Re: [Secure-testing-commits] r17007

On Tue, Jul 26, 2011 at 8:22 PM, Michael Gilbert <gilbert-guest@alioth.debian.org> wrote:

Author: gilbert-guest
Date: 2011-07-27 03:22:14 +0000 (Wed, 27 Jul 2011)
New Revision: 17007

Modified:
data/CVE/list
Log:
rfps=itps in security tracking sense; a kernel issue fixed earlier than currently tracked

Modified: data/CVE/list
===================================================================
--- data/CVE/list 2011-07-27 00:49:58 UTC (rev 17006)
+++ data/CVE/list 2011-07-27 03:22:14 UTC (rev 17007)
@@ -798,7 +798,7 @@
{DSA-2276-2 DSA-2276-1}
- asterisk 1:1.8.4.4~dfsg-1 (bug #632029)
CVE-2011-2534 (Buffer overflow in the clusterip_proc_write function in ...)
- - linux-2.6 2.6.39-1 (low)
+ - linux-2.6 2.6.32-34 (low)
CVE-2011-2533 (The configure script in D-Bus (aka DBus) 1.2.x before 1.2.28 allows ...)
- dbus 1.3.2~git20100715.821f99c-1 (unimportant)
NOTE: Compile-time only
@@ -5934,8 +5934,7 @@
CVE-2011-0746 (Cross-site request forgery (CSRF) vulnerability in ...)
NOT-FOR-US: ZyXEL O2 DSL Router
CVE-2011-0745 (SugarCRM before 6.1.3 does not properly handle reloads and direct ...)
- NOT-FOR-US: SugarCRM
- NOTE: there is an RFP for SugarCRM #457876
+ - sugarcrm-ce-5.0 <itp> (bug #457876)
CVE-2011-0744
RESERVED
CVE-2011-0743
@@ -20062,7 +20061,7 @@
CVE-2010-0466
RESERVED
CVE-2010-0465 (Cross-site scripting (XSS) vulnerability in the online Documents ...)
- NOT-FOR-US: SugarCRM
+ - sugarcrm-ce-5.0 <itp> (bug #457876)
CVE-2010-0464 (Roundcube 0.3.1 and earlier does not request that the web browser ...)
- roundcube 0.3.1-3 (bug #569660)
CVE-2010-0463 (Horde IMP 4.3.6 and earlier does not request that the web browser ...)
@@ -20144,6 +20143,7 @@
CVE-2010-0431 (QEMU-KVM, as used in the Hypervisor (aka rhev-hypervisor) in Red Hat ...)
- qemu-kvm <not-affected> (QXL support not yet present in Debian packages)
- kvm <not-affected> (QXL support not yet present in Debian packages)
+ TODO: recheck newer uploads
CVE-2010-0430
RESERVED
CVE-2010-0429 (libspice, as used in QEMU-KVM in the Hypervisor (aka rhev-hypervisor) ...)
@@ -26347,7 +26347,7 @@
CVE-2009-2979 (Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and ...)
NOT-FOR-US: Adobe
CVE-2009-2978 (SQL injection vulnerability in SugarCRM 4.5.1o and earlier, 5.0.0k and ...)
- NOT-FOR-US: SugarCRM
+ - sugarcrm-ce-5.0 <itp> (bug #457876)
CVE-2009-2977 (The Cisco Security Monitoring, Analysis and Response System (CS-MARS) ...)
NOT-FOR-US: Cisco
CVE-2009-2976 (Cisco Aironet Lightweight Access Point (AP) devices send the contents ...)
@@ -29193,7 +29193,7 @@
CVE-2009-2147 (SQL injection vulnerability in fdown.php in phpWebThings 1.5.2 and ...)
NOT-FOR-US: phpWebThings
CVE-2009-2146 (Unrestricted file upload vulnerability in the Compose Email feature in ...)
- NOT-FOR-US: SugarCRM
+ - sugarcrm-ce-5.0 <itp> (bug #457876)
CVE-2009-2145 (Multiple cross-site scripting (XSS) vulnerabilities in transLucid 1.75 ...)
NOT-FOR-US: transLucid
CVE-2009-2144 (SQL injection vulnerability in the FireStats plugin before ...)
@@ -33376,11 +33376,11 @@
CVE-2009-0895 (Integer overflow in Novell eDirectory 8.7.3.x before 8.7.3.10 ftf2 and ...)
NOT-FOR-US: Novell eDirectory
CVE-2009-0894 (Heap-based buffer overflow in the decoder_create function in the ...)
+ - xvidcore <undetermined>
TODO: check
- NOTE: xvidcore ITP (bug #531040) accepted in unstable on 2011-07-26.
CVE-2009-0893 (Multiple heap-based buffer overflows in xvidcore/src/decoder.c in the ...)
+ - xvidcore <undetermined>
TODO: check
- NOTE: xvidcore ITP (bug #531040) accepted in unstable on 2011-07-26.
CVE-2009-0892 (The administrative console in IBM WebSphere Application Server (WAS) ...)
NOT-FOR-US: IBM WebSphere
CVE-2009-0891 (The Web Services Security component in IBM WebSphere Application ...)
@@ -46290,7 +46290,7 @@
CVE-2008-2046 (Cross-site scripting (XSS) vulnerability in index.php in Softpedia ...)
NOT-FOR-US: Softpedia
CVE-2008-2045 (Absolute path traversal vulnerability in SugarCRM Sugar Community ...)
- NOT-FOR-US: SugarCRM
+ - sugarcrm-ce-5.0 <itp> (bug #457876)
CVE-2008-2044 (includes/library.php in netOffice Dwins 1.3 p2 compares the ...)
NOT-FOR-US: netOffice Dwins
CVE-2008-2043 (Multiple cross-site request forgery (CSRF) vulnerabilities in cPanel, ...)
@@ -49195,11 +49195,9 @@
CVE-2008-0852 (freeSSHd 1.2 and earlier allows remote attackers to cause a denial of ...)
NOT-FOR-US: freeSSHd
CVE-2008-0851 (Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.4 ...)
- NOT-FOR-US: Dokeos
- NOTE: there is an RFP for Dokeos #433352
+ - dokeos <itp> (bug #433352)
CVE-2008-0850 (Multiple SQL injection vulnerabilities in Dokeos 1.8.4 allow remote ...)
- NOT-FOR-US: Dokeos
- NOTE: there is an RFP for Dokeos #433352
+ - dokeos <itp> (bug #433352)
CVE-2008-0849 (SQL injection vulnerability in index.php in the Downloads ...)
NOT-FOR-US: com_downloads component for Mambo and Joomla!
CVE-2008-0848 (Cross-site scripting (XSS) vulnerability in lostsheep.php in Crafty ...)
@@ -69362,7 +69360,7 @@
CVE-2006-6713 (Buffer overflow in Hitachi Directory Server 2 P-2444-A124 before ...)
NOT-FOR-US: Hitachi Directory Server
CVE-2006-6712 (Cross-site scripting (XSS) vulnerability in SugarCRM Open Source ...)
- NOT-FOR-US: SugarCRM Open Source
+ - sugarcrm-ce-5.0 <itp> (bug #457876)
CVE-2006-6711 (PHP remote file inclusion vulnerability in compteur/mapage.php in ...)
NOT-FOR-US: Newxooper
CVE-2006-6710 (Multiple PHP remote file inclusion vulnerabilities in PgmReloaded ...)
@@ -73058,7 +73056,7 @@
CVE-2006-5083 (PHP remote file inclusion vulnerability in ...)
NOT-FOR-US: Integrated MODs (IM) Portal
CVE-2006-5082 (Unspecified vulnerability in Sugar Suite Open Source (SugarCRM) before ...)
- NOT-FOR-US: Sugar Suite Open Source (SugarCRM)
+ - sugarcrm-ce-5.0 <itp> (bug #457876)
CVE-2006-5081 (PHP remote file inclusion vulnerability in acc.php in QuickBlogger ...)
NOT-FOR-US: QuickBlogger
CVE-2006-5080 (Cross-site scripting (XSS) vulnerability in the search function in Six ...)
@@ -78872,7 +78870,7 @@
CVE-2006-2557 (PHP remote file inclusion vulnerability in extras/poll/poll.php in ...)
NOT-FOR-US: Newsportal
CVE-2006-2556 (Cross-site scripting (XSS) vulnerability in Florian Amrhein NewsPortal ...)
- NOT-FOR-US: newsportal
+ - newsportal <itp> (bug #149069)
NOTE: RFP #149069 closed after no activity since too long time
CVE-2006-2555 (The parse_command function in Genecys 0.2 and earlier allows remote ...)
NOT-FOR-US: Genecys
@@ -79092,7 +79090,7 @@
CVE-2006-2461 (BEA WebLogic Server before 8.1 Service Pack 4 does not properly set ...)
NOT-FOR-US: BEA
CVE-2006-2460 (Sugar Suite Open Source (SugarCRM) 4.2 and earlier, when ...)
- NOT-FOR-US: SugarCRM
+ - sugarcrm-ce-5.0 <itp> (bug #457876)
CVE-2006-2459 (SQL injection vulnerability in messages.php in PHP-Fusion 6.00.307 and ...)
NOT-FOR-US: PHP-Fusion
CVE-2006-2458 (Multiple heap-based buffer overflows in Libextractor 0.5.13 and ...)
@@ -86360,9 +86358,9 @@
CVE-2005-4088 (SQL injection vulnerability in index.php in phpForumPro 2.2 allows ...)
NOT-FOR-US: phpForumPro
CVE-2005-4087 (PHP remote file include vulnerability in acceptDecline.php in Sugar ...)
- NOT-FOR-US: SugarCRM
+ - sugarcrm-ce-5.0 <itp> (bug #457876)
CVE-2005-4086 (Directory traversal vulnerability in acceptDecline.php in Sugar Suite ...)
- NOT-FOR-US: SugarCRM
+ - sugarcrm-ce-5.0 <itp> (bug #457876)
CVE-2005-4085 (Buffer overflow in BlueCoat (a) WinProxy before 6.1a and (b) the web ...)
NOT-FOR-US: BlueCoat WinProxy
CVE-2005-4084 (xs_edit.php in the phpBB eXtreme Styles module 2.2.1 and earlier ...)
@@ -100242,7 +100240,7 @@
CVE-2005-0267 (index.php in FlatNuke 2.5.1 allows remote attackers to create an ...)
NOT-FOR-US: FlatNuke
CVE-2005-0266 (Cross-site scripting (XSS) vulnerability in index.php in SugarCRM 1.X ...)
- NOT-FOR-US: SugerCRM
+ - sugarcrm-ce-5.0 <itp> (bug #457876)
CVE-2005-0265 (Multiple SQL injection vulnerabilities in browse.php in OWL 0.7 and ...)
NOT-FOR-US: OWL intranet
CVE-2005-0264 (Multiple cross-site scripting (XSS) vulnerabilities in browse.php in ...)
@@ -101348,13 +101346,13 @@
CVE-2004-1229 (Cross-site scripting vulnerability in the parser for Gadu-Gadu allows ...)
NOT-FOR-US: Gadu-Gadu
CVE-2004-1228 (The install scripts in SugarCRM Sugar Sales 2.0.1c and earlier are not ...)
- NOT-FOR-US: SugarCRM Sugar Sales
+ - sugarcrm-ce-5.0 <itp> (bug #457876)
CVE-2004-1227 (Directory traversal vulnerability in SugarCRM Sugar Sales 2.0.1c and ...)
- NOT-FOR-US: SugarCRM Sugar Sales
+ - sugarcrm-ce-5.0 <itp> (bug #457876)
CVE-2004-1226 (SugarCRM Sugar Sales 2.0.1c and earlier allows remote attackers to ...)
- NOT-FOR-US: SugarCRM Sugar Sales
+ - sugarcrm-ce-5.0 <itp> (bug #457876)
CVE-2004-1225 (SQL injection vulnerability in SugarCRM Sugar Sales before 2.0.1a ...)
- NOT-FOR-US: SugarCRM Sugar Sales
+ - sugarcrm-ce-5.0 <itp> (bug #457876)
CVE-2004-1224 (Off-by-one error in the mtr_curses_keyaction function for mtr 0.55 ...)
- mtr 0.67-1
CVE-2004-1223 (The Management Agent in F-Secure Policy Manager 5.11.2810 allows ...)

_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Re: [Secure-testing-commits] r17007 - data/CVE