some NFUs

wordpress issue
drupal CVEfied



git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@5358 e39458fd-73e7-0310-bf30-c45bca0a0e42

1 files changed, 17 insertions, 20 deletions

diff --git a/data/CVE/list b/data/CVE/list
index 755751295e..8e32833210 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -94,7 +94,7 @@ CVE-2007-0437
 CVE-2007-0436
 	RESERVED
 CVE-2005-4824 (PHP remote file inclusion vulnerability in web/classes.php in ...)
-	TODO: check
+	NOT-FOR-US: siteframe
 CVE-2007-0435 (T-Com Speedport 500V routers with firmware 1.31 allow remote attackers ...)
 	NOT-FOR-US: T-Com Speedport
 CVE-2007-0434 (BEA AquaLogic Enterprise Security 2.0 through 2.0 SP2, 2.1 through 2.1 ...)
@@ -172,13 +172,13 @@ CVE-2007-0399 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
 CVE-2007-0398 (Multiple cross-site scripting (XSS) vulnerabilities in MisterSP ...)
 	NOT-FOR-US: MisterSPa-forum
 CVE-2006-6951 (Cross-site scripting (XSS) vulnerability in blog.php in OdysseusBlog ...)
-	TODO: check
+	NOT-FOR-US: Odysseus Blog
 CVE-2006-6950 (Directory traversal vulnerability in Conti FTPServer 1.0 Build 2.8 ...)
-	TODO: check
+	NOT-FOR-US: Conti FtpServer
 CVE-2006-6949 (Conti FTPServer 1.0 Build 2.8 stores user passwords in cleartext in ...)
-	TODO: check
+	NOT-FOR-US: Conti FtpServer
 CVE-2006-6948 (MyODBC Japanese conversion edition 3.51.06, 2.50.29, and 2.50.25 ...)
-	TODO: check
+	NOT-FOR-US: JVN
 CVE-2006-6947 (The FTP server in the NEC MultiWriter 1700C allows remote attackers to ...)
 	NOT-FOR-US: NEC
 CVE-2006-6946 (The web server in the NEC MultiWriter 1700C allows remote attackers to ...)
@@ -261,7 +261,7 @@ CVE-2007-0365 (Multiple cross-site scripting (XSS) vulnerabilities in All In One
 CVE-2007-0364 (Multiple cross-site scripting (XSS) vulnerabilities in nicecoder.com ...)
 	NOT-FOR-US: nicecoder.com INDEXU
 CVE-2006-6945 (SQL injection vulnerability in Virtuemart 1.0.7 allows remote ...)
-	TODO: check
+	NOT-FOR-US: VirtueMart
 CVE-2007-XXXX [libjabber DoS]
 	- centericq 4.21.0-18 (bug #406982)
 CVE-2007-XXXX [python-django flup/FastCGI/debugging issue]
@@ -554,7 +554,7 @@ CVE-2007-0235 (Stack-based buffer overflow in the glibtop_get_proc_map_s functio
 CVE-2007-0234
 	REJECTED
 CVE-2007-0233 (wp-trackback.php in WordPress 2.0.6 and earlier does not properly ...)
-	TODO: check
+	- wordpress 2.1.0-1 (medium)
 CVE-2007-0232 (PHP remote file inclusion vulnerability in ...)
 	NOT-FOR-US: Jshop Server
 CVE-2007-0231 (Cross-site scripting (XSS) vulnerability in Movable Type (MT) 3.33, ...)
@@ -874,7 +874,7 @@ CVE-2007-0126 (Heap-based buffer overflow in Opera 9.02 allows remote attackers
 CVE-2007-0125 (Kaspersky Labs Antivirus Engine 6.0 for Windows and 5.5-10 for Linux ...)
 	NOT-FOR-US: Kaspersky Labs
 CVE-2007-0124 (Unspecified vulnerability in Drupal before 4.6.11, and 4.7 before ...)
-	TODO: check
+	- drupal 4.7.5-1 (low)
 CVE-2007-0123 (Unrestricted file upload vulnerability in Uber Uploader 4.2 allows ...)
 	NOT-FOR-US: Uber Uploader
 CVE-2007-0122 (Multiple SQL injection vulnerabilities in Coppermine Photo Gallery ...)
@@ -902,9 +902,9 @@ CVE-2007-0112 (SQL injection vulnerability in cats.asp in createauction allows r
 CVE-2007-0111 (Buffer overflow in Resco Photo Viewer for PocketPC 4.11 and 6.01, as ...)
 	NOT-FOR-US: PocketPC
 CVE-2007-0110 (Cross-site scripting (XSS) vulnerability in nidp/idff/sso in Novell ...)
-	TODO: check
+	NOT-FOR-US: Novell Access Manager
 CVE-2007-0109 (wp-login.php in WordPress 2.0.5 and earlier displays different error ...)
-	TODO: check
+	- wordpress <not-affected>
 CVE-2007-0108 (nwgina.dll in Novell Client 4.91 SP3 for Windows 2000/XP/2003 does not ...)
 	NOT-FOR-US: Novell Client
 CVE-2007-0105 (Stack-based buffer overflow in the CSAdmin service in Cisco Secure ...)
@@ -924,17 +924,17 @@ CVE-2007-0104 (The Adobe PDF specification 1.3, as implemented by xpdf 3.0.1 pat
 CVE-2007-0103 (The Adobe PDF specification 1.3, as implemented by Adobe Acrobat ...)
 	NOT-FOR-US: Acrobat Reader
 CVE-2007-0102 (The Adobe PDF specification 1.3, as implemented by Apple Mac OS X ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2007-0101 (Cross-site request forgery (CSRF) vulnerability in SPINE allows remote ...)
-	TODO: check
+	NOT-FOR-US: SPINE
 CVE-2007-0100 (The Perforce client does not restrict the set of files that it ...)
-	TODO: check
+	NOT-FOR-US: Perforce
 CVE-2007-0099 (Race condition in the msxml3 module in Microsoft Internet Explorer 6 ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2007-0098 (Directory traversal vulnerability in language.php in VerliAdmin 0.3 ...)
-	TODO: check
+	NOT-FOR-US: VerliAdmin
 CVE-2007-0097 (Multiple stack-based buffer overflows in the (1) LoadTree and (2) ...)
-	TODO: check
+	NOT-FOR-US: ConeXware PowerArchive
 CVE-2007-0096 (CarbonCommunities stores sensitive information under the web root with ...)
 	TODO: check
 CVE-2007-0095 (phpMyAdmin 2.9.1.1 allows remote attackers to obtain sensitive ...)
@@ -1061,7 +1061,7 @@ CVE-2006-6896 (The Bluetooth stack in the Plantronic Headset does not properly .
 CVE-2006-6895 (The Bluetooth stack in the Sony Ericsson T60 does not properly ...)
 	TODO: check
 CVE-2006-6894 (Multiple unspecified vulnerabilities in SPINE before 1.2 have unknown ...)
-	TODO: check
+	NOT-FOR-US: SPINE
 CVE-2006-6893 (Tor allows remote attackers to discover the IP address of a hidden ...)
 	TODO: check
 CVE-2006-6892 (Cross-site scripting (XSS) vulnerability in the GetLocation function ...)
@@ -1145,9 +1145,6 @@ CVE-2006-6870 (The consume_labels function in avahi-core/dns.c in Avahi before 0
 CVE-2007-XXXX [drupal XSS]
 	- drupal 4.7.5-1 (low)
 	NOTE: DRUPAL-SA-2007-001
-CVE-2007-XXXX [drupal DoS]
-	- drupal 4.7.5-1 (low)
-	NOTE: DRUPAL-SA-2007-002
 CVE-2007-0106 (Cross-site scripting (XSS) vulnerability in the CSRF protection scheme ...)
 	- wordpress 2.0.6-1 (bug #405691; medium)
 	NOTE: http://www.hardened-php.net/advisory_022007.141.html