[Secure-testing-commits] r55325 - data/CVE

Thu Aug 31 17:13:27 UTC 2017

Author: carnil
Date: 2017-08-31 17:13:27 +0000 (Thu, 31 Aug 2017)
New Revision: 55325

Modified:
   data/CVE/list
Log:
Workaround dcl issues due to source package name takeover

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2017-08-31 17:05:03 UTC (rev 55324)
+++ data/CVE/list	2017-08-31 17:13:27 UTC (rev 55325)
@@ -262873,9 +262873,15 @@
 CVE-2005-0889 (Cross-site scripting (XSS) vulnerability in index.php for Dream4 Koobi ...)
 	NOT-FOR-US: Dream4 Koobi CMS
 CVE-2005-0888 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
-	- dcl 1:0.9.4.4-1
+	- dcl <not-affected> (Vulnerable code not present, affected dcl "Double Choco Latte")
+	NOTE: Until 2008 src:dcl was for the source for "Double Choco Latte". On
+	NOTE: 2017-08-30 an unrelated source took over the source package name dcl.
+	NOTE: Original issue fixed in dcl/1:0.9.4.4-1
 CVE-2005-0887 (Eval injection vulnerability in Double Choco Latte before 0.9.4.3 ...)
-	- dcl 1:0.9.4.4-1
+	- dcl <not-affected> (Vulnerable code not present, affected dcl "Double Choco Latte")
+	NOTE: Until 2008 src:dcl was for the source for "Double Choco Latte". On
+	NOTE: 2017-08-30 an unrelated source took over the source package name dcl.
+	NOTE: Original issue fixed in dcl/1:0.9.4.4-1
 CVE-2005-0886 (Cross-site scripting (XSS) vulnerability in Invision Power Board 2.0.2 ...)
 	NOT-FOR-US: Invision Power Board
 CVE-2005-0885 (Multiple cross-site scripting (XSS) vulnerabilities in XMB Forum 1.9.1 ...)
@@ -272142,9 +272148,15 @@
 CVE-2002-1040 (Unknown vulnerability in the WebSecure (DFSWeb) configuration ...)
 	NOT-FOR-US: WebSecure
 CVE-2002-1038 (Double Choco Latte (DCL) before 20020706 does not properly verify if a ...)
-	- dcl 1:0.9.2-1
+	- dcl <not-affected> (Vulnerable code not present, affected dcl "Double Choco Latte")
+	NOTE: Until 2008 src:dcl was for the source for "Double Choco Latte". On
+	NOTE: 2017-08-30 an unrelated source took over the source package name dcl.
+	NOTE: Original issue fixed in dcl/1:0.9.2-1
 CVE-2002-1037 (Cross-site scripting vulnerability in Double Choco Latte (DCL) before ...)
-	- dcl 1:0.9.2-1
+	- dcl <not-affected> (Vulnerable code not present, affected dcl "Double Choco Latte")
+	NOTE: Until 2008 src:dcl was for the source for "Double Choco Latte". On
+	NOTE: 2017-08-30 an unrelated source took over the source package name dcl.
+	NOTE: Original issue fixed in dcl/1:0.9.2-1
 CVE-2002-1036 (Cross-site scripting vulnerability in search.pl for Fluid Dynamics ...)
 	NOT-FOR-US: Fluid Dynamics
 CVE-2002-1034 (none.php for SunPS iRunbook 2.5.2 allows remote attackers to read ...)
@@ -273556,7 +273568,10 @@
 CVE-2002-1046 (Dynamic VPN Configuration Protocol service (DVCP) in Watchguard ...)
 	NOT-FOR-US: Watchguard Firebox firmware
 CVE-2002-1039 (Directory traversal vulnerability in Double Choco Latte (DCL) before ...)
-	- dcl 20020706
+	- dcl <not-affected> (Vulnerable code not present, affected dcl "Double Choco Latte")
+	NOTE: Until 2008 src:dcl was for the source for "Double Choco Latte". On
+	NOTE: 2017-08-30 an unrelated source took over the source package name dcl.
+	NOTE: Original issue fixed in dcl/20020706
 CVE-2002-1035 (Omnicron OmniHTTPd 2.09 allows remote attackers to cause a denial of ...)
 	NOT-FOR-US: Omnicron OmniHTTPd
 CVE-2002-1031 (KeyFocus (KF) web server 1.0.2 allows remote attackers to list ...)


