some NFUs

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@3750 e39458fd-73e7-0310-bf30-c45bca0a0e42

3 files changed, 48 insertions, 50 deletions

diff --git a/data/CVE/2000.list b/data/CVE/2000.list
index f6b650a7e8..688a45bd22 100644
--- a/data/CVE/2000.list
+++ b/data/CVE/2000.list
@@ -699,15 +699,15 @@ CVE-2000-0694 (pgxconfig in the Raptor GFX configuration tool allows local users
 CVE-2000-0693 (pgxconfig in the Raptor GFX configuration tool uses a relative path ...)
 	TODO: check
 CVE-2000-0685 (BEA WebLogic 5.1.x does not properly restrict access to the ...)
-	TODO: check
+	NOT-FOR-US: BEA WebLogic
 CVE-2000-0684 (BEA WebLogic 5.1.x does not properly restrict access to the ...)
-	TODO: check
+	NOT-FOR-US: BEA WebLogic
 CVE-2000-0683 (BEA WebLogic 5.1.x allows remote attackers to read source code for ...)
-	TODO: check
+	NOT-FOR-US: BEA WebLogic
 CVE-2000-0682 (BEA WebLogic 5.1.x allows remote attackers to read source code for ...)
-	TODO: check
+	NOT-FOR-US: BEA WebLogic
 CVE-2000-0681 (Buffer overflow in BEA WebLogic server proxy plugin allows remote ...)
-	TODO: check
+	NOT-FOR-US: BEA WebLogic
 CVE-2000-0679 (The CVS 1.10.8 client trusts pathnames that are provided by the CVS ...)
 	TODO: check
 CVE-2000-0678 (PGP 5.5.x through 6.5.3 does not properly check if an Additional ...)
@@ -969,9 +969,9 @@ CVE-2000-0502 (Mcafee VirusScan 4.03 does not properly restrict access to the al
 CVE-2000-0501 (Race condition in MDaemon 2.8.5.0 POP server allows local users to ...)
 	TODO: check
 CVE-2000-0500 (The default configuration of BEA WebLogic 5.1.0 allows a remote ...)
-	TODO: check
+	NOT-FOR-US: BEA WebLogic
 CVE-2000-0499 (The default configuration of BEA WebLogic 3.1.8 through 4.5.1 allows a ...)
-	TODO: check
+	NOT-FOR-US: BEA WebLogic
 CVE-2000-0498 (Unify eWave ServletExec allows a remote attacker to view source code ...)
 	TODO: check
 CVE-2000-0497 (IBM WebSphere server 3.0.2 allows a remote attacker to view source ...)
diff --git a/data/CVE/2002.list b/data/CVE/2002.list
index b0c2e9bd70..5ed42b80a4 100644
--- a/data/CVE/2002.list
+++ b/data/CVE/2002.list
@@ -4584,7 +4584,7 @@ CVE-2002-0109 (Linksys EtherFast BEFN2PS4, BEFSR41, and BEFSR81 Routers, and pos
 CVE-2002-0108 (Allaire Forums 2.0.4 and 2.0.5 and Forums! 3.0 and 3.1 allows remote ...)
 	TODO: check
 CVE-2002-0106 (BEA Systems Weblogic Server 6.1 allows remote attackers to cause a ...)
-	TODO: check
+	NOT-FOR-US: BEA WebLogic
 CVE-2002-0105 (CDE dtlogin in Caldera UnixWare 7.1.0, and possibly other operating ...)
 	TODO: check
 CVE-2002-0104 (AFTPD 5.4.4 allows remote attackers to gain sensitive information via ...)
diff --git a/data/CVE/2006.list b/data/CVE/2006.list
index 4becc5a51b..9c769cd16c 100644
--- a/data/CVE/2006.list
+++ b/data/CVE/2006.list
@@ -327,84 +327,82 @@ CVE-2006-1434
 	RESERVED
 CVE-2006-1433
 	RESERVED
-
-begin claimed by stef-guest	
-
 CVE-2006-1432 (fusionZONE couponZONE 4.2 allows remote attackers to obtain the full ...)
-	TODO: check
+	NOT-FOR-US: fusionZONE couponZONE
 CVE-2006-1431 (Cross-site scripting (XSS) vulnerability in local.cfm in fusionZONE ...)
-	TODO: check
+	NOT-FOR-US: fusionZONE couponZONE
 CVE-2006-1430 (Multiple cross-site scripting (XSS) vulnerabilities in CONTROLzx HMS ...)
-	TODO: check
+	NOT-FOR-US: CONTROLzx HMS
 CVE-2006-1429 (Cross-site scripting (XSS) vulnerability in accountlogon.cfm in ...)
-	TODO: check
+	NOT-FOR-US: classifiedZONE
 CVE-2006-1428 (Multiple cross-site scripting (XSS) vulnerabilities in phpCOIN 1.2.2 ...)
-	TODO: check
+	NOT-FOR-US: phpCOIN
 CVE-2006-1427 (Multiple cross-site scripting (XSS) vulnerabilities in WebAPP ...)
-	TODO: check
+	NOT-FOR-US: WebAPP
 CVE-2006-1426 (Multiple SQL injection vulnerabilities in Pixel Motion Blog allow ...)
-	TODO: check
+	NOT-FOR-US: Blog Pixel Motion
 CVE-2006-1425 (Cross-site scripting (XSS) vulnerability in track.php in phpmyfamily ...)
-	TODO: check
+	NOT-FOR-US: phpmyfamily
 CVE-2006-1424 (Cross-site scripting (XSS) vulnerability in index.php in ConfTool 1.1 ...)
-	TODO: check
+	NOT-FOR-US: ConfTool
 CVE-2006-1423 (SQL injection vulnerability in showflat.php in UBB.threads 5.5.1, 6.0 ...)
-	TODO: check
+	NOT-FOR-US: UBB.threads
 CVE-2006-1422 (SQL injection vulnerability in details_view.php in PHP Booking Calendar ...)
-	TODO: check
+	NOT-FOR-US: PHP Booking Calendar
 CVE-2006-1421 (Multiple SQL injection vulnerabilities in akocomment.php in AkoComment ...)
-	TODO: check
+	NOT-FOR-US: AkoComment
 CVE-2006-1420 (SQL injection vulnerability in print.php in SaphpLesson 2.0 allows ...)
-	TODO: check
+	NOT-FOR-US: SaphpLesson
 CVE-2006-1419 (SQL injection vulnerability in the Calendar module in nuked-klan 1.7.5 ...)
-	TODO: check
+	NOT-FOR-US: nuked-klan
 CVE-2006-1418 (Cross-site scripting (XSS) vulnerability in default.asp in Caloris ...)
-	TODO: check
+	NOT-FOR-US: Caloris Planitia E-School Management
 CVE-2006-1417 (Multiple cross-site scripting (XSS) vulnerabilities in Caloris ...)
-	TODO: check
+	NOT-FOR-US: Caloris Planitia Online Quiz System
 CVE-2006-1416 (Cross-site scripting (XSS) vulnerability in afmsearch.aspx in Absolute ...)
-	TODO: check
+	NOT-FOR-US: Absolute FAQ Manager .NET
 CVE-2006-1415 (Cross-site scripting (XSS) vulnerability in iforget.aspx in dotNetBB ...)
-	TODO: check
+	NOT-FOR-US: dotNetBB
 CVE-2006-1414 (Multiple cross-site scripting (XSS) vulnerabilities in toast.asp in ...)
-	TODO: check
+	NOT-FOR-US: Toast Forums
 CVE-2006-1413 (Multiple cross-site scripting (XSS) vulnerabilities in EZHomepagePro ...)
-	TODO: check
+	NOT-FOR-US: EZHomepagePro
 CVE-2006-1412 (TFT Gallery 0.10 stores sensitive information under the web root with ...)
-	TODO: check
+	NOT-FOR-US: TFT Gallery
 CVE-2006-1411 (Cross-site scripting (XSS) vulnerability in Absolute Image Gallery XE ...)
-	TODO: check
+	NOT-FOR-US: Absolute Image Gallery
 CVE-2006-1410 (Multiple cross-site scripting (XSS) vulnerabilities in XIGLA Absolute ...)
-	TODO: check
+	NOT-FOR-US: XIGLA Absolute Live Support
 CVE-2006-1409 (Buffer overflow in Vavoom 1.19.1 and earlier allows remote attackers ...)
-	TODO: check
+	NOT-FOR-US: Vavoom
+	NOTE: code in prboom and lxdoom looks completely different
 CVE-2006-1408 (Vavoom 1.19.1 and earlier allows remote attackers to cause a denial of ...)
-	TODO: check
+	NOT-FOR-US: Vavoom
+	NOTE: code in prboom and lxdoom looks completely different
 CVE-2006-1407 (Multiple cross-site scripting (XSS) vulnerabilities in Helm Web ...)
-	TODO: check
+	NOT-FOR-US: Helm Web Hosting Control Panel
 CVE-2006-1406 (Multiple cross-site scripting (XSS) vulnerabilities in wbadmlog.aspx ...)
-	TODO: check
+	NOT-FOR-US: uniForum
 CVE-2006-1405 (Cross-site scripting (XSS) vulnerability in search.aspx in ...)
-	TODO: check
+	NOT-FOR-US: SweetSuite.NET Content Management System
 CVE-2006-1404 (Multiple cross-site scripting (XSS) vulnerabilities in bol.cgi in ...)
-	TODO: check
+	NOT-FOR-US: BlankOL
 CVE-2006-1403 (Format string vulnerability in the PrintString function in ...)
-	TODO: check
-
-end claimed by stef-guest
-
+	NOT-FOR-US: csDoom
+	NOTE: prboom, lxdoom not affected
 CVE-2006-1402 (Buffer overflow in client/server Doom (csDoom) 0.7 and earlier allows ...)
-	TODO: check
+	NOT-FOR-US: csDoom
+	NOTE: prboom, lxdoom not affected
 CVE-2006-1401 (Multiple cross-site scripting (XSS) vulnerabilities in search.php in ...)
-	TODO: check
+	NOT-FOR-US: Calendar Express
 CVE-2006-1400 (Cross-site scripting (XSS) vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: Metisware Instructor
 CVE-2006-1399 (Cross-site scripting (XSS) vulnerability in searchresult.php in ...)
-	TODO: check
+	NOT-FOR-US: Meeting Reserve 
 CVE-2006-1398 (Cross-site scripting (XSS) vulnerability in guestbook.php in G-Book ...)
-	TODO: check
+	NOT-FOR-US: G-Book
 CVE-2006-1397 (Multiple cross-site scripting (XSS) vulnerabilities in (a) phpAdsNew ...)
-	TODO: check
+	NOT-FOR-US: phpAdsNew
 CVE-2006-1396 (Multiple cross-site scripting (XSS) vulnerabilities in Cholod MySQL ...)
 	TODO: check
 CVE-2006-1395 (SQL injection vulnerability in mb.cgi in Cholod MySQL Based Message ...)