...)
@@ -185921,7 +185899,6 @@
 	NOT-FOR-US: Phorum
 CVE-2005-3542
 	REJECTED
-	NOT-FOR-US: Tonio Gallery
 CVE-2005-3541
 	RESERVED
 CVE-2005-3540 (Buffer overflow in petris before 1.0.1 allows remote attackers to ...)
@@ -186183,7 +186160,6 @@
 	NOT-FOR-US: Winamp
 CVE-2002-2194
 	REJECTED
-	NOT-FOR-US: Solaris
 CVE-2002-2193 (Cross-site scripting (XSS) vulnerability in mojo.cgi for Mojo Mail 2.7 ...)
 	NOT-FOR-US: Mojo Mail
 CVE-2002-2192 (Cross-site scripting (XSS) vulnerability in Perception LiteServe 2.0.1 ...)
@@ -186252,14 +186228,12 @@
 	NOT-FOR-US: Kerio Personal Firewall
 CVE-2002-2160
 	REJECTED
-	NOT-FOR-US: MidiCart
 CVE-2002-2159 (Linksys EtherFast Cable/DSL BEFSR11, BEFSR41 and BEFSRU31 with the ...)
 	NOT-FOR-US: Linksys hardware
 CVE-2002-2158 (zenTrack 2.0.3 and earlier allows remote attackers to obtain the full ...)
 	NOT-FOR-US: zenTrack
 CVE-2002-2157
 	REJECTED
-	NOT-FOR-US: vBulletin
 CVE-2002-2156 (Buffer overflow in Trillian 0.73 allows remote IRC servers to execute ...)
 	NOT-FOR-US: Cerulean Trillian
 CVE-2002-2155 (Format string vulnerability in the error handling of IRC invite ...)
@@ -186272,7 +186246,6 @@
 	NOT-FOR-US: Software602
 CVE-2002-2151
 	REJECTED
-	NOT-FOR-US: Search97
 CVE-2002-2150 (Firewalls from multiple vendors empty state tables more slowly than ...)
 	NOTE: SYN floods etc generally filed as issues in linux specifically
 	NOTE: if it is affected
@@ -186282,7 +186255,6 @@
 	NOT-FOR-US: Lucent MAX Router
 CVE-2002-2147
 	REJECTED
-	NOT-FOR-US: Savant Web Server
 CVE-2002-2146 (cgitest.exe in Savant Web Server 3.1 and earlier allows remote ...)
 	NOT-FOR-US: Savant Web Server
 CVE-2002-2145 (Savant Web Server 3.1 and earlier allows remote attackers to bypass ...)
@@ -186305,10 +186277,8 @@
 	NOT-FOR-US: GlobalSunTech Wireless Access Points
 CVE-2002-2136
 	REJECTED
-	NOT-FOR-US: SUNW*
 CVE-2002-2135
 	REJECTED
-	NOT-FOR-US: HP-UX
 CVE-2002-2134 (haut.php in PEEL 1.0b allows remote attackers to execute arbitrary PHP ...)
 	NOT-FOR-US: PEEL
 CVE-2002-2133 (Telindus 1100 ASDL router running firmware 6.0.x uses weak encryption ...)
@@ -188070,7 +188040,6 @@
 	NOT-FOR-US: Land Down Under
 CVE-2005-2883
 	REJECTED
-	NOT-FOR-US: Unclassified News Board
 CVE-2005-2882 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
 	NOT-FOR-US: phpCommunityCalendar
 CVE-2005-2881 (phpCommunityCalendar 4.0.3 allows remote attackers to bypass ...)
@@ -188912,7 +188881,6 @@
 	NOT-FOR-US: F-Secure Anti-Virus
 CVE-2004-2404
 	REJECTED
-	NOT-FOR-US: Leif Wright Web Blog
 CVE-2004-2403 (Cross-site request forgery (CSRF) vulnerability in YaBB 1 GOLD SP ...)
 	NOT-FOR-US: YaBB
 CVE-2004-2402 (Cross-site scripting (XSS) vulnerability in YaBB.pl in YaBB 1 GOLD SP ...)
@@ -189755,7 +189723,6 @@
 	NOT-FOR-US: hardware issue
 CVE-2005-2418
 	REJECTED
-	NOT-FOR-US: Realchat
 CVE-2005-2417 (Contrexx before 1.0.5 allows remote attackers to obtain sensitive ...)
 	NOT-FOR-US: Contrexx
 CVE-2005-2416 (Multiple cross-site scripting (XSS) vulnerabilities in Contrexx before ...)
@@ -189813,7 +189780,6 @@
 	NOT-FOR-US: ActivePerl
 CVE-2004-2285
 	REJECTED
-	NOT-FOR-US: Perl on Windows
 CVE-2003-1219 (Cross-site scripting (XSS) vulnerability in the tep_href_link function ...)
 	NOT-FOR-US: osCommerce
 CVE-2005-2404 (SQL injection vulnerability in sendcard.php in Sendcard 3.2.3 allows ...)
@@ -189943,7 +189909,6 @@
 	NOT-FOR-US: EMC Navisphere Manager
 CVE-2005-2355
 	REJECTED
-	NOTE: see CVE-2005-2356
 CVE-2005-2347
 	RESERVED
 CVE-2005-2346 (Buffer overflow in Novell GroupWise 6.5 Client allows remote attackers ...)
@@ -190037,7 +190002,6 @@
 	NOT-FOR-US: Microsoft
 CVE-2005-2303
 	REJECTED
-	NOT-FOR-US: Microsoft
 CVE-2005-2302 (PowerDNS before 2.9.18, when allowing recursion to a restricted range ...)
 	{DSA-771-1}
 	- pdns 2.9.18-1 (medium; bug #318798)
@@ -191085,7 +191049,6 @@
 	NOT-FOR-US: NetBSD
 CVE-2005-2133
 	REJECTED
-	NOT-FOR-US: log4sh
 CVE-2005-2132 (RPC portmapper (rpcbind) in SCO UnixWare 7.1.1 m5, 7.1.3 mp5, and ...)
 	NOT-FOR-US: SCO UnixWare
 CVE-2005-2131
@@ -192291,7 +192254,6 @@
 	NOT-FOR-US: JamMail
 CVE-2005-1958
 	REJECTED
-	NOTE: see CVE-2005-1855
 CVE-2005-1957 (mtnpeak.net File Upload Manager does not properly check user ...)
 	NOT-FOR-US: File Upload Manager
 CVE-2005-1956 (File Upload Manager allows remote attackers to upload arbitrary files ...)
@@ -193935,7 +193897,6 @@
 	NOT-FOR-US: no_package
 CVE-2004-1886
 	REJECTED
-	NOT-FOR-US: no_package
 CVE-2004-1885 (Ipswitch WS_FTP Server 4.0.2 allows remote authenticated users to ...)
 	NOT-FOR-US: no_package
 CVE-2004-1884 (Ipswitch WS_FTP Server 4.0.2 has a backdoor XXSESS_MGRYY username with ...)
@@ -195459,7 +195420,6 @@
 	NOT-FOR-US: CubeCart
 CVE-2005-1032
 	REJECTED
-	NOT-FOR-US: LiteCommerce
 CVE-2005-1031 (RUNCMS 1.1A, and possibly other products based on e-Xoops (exoops), ...)
 	NOT-FOR-US: exoops
 CVE-2005-1030 (Multiple cross-site scripting (XSS) vulnerabilities in Active Auction ...)
@@ -195823,7 +195783,6 @@
 	NOT-FOR-US: Oracle
 CVE-2002-1638
 	REJECTED
-	NOT-FOR-US: Oracle
 CVE-2002-1637 (Multiple components in Oracle 9i Application Server (9iAS) are ...)
 	NOT-FOR-US: Oracle
 CVE-2002-1636 (Cross-site scripting (XSS) vulnerability in the htp PL/SQL package for ...)
@@ -196999,7 +196958,6 @@
 	[sarge] - kernel-source-2.6.8 2.6.8-14
 CVE-2005-0528
 	REJECTED
-	NOTE: This was a dupe of the mremap kernel issue CVE-2003-0985
 CVE-2005-0527 (Firefox 1.0 allows remote attackers to execute arbitrary code via ...)
 	- mozilla-firefox 1.0.1
 	NOTE: didn't other with YA mozilla-browser bug, it has enough for 1.7.6 already..

Modified: data/DLA/list
===================================================================
--- data/DLA/list	2016-01-08 06:24:27 UTC (rev 38766)
+++ data/DLA/list	2016-01-08 06:40:14 UTC (rev 38767)
@@ -828,7 +828,6 @@
 	{CVE-2014-9130}
 	[squeeze] - libyaml-libyaml-perl 0.33-1+squeeze4
 [13 Dec 2014] DLA-108-1 nfs-utils - security update
-	{CVE-2012-3541}
 	[squeeze] - nfs-utils 1:1.2.2-4squeeze3
 [12 Dec 2014] DLA-107-1 unbound - security update
 	{CVE-2014-8602}




More information about the Secure-testing-commits mailing list