More cleanups for REJECTED entries

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@38767 e39458fd-73e7-0310-bf30-c45bca0a0e42
author: Salvatore Bonaccorso <carnil@debian.org> 2016-01-08 06:40:14 +0000
committer: Salvatore Bonaccorso <carnil@debian.org> 2016-01-08 06:40:14 +0000
commit: 778b59a921712905e17d27395d06f147901a7b16 (patch)
tree: 91d087d1cfa2b019b2826e2ef05b964a336dc906 /data
parent: b01498e9bf7e6c1518785857775a441e2d3f99fa (diff)
10 files changed, 1 insertions, 44 deletions
diff --git a/data/CVE/2002.list b/data/CVE/2002.list
index 93476e5e18..619521f124 100644
--- a/data/CVE/2002.list
+++ b/data/CVE/2002.list
@@ -544,7 +544,6 @@ CVE-2002-2195 (Buffer overflow in the version update check for Winamp 2.80 and .
 	NOT-FOR-US: Winamp
 CVE-2002-2194
 	REJECTED
-	NOT-FOR-US: Solaris
 CVE-2002-2193 (Cross-site scripting (XSS) vulnerability in mojo.cgi for Mojo Mail 2.7 ...)
 	NOT-FOR-US: Mojo Mail
 CVE-2002-2192 (Cross-site scripting (XSS) vulnerability in Perception LiteServe 2.0.1 ...)
@@ -613,14 +612,12 @@ CVE-2002-2161 (Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote ...
 	NOT-FOR-US: Kerio Personal Firewall
 CVE-2002-2160
 	REJECTED
-	NOT-FOR-US: MidiCart
 CVE-2002-2159 (Linksys EtherFast Cable/DSL BEFSR11, BEFSR41 and BEFSRU31 with the ...)
 	NOT-FOR-US: Linksys hardware
 CVE-2002-2158 (zenTrack 2.0.3 and earlier allows remote attackers to obtain the full ...)
 	NOT-FOR-US: zenTrack
 CVE-2002-2157
 	REJECTED
-	NOT-FOR-US: vBulletin
 CVE-2002-2156 (Buffer overflow in Trillian 0.73 allows remote IRC servers to execute ...)
 	NOT-FOR-US: Cerulean Trillian
 CVE-2002-2155 (Format string vulnerability in the error handling of IRC invite ...)
@@ -633,7 +630,6 @@ CVE-2002-2152 (The Czech edition of Software602's Web Server before 2002.0.02.09
 	NOT-FOR-US: Software602
 CVE-2002-2151
 	REJECTED
-	NOT-FOR-US: Search97
 CVE-2002-2150 (Firewalls from multiple vendors empty state tables more slowly than ...)
 	NOTE: SYN floods etc generally filed as issues in linux specifically
 	NOTE: if it is affected
@@ -643,7 +639,6 @@ CVE-2002-2148 (Lucent Ascend MAX Router 5.0 and earlier, Lucent Ascend Pipeline
 	NOT-FOR-US: Lucent MAX Router
 CVE-2002-2147
 	REJECTED
-	NOT-FOR-US: Savant Web Server
 CVE-2002-2146 (cgitest.exe in Savant Web Server 3.1 and earlier allows remote ...)
 	NOT-FOR-US: Savant Web Server
 CVE-2002-2145 (Savant Web Server 3.1 and earlier allows remote attackers to bypass ...)
@@ -666,10 +661,8 @@ CVE-2002-2137 (GlobalSunTech Wireless Access Points (1) WISECOM GL2422AP-0T, and
 	NOT-FOR-US: GlobalSunTech Wireless Access Points
 CVE-2002-2136
 	REJECTED
-	NOT-FOR-US: SUNW*
 CVE-2002-2135
 	REJECTED
-	NOT-FOR-US: HP-UX
 CVE-2002-2134 (haut.php in PEEL 1.0b allows remote attackers to execute arbitrary PHP ...)
 	NOT-FOR-US: PEEL
 CVE-2002-2133 (Telindus 1100 ASDL router running firmware 6.0.x uses weak encryption ...)
@@ -1696,7 +1689,6 @@ CVE-2002-1639 (Oracle Configurator before 11.5.7.17.32 and 11.5.6.16.53 allows r
 	NOT-FOR-US: Oracle
 CVE-2002-1638
 	REJECTED
-	NOT-FOR-US: Oracle
 CVE-2002-1637 (Multiple components in Oracle 9i Application Server (9iAS) are ...)
 	NOT-FOR-US: Oracle
 CVE-2002-1636 (Cross-site scripting (XSS) vulnerability in the htp PL/SQL package for ...)
diff --git a/data/CVE/2004.list b/data/CVE/2004.list
index 6170270ffc..e502b3a2a3 100644
--- a/data/CVE/2004.list
+++ b/data/CVE/2004.list
@@ -795,7 +795,6 @@ CVE-2004-2405 (Buffer overflow in multiple F-Secure Anti-Virus products, includi
 	NOT-FOR-US: F-Secure Anti-Virus
 CVE-2004-2404
 	REJECTED
-	NOT-FOR-US: Leif Wright Web Blog
 CVE-2004-2403 (Cross-site request forgery (CSRF) vulnerability in YaBB 1 GOLD SP ...)
 	NOT-FOR-US: YaBB
 CVE-2004-2402 (Cross-site scripting (XSS) vulnerability in YaBB.pl in YaBB 1 GOLD SP ...)
@@ -1043,7 +1042,6 @@ CVE-2004-2286 (Integer overflow in the duplication operator in ActivePerl allows
 	NOT-FOR-US: ActivePerl
 CVE-2004-2285
 	REJECTED
-	NOT-FOR-US: Perl on Windows
 CVE-2004-2284 (The read_list_from_file function in vacation.pl for OpenWebmail before ...)
 	NOT-FOR-US: OpenWebmail
 CVE-2004-2283 (Unknown vulnerability in DansGuardian before 2.6.1-13 allows remote ...)
@@ -1846,7 +1844,6 @@ CVE-2004-1887 (Ada Image Server (ImgSvr) 0.4 allows remote attackers to view ...
 	NOT-FOR-US: no_package
 CVE-2004-1886
 	REJECTED
-	NOT-FOR-US: no_package
 CVE-2004-1885 (Ipswitch WS_FTP Server 4.0.2 allows remote authenticated users to ...)
 	NOT-FOR-US: no_package
 CVE-2004-1884 (Ipswitch WS_FTP Server 4.0.2 has a backdoor XXSESS_MGRYY username with ...)
diff --git a/data/CVE/2005.list b/data/CVE/2005.list
index 47dee8be65..6f7c9f9c7e 100644
--- a/data/CVE/2005.list
+++ b/data/CVE/2005.list
@@ -617,7 +617,6 @@ CVE-2005-4634 (SQL injection vulnerability in index.php in ActiveCampaign Suppor
 	NOT-FOR-US: ActiveCampaign SupportTrio
 CVE-2005-4633
 	REJECTED
-	NOT-FOR-US: phpoutsourcing Zorum Forum
 CVE-2005-4632 (SQL injection vulnerability in poll_frame.php in Vote! Pro 4.0 and ...)
 	NOT-FOR-US: Vote!Pro
 CVE-2005-4631 (SQL injection vulnerability in index.php in Zina 0.12.07 and earlier ...)
@@ -1428,7 +1427,6 @@ CVE-2005-4266 (WorldClient.dll in Alt-N MDaemon and WorldClient 8.1.3 trusts a .
 	NOT-FOR-US: Alt-N MDaemon and WorldClient
 CVE-2005-4265
 	REJECTED
-	NOT-FOR-US: Alt-N MDaemon and WorldClient
 CVE-2005-4264 (Multiple SQL injection vulnerabilities in index.php in PHP Support ...)
 	NOT-FOR-US: PHP Support Tickets
 CVE-2005-4263 (SQL injection vulnerability in the News module in Envolution allows ...)
@@ -1716,10 +1714,8 @@ CVE-2005-4129
 	REJECTED
 CVE-2005-4128
 	REJECTED
-	NOT-FOR-US: Apple Quicktime
 CVE-2005-4127
 	REJECTED
-	NOT-FOR-US: iTunes
 CVE-2005-4126 (** UNVERIFIABLE, PRERELEASE ** ...)
 	NOT-FOR-US: Pre-Notification for RealMedia vulnerability, which never appeared
 CVE-2005-4125
@@ -1999,7 +1995,6 @@ CVE-2005-3995 (Format string vulnerability in the dosyslog function in the OBEX
 	NOTE: Checked obexserver source package, not vulnerable
 CVE-2005-3994
 	REJECTED
-	NOT-FOR-US: Atlassian Confluence
 CVE-2005-3993 (Multiple unspecified vulnerabilities in MailEnable Professional 1.6 ...)
 	NOT-FOR-US: MailEnable
 CVE-2005-3992 (Multiple buffer overflows in WinEggDropShell remote access trojan ...)
@@ -2008,7 +2003,6 @@ CVE-2005-3991 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyChat
 	NOT-FOR-US: phpMyChat
 CVE-2005-3990
 	REJECTED
-	NOTE: duplicate of CVE-2006-3619
 CVE-2005-3989 (Memory leak in Avaya TN2602AP IP Media Resource 320 circuit pack ...)
 	NOT-FOR-US: Avaya hardware
 CVE-2005-3988 (SQL injection vulnerability in article.php in Pineapple Technologies ...)
@@ -2999,7 +2993,6 @@ CVE-2005-3562
 	REJECTED
 CVE-2005-3561
 	REJECTED
-	NOT-FOR-US: ATutor
 CVE-2005-3560 (Zone Labs (1) ZoneAlarm Pro 6.0, (2) ZoneAlarm Internet Security Suite ...)
 	NOT-FOR-US: Zone Labs
 CVE-2005-3559 (Directory traversal vulnerability in vmail.cgi in Asterisk 1.0.9 ...)
@@ -3039,7 +3032,6 @@ CVE-2005-3543 (SQL injection vulnerability in search.php in Phorum 5.0.0alpha th
 	NOT-FOR-US: Phorum
 CVE-2005-3542
 	REJECTED
-	NOT-FOR-US: Tonio Gallery
 CVE-2005-3541
 	RESERVED
 CVE-2005-3540 (Buffer overflow in petris before 1.0.1 allows remote attackers to ...)
@@ -4755,7 +4747,6 @@ CVE-2005-2884 (Cross-site scripting (XSS) vulnerability in events.php in Land Do
 	NOT-FOR-US: Land Down Under
 CVE-2005-2883
 	REJECTED
-	NOT-FOR-US: Unclassified News Board
 CVE-2005-2882 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
 	NOT-FOR-US: phpCommunityCalendar
 CVE-2005-2881 (phpCommunityCalendar 4.0.3 allows remote attackers to bypass ...)
@@ -5934,7 +5925,6 @@ CVE-2005-2419 (B-FOCuS Router 312+ allows remote attackers to bypass authenticat
 	NOT-FOR-US: hardware issue
 CVE-2005-2418
 	REJECTED
-	NOT-FOR-US: Realchat
 CVE-2005-2417 (Contrexx before 1.0.5 allows remote attackers to obtain sensitive ...)
 	NOT-FOR-US: Contrexx
 CVE-2005-2416 (Multiple cross-site scripting (XSS) vulnerabilities in Contrexx before ...)
@@ -6093,7 +6083,6 @@ CVE-2005-2357 (Directory traversal vulnerability in EMC Navisphere Manager 6.4.1
 	NOT-FOR-US: EMC Navisphere Manager
 CVE-2005-2355
 	REJECTED
-	NOTE: see CVE-2005-2356
 CVE-2005-2347
 	RESERVED
 CVE-2005-2346 (Buffer overflow in Novell GroupWise 6.5 Client allows remote attackers ...)
@@ -6187,7 +6176,6 @@ CVE-2005-2304 (Microsoft MSN Messenger 9.0 and Internet Explorer 6.0 allows remo
 	NOT-FOR-US: Microsoft
 CVE-2005-2303
 	REJECTED
-	NOT-FOR-US: Microsoft
 CVE-2005-2302 (PowerDNS before 2.9.18, when allowing recursion to a restricted range ...)
 	{DSA-771-1}
 	- pdns 2.9.18-1 (medium; bug #318798)
@@ -6607,7 +6595,6 @@ CVE-2005-2134 (The (1) clcs and (2) emuxki drivers in NetBSD 1.6 through 2.0.2 a
 	NOT-FOR-US: NetBSD
 CVE-2005-2133
 	REJECTED
-	NOT-FOR-US: log4sh
 CVE-2005-2132 (RPC portmapper (rpcbind) in SCO UnixWare 7.1.1 m5, 7.1.3 mp5, and ...)
 	NOT-FOR-US: SCO UnixWare
 CVE-2005-2131
@@ -7054,7 +7041,6 @@ CVE-2005-1959 (jammail.pl in jamchen JamMail 1.8 allows remote attackers to exec
 	NOT-FOR-US: JamMail
 CVE-2005-1958
 	REJECTED
-	NOTE: see CVE-2005-1855
 CVE-2005-1957 (mtnpeak.net File Upload Manager does not properly check user ...)
 	NOT-FOR-US: File Upload Manager
 CVE-2005-1956 (File Upload Manager allows remote attackers to upload arbitrary files ...)
@@ -9159,7 +9145,6 @@ CVE-2005-1033 (CubeCart 2.0.6 allows remote attackers to obtain sensitive inform
 	NOT-FOR-US: CubeCart
 CVE-2005-1032
 	REJECTED
-	NOT-FOR-US: LiteCommerce
 CVE-2005-1031 (RUNCMS 1.1A, and possibly other products based on e-Xoops (exoops), ...)
 	NOT-FOR-US: exoops
 CVE-2005-1030 (Multiple cross-site scripting (XSS) vulnerabilities in Active Auction ...)
@@ -10286,7 +10271,6 @@ CVE-2005-0529 (Linux kernel 2.6.10 and 2.6.11rc1-bk6 uses different size types f
 	[sarge] - kernel-source-2.6.8 2.6.8-14
 CVE-2005-0528
 	REJECTED
-	NOTE: This was a dupe of the mremap kernel issue CVE-2003-0985
 CVE-2005-0527 (Firefox 1.0 allows remote attackers to execute arbitrary code via ...)
 	- mozilla-firefox 1.0.1
 	NOTE: didn't other with YA mozilla-browser bug, it has enough for 1.7.6 already..
diff --git a/data/CVE/2006.list b/data/CVE/2006.list
index d99d276b39..9093f58f97 100644
--- a/data/CVE/2006.list
+++ b/data/CVE/2006.list
@@ -653,7 +653,6 @@ CVE-2006-6968 (Cross-site scripting (XSS) vulnerability in the group moderation
 	NOT-FOR-US: Phorum
 CVE-2006-6967
 	REJECTED
-	NOT-FOR-US: Check Point Firewall-1
 CVE-2006-6966 (phpGraphy before 0.9.13a does not properly unset variables when the ...)
 	NOT-FOR-US: phpGraphy
 CVE-2006-6965 (CRLF injection vulnerability in lib/exe/fetch.php in DokuWiki ...)
@@ -8566,7 +8565,6 @@ CVE-2006-3433
 	RESERVED
 CVE-2006-3432
 	REJECTED
-	NOTE: duplicate of CVE-2007-0028
 CVE-2006-3431 (Buffer overflow in certain Asian language versions of Microsoft Excel ...)
 	NOT-FOR-US: Microsoft Excel
 CVE-2006-3430 (SQL injection vulnerability in checkprofile.asp in (1) PatchLink ...)
@@ -12149,8 +12147,6 @@ CVE-2006-1846 (Cross-site scripting (XSS) vulnerability in the Your_Account modu
 	NOT-FOR-US: PHP-Nuke
 CVE-2006-1845
 	REJECTED
-	NOT-FOR-US: Microsoft Exchange
-	NOTE: Duplicate of CVE-2006-0537
 CVE-2006-1844 (The Debian installer for the (1) shadow 4.0.14 and (2) base-config ...)
 	[sarge] - shadow 1:4.0.3-31sarge8
 	[sarge] - base-config <not-affected>
@@ -15850,7 +15846,6 @@ CVE-2006-0265 (Multiple unspecified vulnerabilities in Oracle Database server ..
 	NOT-FOR-US: Oracle
 CVE-2006-0264
 	REJECTED
-	NOT-FOR-US: Oracle
 CVE-2006-0263 (Multiple unspecified vulnerabilities in Oracle Database server ...)
 	NOT-FOR-US: Oracle
 CVE-2006-0262 (Unspecified vulnerability in the Net Foundation Layer component of ...)
@@ -16239,7 +16234,6 @@ CVE-2006-0093 (Cross-site scripting (XSS) vulnerability in index.php in @Card ME
 	NOT-FOR-US: @Card ME PHP
 CVE-2006-0092
 	REJECTED
-	NOT-FOR-US: SiteSuite CMS
 CVE-2006-0091 (Cross-site scripting (XSS) vulnerability in webmail in Open-Xchange ...)
 	- open-xchange <itp> (bug #269329)
 CVE-2006-0090 (Directory traversal vulnerability in index.php in IDV Directory Viewer ...)
diff --git a/data/CVE/2007.list b/data/CVE/2007.list
index f2b5691015..b4e43d82b6 100644
--- a/data/CVE/2007.list
+++ b/data/CVE/2007.list
@@ -12925,7 +12925,6 @@ CVE-2007-1324 (SnapGear 560, 585, 580, 640, 710, and 720 appliances before the .
 	NOT-FOR-US: SnapGear
 CVE-2007-1323
 	REJECTED
-	NOTE: replaced by both CVE-2007-5729 and CVE-2007-5730
 CVE-2007-1322 (QEMU 0.8.2 allows local users to halt a virtual machine by executing ...)
 	{DSA-1284-1 DTSA-38-1 DTSA-133-1}
 	- qemu 0.9.0-2 (bug #424070)
diff --git a/data/CVE/2009.list b/data/CVE/2009.list
index f65e5a70ec..9b49ef1ae1 100644
--- a/data/CVE/2009.list
+++ b/data/CVE/2009.list
@@ -7658,7 +7658,6 @@ CVE-2009-2260 (stardict 3.0.1, when Enable Net Dict is configured, sends the con
 	[lenny] - stardict 3.0.1-4+lenny1
 CVE-2009-2259
 	REJECTED
-	NOT-FOR-US: PHP Address Book
 CVE-2009-2258 (Directory traversal vulnerability in cgi-bin/webcm in the ...)
 	NOT-FOR-US: Netgear DG632
 CVE-2009-2257 (The administrative web interface on the Netgear DG632 with firmware ...)
diff --git a/data/CVE/2010.list b/data/CVE/2010.list
index 0167ad7c74..fe8aedb945 100644
--- a/data/CVE/2010.list
+++ b/data/CVE/2010.list
@@ -5737,9 +5737,8 @@ CVE-2010-3092 (The upload module in Drupal 5.x before 5.23 and 6.x before 6.18 d
 CVE-2010-3091 (The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x ...)
 	{DSA-2113-1}
 	- drupal6 6.18-1 (low; bug #592716)
-CVE-2010-3090 [mailman, will be rejected]
+CVE-2010-3090
 	REJECTED
-	NOT-FOR-US: ** REJECT ** mailman
 CVE-2010-3089 (Multiple cross-site scripting (XSS) vulnerabilities in GNU Mailman ...)
 	{DSA-2170-1}
 	- mailman 1:2.1.13-4.1 (bug #599833)
diff --git a/data/CVE/2012.list b/data/CVE/2012.list
index 6850c09ce9..fb6770cb44 100644
--- a/data/CVE/2012.list
+++ b/data/CVE/2012.list
@@ -4785,8 +4785,6 @@ CVE-2012-4736 (The Device Encryption Client component in Sophos SafeGuard Enterp
 	NOT-FOR-US: Sophos SafeGuard Enterprise
 CVE-2012-4735
 	REJECTED
-	NOTE: CVE-2012-4735 rejected in favour of CVE-2012-6578, CVE-2012-6579, CVE-2012-6580, CVE-2012-6581.
-	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=870406#c3
 CVE-2012-4734 (Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows ...)
 	{DSA-2567-1}
 	- request-tracker3.8 <removed>
@@ -7789,7 +7787,6 @@ CVE-2012-3542 (OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1
 	- keystone 2012.1.1-5
 CVE-2012-3541
 	REJECTED
-	{DLA-108-1}
 CVE-2012-3540 (Open redirect vulnerability in views/auth_forms.py in OpenStack ...)
 	- horizon 2012.1.1-4 (bug #686050)
 CVE-2012-3539
@@ -8174,8 +8171,6 @@ CVE-2012-3416 (Condor before 7.8.2 allows remote attackers to bypass host-based
 	- condor 7.8.2~dfsg.1-1 (bug #685366)
 CVE-2012-3415
 	REJECTED
-	- plpupload <itp> (bug #668396)
-	- wordpress 3.3.2
 CVE-2012-3414 (Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFUpload ...)
 	- libjs-swfupload 2.2.0.1+ds1-2 (low; bug #681323)
 	- wordpress 3.5.1+dfsg-1 (bug #698934)
diff --git a/data/CVE/2013.list b/data/CVE/2013.list
index c4882af52e..dc57e65f85 100644
--- a/data/CVE/2013.list
+++ b/data/CVE/2013.list
@@ -8241,7 +8241,6 @@ CVE-2013-4337
 	REJECTED
 CVE-2013-4336
 	REJECTED
-	NOT-FOR-US: Drupal module
 CVE-2013-4335
 	RESERVED
 	NOT-FOR-US: opOpenSocialPlugin
diff --git a/data/DLA/list b/data/DLA/list
index 0543246dbd..af4638db5b 100644
--- a/data/DLA/list
+++ b/data/DLA/list
@@ -828,7 +828,6 @@
 	{CVE-2014-9130}
 	[squeeze] - libyaml-libyaml-perl 0.33-1+squeeze4
 [13 Dec 2014] DLA-108-1 nfs-utils - security update
-	{CVE-2012-3541}
 	[squeeze] - nfs-utils 1:1.2.2-4squeeze3
 [12 Dec 2014] DLA-107-1 unbound - security update
 	{CVE-2014-8602}
author	Salvatore Bonaccorso <carnil@debian.org>	2016-01-08 06:40:14 +0000
committer	Salvatore Bonaccorso <carnil@debian.org>	2016-01-08 06:40:14 +0000
commit	778b59a921712905e17d27395d06f147901a7b16 (patch)
tree	91d087d1cfa2b019b2826e2ef05b964a336dc906 /data
parent	b01498e9bf7e6c1518785857775a441e2d3f99fa (diff)