Associate several oder NFUs for phplist with the respective itp bug

6 files changed, 21 insertions, 21 deletions

diff --git a/data/CVE/2005.list b/data/CVE/2005.list
index db3010a72a..e76382d7e9 100644
--- a/data/CVE/2005.list
+++ b/data/CVE/2005.list
@@ -3025,11 +3025,11 @@ CVE-2005-3559 (Directory traversal vulnerability in vmail.cgi in Asterisk 1.0.9
 CVE-2005-3558 (PHP file inclusion vulnerability in index.php in OSTE 1.0 allows remot ...)
 	NOT-FOR-US: OSTE
 CVE-2005-3557 (Directory traversal vulnerability in admin/defaults.php in PHPlist 2.1 ...)
-	NOT-FOR-US: PHPList
+	- phplist <itp> (bug #612288)
 CVE-2005-3556 (Multiple cross-site scripting (XSS) vulnerabilities in PHPlist 2.10.1  ...)
-	NOT-FOR-US: PHPList
+	- phplist <itp> (bug #612288)
 CVE-2005-3555 (Multiple SQL injection vulnerabilities in PHPlist 2.10.1 and earlier a ...)
-	NOT-FOR-US: PHPList
+	- phplist <itp> (bug #612288)
 CVE-2005-3554 (Multiple eval injection vulnerabilities in the help function in PHPKIT ...)
 	NOT-FOR-US: PHPKIT
 CVE-2005-3553 (Multiple SQL injection vulnerabilities in include.php in PHPKIT 1.6.1  ...)
@@ -5914,9 +5914,9 @@ CVE-2005-2435 (Cross-site scripting (XSS) vulnerability in browse.php in Website
 CVE-2005-2434 (Linksys WRT54G router uses the same private key and certificate for ev ...)
 	NOT-FOR-US: Linksys hardware
 CVE-2005-2433 (PhpList allows remote attackers to obtain sensitive information via a  ...)
-	NOT-FOR-US: PhpList
+	- phplist <itp> (bug #612288)
 CVE-2005-2432 (SQL injection vulnerability in PhpList allows remote attackers to modi ...)
-	NOT-FOR-US: PhpList
+	- phplist <itp> (bug #612288)
 CVE-2005-2431 (The (1) lost password and (2) account pending features in GForge 4.5 d ...)
 	- gforge 4.5.14-2 (bug #328224; unimportant)
 	NOTE: Direct flooding is possible as well in most circumstances.
diff --git a/data/CVE/2006.list b/data/CVE/2006.list
index 4f4710966f..cef1eacf1a 100644
--- a/data/CVE/2006.list
+++ b/data/CVE/2006.list
@@ -3862,7 +3862,7 @@ CVE-2006-5526 (Multiple PHP remote file inclusion vulnerabilities in Teake Nutma
 CVE-2006-5525 (Incomplete blacklist vulnerability in mainfile.php in PHP-Nuke 7.9 and ...)
 	NOT-FOR-US: PHP-Nuke
 CVE-2006-5524 (Cross-site scripting (XSS) vulnerability in index.php in phplist 2.10. ...)
-	NOT-FOR-US: phplist
+	- phplist <itp> (bug #612288)
 CVE-2006-5523 (PHP remote file inclusion vulnerability in common.php in EZ-Ticket 0.0 ...)
 	NOT-FOR-US: EZ-Ticket
 CVE-2006-5522 (Multiple PHP remote file inclusion vulnerabilities in Johannes Erdfelt ...)
@@ -4325,9 +4325,9 @@ CVE-2006-5324 (The Web Services Notification (WSN) security component of IBM Web
 CVE-2006-5323 (Unspecified vulnerability in IBM WebSphere Application Server before 6 ...)
 	NOT-FOR-US: IBM WebSphere
 CVE-2006-5322 (Multiple SQL injection vulnerabilities in phplist before 2.10.3 allow  ...)
-	NOT-FOR-US: phplist
+	- phplist <itp> (bug #612288)
 CVE-2006-5321 (Multiple cross-site scripting (XSS) vulnerabilities in phplist before  ...)
-	NOT-FOR-US: phplist
+	- phplist <itp> (bug #612288)
 CVE-2006-5320 (Directory traversal vulnerability in getimg.php in Album Photo Sans No ...)
 	NOT-FOR-US: Album Photo Sans Nom
 CVE-2006-5319 (Directory traversal vulnerability in redir.php in Foafgen 0.3 allows r ...)
@@ -4381,7 +4381,7 @@ CVE-2006-5297 (Race condition in the safe_open function in the Mutt mail client
 CVE-2006-5296 (PowerPoint in Microsoft Office 2003 does not properly handle a contain ...)
 	NOT-FOR-US: Microsoft
 CVE-2006-5294 (Cross-site scripting (XSS) vulnerability in index.php in phplist befor ...)
-	NOT-FOR-US: phplist
+	- phplist <itp> (bug #612288)
 CVE-2006-5293 (Cross-site scripting (XSS) vulnerability in index.php in PhpOutsourcin ...)
 	NOT-FOR-US: PhpOutsourcing Noah's Classifieds
 CVE-2006-5292 (PHP remote file inclusion vulnerability in photo_comment.php in Exhibi ...)
@@ -12417,7 +12417,7 @@ CVE-2006-1748 (Cross-site scripting (XSS) vulnerability in XMB Forum 1.9.5 allow
 CVE-2006-1747 (PHP remote file inclusion vulnerability in Virtual War (VWar) 1.5.0 al ...)
 	NOT-FOR-US: Virtual War
 CVE-2006-1746 (Directory traversal vulnerability in PHPList 2.10.2 and earlier allows ...)
-	NOT-FOR-US: PHPList
+	- phplist <itp> (bug #612288)
 CVE-2006-1745 (Cross-site scripting (XSS) vulnerability in login.php in Bitweaver 1.3 ...)
 	NOT-FOR-US: Bitweaver
 CVE-2006-1743 (Multiple SQL injection vulnerabilities in form.php in JBook 1.4 allow  ...)
diff --git a/data/CVE/2008.list b/data/CVE/2008.list
index 72df031c20..d0b9017dcc 100644
--- a/data/CVE/2008.list
+++ b/data/CVE/2008.list
@@ -3075,7 +3075,7 @@ CVE-2008-5889 (Cross-site scripting (XSS) vulnerability in user.asp in Click&amp
 CVE-2008-5888 (Multiple SQL injection vulnerabilities in Click&amp;Rank allow remote  ...)
 	NOT-FOR-US: Click&Rank
 CVE-2008-5887 (phplist before 2.10.8 allows remote attackers to include files via unk ...)
-	NOT-FOR-US: phplist
+	- phplist <itp> (bug #612288)
 CVE-2008-5886 (TAKempis Discussion Web 4.0 stores sensitive information under the web ...)
 	NOT-FOR-US: TAKempis Discussion Web
 CVE-2008-5885 (The Net Guys ASPired2Quote stores sensitive information under the web  ...)
diff --git a/data/CVE/2009.list b/data/CVE/2009.list
index 3bbf15c711..e4f275c961 100644
--- a/data/CVE/2009.list
+++ b/data/CVE/2009.list
@@ -12548,7 +12548,7 @@ CVE-2009-0424 (Cross-site scripting (XSS) vulnerability in sign1.php in AN Guest
 CVE-2009-0423 (Directory traversal vulnerability in index.php in Php Photo Album (PHP ...)
 	NOT-FOR-US: Php Photo Album
 CVE-2009-0422 (Dynamic variable evaluation vulnerability in lists/admin.php in phpLis ...)
-	NOT-FOR-US: phpList
+	- phplist <itp> (bug #612288)
 CVE-2009-0421 (SQL injection vulnerability in the Eventing (com_eventing) 1.6.x compo ...)
 	NOT-FOR-US: Joomla!
 CVE-2009-0420 (SQL injection vulnerability in the RD-Autos (com_rdautos) 1.5.5 Stable ...)
diff --git a/data/CVE/2011.list b/data/CVE/2011.list
index 6fb69e7bcc..f3ca78c2c7 100644
--- a/data/CVE/2011.list
+++ b/data/CVE/2011.list
@@ -9593,7 +9593,7 @@ CVE-2011-1685 (Best Practical Solutions RT 3.8.0 through 3.8.9 and 4.0.0rc throu
 CVE-2011-1683 (IBM WebSphere Application Server (WAS) 6.0.x through 6.0.2.43, 6.1.x b ...)
 	NOT-FOR-US: IBM WebSphere Application Server
 CVE-2011-1682 (Multiple cross-site request forgery (CSRF) vulnerabilities in phpList  ...)
-	NOT-FOR-US: phpList
+	- phplist <itp> (bug #612288)
 CVE-2011-1684 (Heap-based buffer overflow in the MP4_ReadBox_skcr function in libmp4. ...)
 	{DSA-2218-1}
 	- vlc 1.1.8-3 (medium)
@@ -12215,7 +12215,7 @@ CVE-2011-0750
 CVE-2011-0749
 	RESERVED
 CVE-2011-0748 (Multiple cross-site request forgery (CSRF) vulnerabilities in phpList  ...)
-	NOT-FOR-US: phpList
+	- phplist <itp> (bug #612288)
 CVE-2011-0747
 	RESERVED
 CVE-2011-0746 (Cross-site request forgery (CSRF) vulnerability in Forms/PortForwardin ...)
diff --git a/data/CVE/2012.list b/data/CVE/2012.list
index 7c06510ba3..46e58a1527 100644
--- a/data/CVE/2012.list
+++ b/data/CVE/2012.list
@@ -3745,7 +3745,7 @@ CVE-2012-5230 (Unspecified vulnerability in the JE Story Submit (com_jesubmit) c
 CVE-2012-5229 (Cross-site scripting (XSS) vulnerability in css/gallery-css.php in the ...)
 	NOT-FOR-US: WP Gallery2
 CVE-2012-5228 (Cross-site scripting (XSS) vulnerability in admin/index.php in phplist ...)
-	NOT-FOR-US: phplist
+	- phplist <itp> (bug #612288)
 CVE-2012-5227 (SQL injection vulnerability in administrer/tva.php in Peel SHOPPING 2. ...)
 	NOT-FOR-US: Peel Shopping
 CVE-2012-5226 (Multiple cross-site scripting (XSS) vulnerabilities in Peel SHOPPING 2 ...)
@@ -6067,9 +6067,9 @@ CVE-2012-4249 (The Amazon Lab126 com.lab126.system sendEvent implementation on t
 CVE-2012-4248 (The Amazon Kindle Touch before 5.1.2 does not properly restrict access ...)
 	NOT-FOR-US: Kindle Touch
 CVE-2012-4247 (Multiple cross-site scripting (XSS) vulnerabilities in lists/admin/ind ...)
-	NOT-FOR-US: phplist
+	- phplist <itp> (bug #612288)
 CVE-2012-4246 (Multiple cross-site scripting (XSS) vulnerabilities in lists/admin/ind ...)
-	NOT-FOR-US: phplist
+	- phplist <itp> (bug #612288)
 CVE-2012-4245 (The scriptfu network server in GIMP 2.6 does not require authenticatio ...)
 	- gimp <unfixed> (unimportant)
 	NOTE: The interface isn't designed or advertised to be secure, this is hardly a security issue in practice
@@ -6941,9 +6941,9 @@ CVE-2012-3954 (Multiple memory leaks in ISC DHCP 4.1.x and 4.2.x before 4.2.4-P1
 	- isc-dhcp 4.2.4-2 (bug #686174)
 	[wheezy] - isc-dhcp 4.2.2.dfsg.1-5+deb70u1
 CVE-2012-3953 (SQL injection vulnerability in admin/index.php in phpList before 2.10. ...)
-	NOT-FOR-US: phplist
+	- phplist <itp> (bug #612288)
 CVE-2012-3952 (Cross-site scripting (XSS) vulnerability in admin/index.php in phpList ...)
-	NOT-FOR-US: phplist
+	- phplist <itp> (bug #612288)
 CVE-2012-3951 (The MySQL component in Plixer Scrutinizer (aka Dell SonicWALL Scrutini ...)
 	NOT-FOR-US: Plixer Scrutinizer
 CVE-2012-3950 (The Intrusion Prevention System (IPS) feature in Cisco IOS 12.3 throug ...)
@@ -9892,9 +9892,9 @@ CVE-2012-2742 (Revelation 0.4.13-2 and earlier uses only the first 32 characters
 	[squeeze] - revelation <no-dsa> (Minor issue)
 	NOTE: http://www.openwall.com/lists/oss-security/2012/06/18/1
 CVE-2012-2741 (Cross-site scripting (XSS) vulnerability in public_html/lists/admin/ i ...)
-	NOT-FOR-US: phplist
+	- phplist <itp> (bug #612288)
 CVE-2012-2740 (SQL injection vulnerability in public_html/lists/admin in phpList befo ...)
-	NOT-FOR-US: phplist
+	- phplist <itp> (bug #612288)
 CVE-2012-2739 (Oracle Java SE before 7 Update 6, and OpenJDK 7 before 7u6 build 12 an ...)
 	- openjdk-6 <removed> (unimportant)
 	- openjdk-7 <removed> (unimportant)