Some NFUs

twiki potential viln. git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@3795 e39458fd-73e7-0310-bf30-c45bca0a0e42
author: Neil McGovern <neilm@debian.org> 2006-04-13 11:25:55 +0000
committer: Neil McGovern <neilm@debian.org> 2006-04-13 11:25:55 +0000
commit: abb5783768b8a257275f5c781e1514070ee96184 (patch)
tree: 6438f581a0640418e179758afd944310997b1a24
parent: f8a1ac2e25f7540726e810730d4f74173e6427a2 (diff)
4 files changed, 23 insertions, 22 deletions
diff --git a/data/CVE/1999.list b/data/CVE/1999.list
index cd3065604e..931d79424a 100644
--- a/data/CVE/1999.list
+++ b/data/CVE/1999.list
@@ -1,5 +1,5 @@
 CVE-1999-1587 (/usr/ucb/ps in Sun Microsystems Solaris 8 and 9, and certain earlier ...)
-	TODO: check
+	NOT-FOR-US: Solaris
 CVE-1999-XXXX [Insecure access control on GNU Mach's IO ports]
 	- gnumach <unfixed> (bug #46709)
 	NOTE: Nearly six years old :-)
diff --git a/data/CVE/2002.list b/data/CVE/2002.list
index 5452e0c991..8468974ae1 100644
--- a/data/CVE/2002.list
+++ b/data/CVE/2002.list
@@ -1,7 +1,7 @@
 CVE-2002-2210 (The installation of OpenOffice 1.0.1 allows local users to overwrite ...)
 	TODO: check
 CVE-2002-2209 (Unspecified &quot;security vulnerability&quot; in Baby FTP Server versions ...)
-	TODO: check
+	NOT-FOR-US: Baby FTP Server
 CVE-2002-2208 (Extended Interior Gateway Routing Protocol (EIGRP), as implemented in ...)
 	NOT-FOR-US: IOS
 CVE-2002-2207 (Buffer overflow in ssldump 0.9b2 and earlier, when running in ...)
diff --git a/data/CVE/2003.list b/data/CVE/2003.list
index d617845f9c..aced8fbbe8 100644
--- a/data/CVE/2003.list
+++ b/data/CVE/2003.list
@@ -1,7 +1,7 @@
 CVE-2003-1300 (Unspecified vulnerability in Baby FTP Server versions before May 31, ...)
-	TODO: check
+	NOT-FOR-US: Baby FTP Server
 CVE-2003-1299 (Directory traversal vulnerability in Baby FTP Server versions before ...)
-	TODO: check
+	NOT-FOR-US: Baby FTP Server
 CVE-2003-1298 (Multiple directory traversal vulnerabilities in siteman.php3 in ...)
 	NOT-FOR-US: Veritas Backup
 CVE-2003-1297 (Easy File Sharing (EFS) Web Server 1.2 stores the (1) option.ini (aka ...)
diff --git a/data/CVE/2006.list b/data/CVE/2006.list
index 1e6e867198..8bd49d70a1 100644
--- a/data/CVE/2006.list
+++ b/data/CVE/2006.list
@@ -590,7 +590,7 @@ CVE-2006-1440
 CVE-2006-1439
 	RESERVED
 CVE-2006-1438 (Multiple cross-site scripting (XSS) vulnerabilities in Andy's PHP ...)
-	TODO: check
+	NOT-FOR-US: aphpkb
 CVE-2006-1437
 	RESERVED
 CVE-2006-1436
@@ -678,41 +678,42 @@ CVE-2006-1398 (Cross-site scripting (XSS) vulnerability in guestbook.php in G-Bo
 CVE-2006-1397 (Multiple cross-site scripting (XSS) vulnerabilities in (a) phpAdsNew ...)
 	NOT-FOR-US: phpAdsNew
 CVE-2006-1396 (Multiple cross-site scripting (XSS) vulnerabilities in Cholod MySQL ...)
-	TODO: check
+	NOT-FOR-US: Cholod
 CVE-2006-1395 (SQL injection vulnerability in mb.cgi in Cholod MySQL Based Message ...)
-	TODO: check
+	NOT-FOR-US: Cholod
 CVE-2006-1394 (Multiple cross-site scripting (XSS) vulnerabilities in the Microsoft ...)
-	TODO: check
+	NOT-FOR-US: Pubcookie
 CVE-2006-1393 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
-	TODO: check
+	NOT-FOR-US: Pubcookie
 CVE-2006-1392 (Multiple cross-site scripting (XSS) vulnerabilities in index.cgi in ...)
-	TODO: check
+	NOT-FOR-US: Pubcookie
 CVE-2006-1391 (The (a) Quick 'n Easy Web Server before 3.1.1 and (b) Baby ASP Web ...)
-	TODO: check
+	NOT-FOR-US: Quick 'n Easy/Baby Web Server
 CVE-2006-1390 (The configuration of NetHack 3.4.3-r1 and earlier, Falcon's Eye 1.9.4a ...)
 	NOT-FOR-US: Shortcoming of Gentoo-specific games packaging
 CVE-2006-1389 (Unspecified vulnerability in swagentd in HP-UX B.11.00, B.11.04, and ...)
-	TODO: check
+	NOT-FOR-US: HP-UX
 CVE-2006-1388 (Unspecified vulnerability in Microsoft Internet Explorer 6.0 allows ...)
-	TODO: check
+	NOT-FOR-US: Internet Explorer
 CVE-2006-1387 (TWiki 4.0, 4.0.1, and 20010901 through 20040904 allows remote ...)
-	TODO: check
+	- twiki <unfixed>
+	TODO: see if fw's patch secures this in Debian
 CVE-2006-1386 (The (1) rdiff and (2) preview scripts in TWiki 4.0 and 4.0.1 ignore ...)
-	TODO: check
+	- twiki <not-affected> (only affects 4.0.0 - 4.1.0, version in Debian too young) 
 CVE-2006-1385 (Stack-based buffer overflow in the parseTaggedData function in ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2006-1384 (Cross-site scripting (XSS) vulnerability in apwc_win_main.jsp in the ...)
-	TODO: check
+	NOT-FOR-US: IBM Tivoli Business Systems Manager
 CVE-2006-1383 (Directory traversal vulnerability in Baby FTP Server 1.24 allows ...)
-	TODO: check
+	NOT-FOR-US: Baby FTP Server
 CVE-2006-1382 (PHP remote file inclusion vulnerability in impex/ImpExData.php in ...)
-	TODO: check
+	NOT-FOR-US: vBulletin
 CVE-2006-1381 (Trend Micro OfficeScan 5.5, and probably other versions before 6.5, ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2006-1380 (ISNTSmtp directory in Trend Micro InterScan Messaging Security Suite ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2006-1379 (Trend Micro PC-cillin Internet Security 2006 14.00.1485 and ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2006-1378 (PasswordSafe 3.0, when running on Windows before XP, uses a weak ...)
 	NOT-FOR-US: PasswordSafe
 CVE-2006-1377 (Cross-site scripting (XSS) vulnerability in img.php in (1) EasyMoblog ...)
author	Neil McGovern <neilm@debian.org>	2006-04-13 11:25:55 +0000
committer	Neil McGovern <neilm@debian.org>	2006-04-13 11:25:55 +0000
commit	abb5783768b8a257275f5c781e1514070ee96184 (patch)
tree	6438f581a0640418e179758afd944310997b1a24
parent	f8a1ac2e25f7540726e810730d4f74173e6427a2 (diff)