NFUs

new issue: CVE-2007-1320 xen-3.0


git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@6694 e39458fd-73e7-0310-bf30-c45bca0a0e42

5 files changed, 10 insertions, 9 deletions

diff --git a/data/CVE/2001.list b/data/CVE/2001.list
index a9d6a9b338..aa3dac596e 100644
--- a/data/CVE/2001.list
+++ b/data/CVE/2001.list
@@ -1,7 +1,7 @@
 CVE-2001-1583 (lpd daemon (in.lpd) in Solaris 8 and earlier allows remote attackers ...)
-	TODO: check
+	NOT-FOR-US: Solaris
 CVE-2001-1582 (Buffer overflow in the LDAP naming services library (libsldap) in Sun ...)
-	TODO: check
+	NOT-FOR-US: Solaris
 CVE-2001-1581 (The File Blocker feature in Clearswift MAILsweeper for SMTP 4.2 allows ...)
 	NOT-FOR-US: MAILsweeper
 CVE-2001-XXXX [crypt++ passes passwords through the command line]
diff --git a/data/CVE/2002.list b/data/CVE/2002.list
index 1d56f412f9..7ff6a17171 100644
--- a/data/CVE/2002.list
+++ b/data/CVE/2002.list
@@ -1,5 +1,5 @@
 CVE-2002-2226 (Buffer overflow in tftpd of TFTP32 2.21 and earlier allows remote ...)
-	TODO: check
+	NOT-FOR-US: Tftpd32
 CVE-2002-2225 (SafeNet VPN client allows remote attackers to cause a denial of ...)
 	NOT-FOR-US: SafeNet VPN
 CVE-2002-2224 (Buffer overflow in PGPFreeware 7.03 running on Windows NT 4.0 SP6 ...)
diff --git a/data/CVE/2003.list b/data/CVE/2003.list
index 67b7e6ec38..272f5ffb4f 100644
--- a/data/CVE/2003.list
+++ b/data/CVE/2003.list
@@ -1,11 +1,11 @@
 CVE-2003-1339 (Stack-based buffer overflow in eZnet.exe, as used in eZ (a) ...)
-	TODO: check
+	NOT-FOR-US: eZnet
 CVE-2003-1338 (CRLF injection vulnerability in Aprelium Abyss Web Server 1.1.2 and ...)
-	TODO: check
+	NOT-FOR-US: Abyss Web Server
 CVE-2003-1337 (Heap-based buffer overflow in Aprelium Abyss Web Server 1.1.2 and ...)
-	TODO: check
+	NOT-FOR-US: Abyss Web Server
 CVE-2003-1336 (Buffer overflow in mIRC before 6.11 allows remote attackers to execute ...)
-	TODO: check
+	NOT-FOR-US: mIRC
 CVE-2003-1335 (Directory traversal vulnerability in Kai Blankenhorn Bitfolge simple ...)
 	NOT-FOR-US: snif
 CVE-2003-1334 (Cross-site scripting (XSS) vulnerability in Kai Blankenhorn Bitfolge ...)
diff --git a/data/CVE/2004.list b/data/CVE/2004.list
index 9aa2caa203..739598c803 100644
--- a/data/CVE/2004.list
+++ b/data/CVE/2004.list
@@ -1,7 +1,7 @@
 CVE-2004-2687 (distcc 2.x, as used in XCode 1.5 and others, when not configured to ...)
 	TODO: check
 CVE-2004-2686 (Directory traversal vulnerability in the vfs_getvfssw function in ...)
-	TODO: check
+	NOT-FOR-US: Solaris
 CVE-2004-2685 (Buffer overflow in YoungZSoft CCProxy 6.2 and earlier allows remote ...)
 	NOT-FOR-US: Ccproxy
 CVE-2004-2684 (Unspecified vulnerability in the %template package in InterSystems ...)
diff --git a/data/CVE/2007.list b/data/CVE/2007.list
index 0dc33f7810..cc6788324c 100644
--- a/data/CVE/2007.list
+++ b/data/CVE/2007.list
@@ -81,7 +81,7 @@ CVE-2007-5022 (Unspecified vulnerability in certain IBM Tivoli Storage Manager (
 CVE-2007-5021 (Buffer overflow in the Client Acceptor Daemon (CAD) in certain IBM ...)
 	NOT-FOR-US: IBM Tivoli Storage Manager
 CVE-2007-5020 (Unspecified vulnerability in Adobe Acrobat and Reader 8.1 on Windows ...)
-	TODO: check
+	NOT-FOR-US: Acrobat Reader
 CVE-2007-XXXX [mimep insecure tempfile usage and insecure calls to LaTeX and dvips]
 	- mp 3.7.1-8
 CVE-2007-5019 (Buffer overflow in the Sun Java Web Start ActiveX control in Java ...)
@@ -8490,6 +8490,7 @@ CVE-2007-1321
 CVE-2007-1320 (Multiple heap-based buffer overflows in the cirrus_invalidate_region ...)
 	{DSA-1284-1 DTSA-38-1}
 	- qemu 0.9.0-2 (bug #424070)
+	- xen-3.0 <unfixed> (bug #444007; medium)
 CVE-2007-1319 (Unspecified vulnerability in the IOPCServer::RemoveGroup function in ...)
 	NOT-FOR-US: DeviceXPlorer OLE
 CVE-2007-1318