NOT-FOR-US

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@4043 e39458fd-73e7-0310-bf30-c45bca0a0e42

4 files changed, 87 insertions, 87 deletions

diff --git a/data/CVE/1999.list b/data/CVE/1999.list
index 57ee4e7646..1291738da9 100644
--- a/data/CVE/1999.list
+++ b/data/CVE/1999.list
@@ -2900,7 +2900,7 @@ CVE-1999-0477 (The Expression Evaluator in the ColdFusion Application Server all
 CVE-1999-0476 (A weak encryption algorithm is used for passwords in SCO TermVision, ...)
 	TODO: check
 CVE-1999-0469 (Internet Explorer 5.0 allows window spoofing, allowing a remote ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-1999-0467 (The Webcom CGI Guestbook programs wguest.exe and rguest.exe allow a ...)
 	TODO: check
 CVE-1999-0465 (Remote attackers can crash Lynx and Internet Explorer using an IMG tag ...)
@@ -2918,41 +2918,41 @@ CVE-1999-0455 (The Expression Evaluator sample application in ColdFusion allows
 CVE-1999-0454 (A remote attacker can sometimes identify the operating system of a ...)
 	TODO: check
 CVE-1999-0453 (An attacker can identify a CISCO device by sending a SYN packet to ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-1999-0452 (A service or application has a backdoor password that was placed there ...)
 	TODO: check
 CVE-1999-0451 (Denial of service in Linux 2.0.36 allows local users to prevent ...)
 	TODO: check
 CVE-1999-0450 (In IIS, an attacker could determine a real path using a request for a ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-1999-0444 (Remote attackers can perform a denial of service in Windows machines ...)
 	TODO: check
 CVE-1999-0443 (Patrol management software allows a remote attacker to conduct a ...)
 	TODO: check
 CVE-1999-0435 (MC/ServiceGuard and MC/LockManager in HP-UX allows local users to gain ...)
-	TODO: check
+	NOT-FOR-US: HP-UX
 CVE-1999-0434 (XFree86 xfs command is vulnerable to a symlink attack, allowing ...)
 	TODO: check
 CVE-1999-0431 (Linux 2.2.3 and earlier allow a remote attacker to perform an IP ...)
 	TODO: check
 CVE-1999-0427 (Eudora 4.1 allows remote attackers to perform a denial of service by ...)
-	TODO: check
+	NOT-FOR-US: Eudora
 CVE-1999-0426 (The default permissions of /dev/kmem in Linux versions before 2.0.36 ...)
 	TODO: check
 CVE-1999-0419 (When the Microsoft SMTP service attempts to send a message to a server ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-1999-0418 (Denial of service in SMTP applications such as Sendmail, when a ...)
 	TODO: check
 CVE-1999-0411 (Several startup scripts in SCO OpenServer Enterprise System v 5.0.4p, ...)
-	TODO: check
+	NOT-FOR-US: SCO
 CVE-1999-0406 (Digital Unix Networker program nsralist has a buffer overflow which ...)
-	TODO: check
+	NOT-FOR-US: DEC UNIX
 CVE-1999-0401 (A race condition in Linux 2.2.1 allows local users to read arbitrary ...)
 	TODO: check
 CVE-1999-0400 (Denial of service in Linux 2.2.0 running the ldd command on a core ...)
 	TODO: check
 CVE-1999-0399 (The DCC server command in the Mirc 5.5 client doesn't filter ...)
-	TODO: check
+	NOT-FOR-US: Mirc
 CVE-1999-0398 (In some instances of SSH 1.2.27 and 2.0.11 on Linux systems, SSH will ...)
 	TODO: check
 CVE-1999-0397 (The demo version of the Quakenbush NT Password Appraiser sends ...)
@@ -2964,31 +2964,31 @@ CVE-1999-0389 (Buffer overflow in the bootp server in the Debian Linux netstd ..
 CVE-1999-0381 (super 3.11.6 and other versions have a buffer overflow in the syslog ...)
 	TODO: check
 CVE-1999-0370 (In Sun Solaris and SunOS, man and catman contain vulnerabilities ...)
-	TODO: check
+	NOT-FOR-US: Sun
 CVE-1999-0364 (Microsoft Access 97 stores a database password as plaintext in a ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-1999-0361 (NetWare version of LaserFiche stores usernames and passwords ...)
-	TODO: check
+	NOT-FOR-US: NetWare
 CVE-1999-0360 (MS Site Server 2.0 with IIS 4 can allow users to upload content, ...)
-	TODO: check
+	NOT-FOR-US: Windows
 CVE-1999-0359 (ptylogin in Unix systems allows users to perform a denial of service ...)
 	TODO: check
 CVE-1999-0356 (ControlIT v4.5 and earlier uses weak encryption to store ...)
 	TODO: check
 CVE-1999-0354 (Internet Explorer 4.x or 5.x with Word 97 allows arbitrary execution ...)
-	TODO: check
+	NOT-FOR-US: Windows
 CVE-1999-0352 (ControlIT 4.5 and earlier (aka Remotely Possible) has weak password ...)
 	TODO: check
 CVE-1999-0347 (Internet Explorer 4.01 allows remote attackers to read local files and ...)
-	TODO: check
+	NOT-FOR-US: Windows
 CVE-1999-0345 (Jolt ICMP attack causes a denial of service in Windows 95 and Windows ...)
-	TODO: check
+	NOT-FOR-US: Windows
 CVE-1999-0336 (Buffer overflow in mstm in HP-UX allows local users to gain root ...)
-	TODO: check
+	NOT-FOR-US: HP
 CVE-1999-0333 (HP OpenView Omniback allows remote execution of commands as root via ...)
-	TODO: check
+	NOT-FOR-US: HP
 CVE-1999-0331 (Buffer overflow in Internet Explorer 4.0(1). ...)
-	TODO: check
+	NOT-FOR-US: Windows
 CVE-1999-0330 (Linux bdash game has a buffer overflow that allows local users to ...)
 	TODO: check
 CVE-1999-0319 (Buffer overflow in xmcd 2.1 allows local users to gain access ...)
@@ -2996,19 +2996,19 @@ CVE-1999-0319 (Buffer overflow in xmcd 2.1 allows local users to gain access ...
 CVE-1999-0317 (Buffer overflow in Linux su command gives root access to local ...)
 	TODO: check
 CVE-1999-0307 (Buffer overflow in HP-UX cstm program allows local users to gain ...)
-	TODO: check
+	NOT-FOR-US: HP
 CVE-1999-0306 (buffer overflow in HP xlock program. ...)
-	TODO: check
+	NOT-FOR-US: HP
 CVE-1999-0298 (ypbind with -ypset and -ypsetme options activated in Linux Slackware ...)
 	TODO: check
 CVE-1999-0287 (Vulnerability in the Wguest CGI program. ...)
 	TODO: check
 CVE-1999-0286 (In some NT web servers, appending a space at the end of a URL may ...)
-	TODO: check
+	NOT-FOR-US: Windows
 CVE-1999-0285 (Denial of service in telnet from the Windows NT Resource Kit, by ...)
-	TODO: check
+	NOT-FOR-US: Windows
 CVE-1999-0284 (Denial of service to NT mail servers including Ipswitch, Mdaemon, and ...)
-	TODO: check
+	NOT-FOR-US: Windows
 CVE-1999-0283 (The Java Web Server would allow remote users to obtain the source ...)
 	TODO: check
 CVE-1999-0282
@@ -3024,15 +3024,15 @@ CVE-1999-0257 (Nestea variation of teardrop IP fragmentation denial of service.
 CVE-1999-0255 (Buffer overflow in ircd allows arbitrary command execution. ...)
 	TODO: check
 CVE-1999-0254 (A hidden SNMP community string in HP OpenView allows remote attackers ...)
-	TODO: check
+	NOT-FOR-US: HP
 CVE-1999-0253 (IIS 3.0 with the iis-fix hotfix installed allows remote intruders to ...)
-	TODO: check
+	NOT-FOR-US: Windows
 CVE-1999-0250 (Denial of service in Qmail through long SMTP commands. ...)
 	TODO: check
 CVE-1999-0249 (Windows NT RSHSVC program allows remote users to execute arbitrary ...)
-	TODO: check
+	NOT-FOR-US: Windows
 CVE-1999-0246 (HP Remote Watch allows a remote user to gain root access. ...)
-	TODO: check
+	NOT-FOR-US: HP
 CVE-1999-0243 (Linux cfingerd could be exploited to gain root access. ...)
 	TODO: check
 CVE-1999-0242 (Remote attackers can access mail files via POP3 in some Linux systems ...)
@@ -3050,21 +3050,21 @@ CVE-1999-0232 (Buffer overflow in NCSA WebServer (version 1.5c) gives remote acc
 CVE-1999-0231 (Buffer overflow in IP-Switch IMail and Seattle Labs Slmail 2.6 ...)
 	TODO: check
 CVE-1999-0229 (Denial of service in Windows NT IIS server using ..\.. ...)
-	TODO: check
+	NOT-FOR-US: Windows
 CVE-1999-0226 (Windows NT TCP/IP processes fragmented IP packets improperly, causing ...)
-	TODO: check
+	NOT-FOR-US: Windows
 CVE-1999-0222 (Denial of service in Cisco IOS web server allows attackers to reboot ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-1999-0220 (Attackers can do a denial of service of IRC by crashing the server. ...)
 	TODO: check
 CVE-1999-0216 (Denial of service of inetd on Linux through SYN and RST packets. ...)
 	TODO: check
 CVE-1999-0213 (libnsl in Solaris allowed an attacker to perform a denial of service ...)
-	TODO: check
+	NOT-FOR-US: Solaris
 CVE-1999-0205 (Denial of service in Sendmail 8.6.11 and 8.6.12. ...)
 	TODO: check
 CVE-1999-0200 (Windows NT FTP server (WFTP) with the guest account enabled without a ...)
-	TODO: check
+	NOT-FOR-US: Windows
 CVE-1999-0198 (finger .@host on some systems may print information on some user accounts. ...)
 	TODO: check
 CVE-1999-0197 (finger 0@host on some systems may print information on some user accounts. ...)
@@ -3072,11 +3072,11 @@ CVE-1999-0197 (finger 0@host on some systems may print information on some user
 CVE-1999-0195 (Denial of service in RPC portmapper allows attackers to register or ...)
 	TODO: check
 CVE-1999-0193 (Denial of service in Ascend and 3com routers, which can be rebooted by ...)
-	TODO: check
+	NOT-FOR-US: Ascend/3com
 CVE-1999-0187
 	REJECTED
 CVE-1999-0186 (In Solaris, an SNMP subagent has a default community string that allows remote ...)
-	TODO: check
+	NOT-FOR-US: Solaris
 CVE-1999-0171 (Denial of service in syslog by sending it a large number of ...)
 	TODO: check
 CVE-1999-0169 (NFS allows attackers to read and write any file on the system by ...)
@@ -3088,19 +3088,19 @@ CVE-1999-0163 (In older versions of Sendmail, an attacker could use a pipe chara
 CVE-1999-0156 (wu-ftpd FTP daemon allows any user and password combination. ...)
 	TODO: check
 CVE-1999-0154 (IIS 2.0 and 3.0 allows remote attackers to read the source code for ...)
-	TODO: check
+	NOT-FOR-US: Windows
 CVE-1999-0144 (Denial of service in Qmail by specifying a large number of recipients ...)
 	TODO: check
 CVE-1999-0140 (Denial of service in RAS/PPTP on NT systems. ...)
-	TODO: check
+	NOT-FOR-US: Windows
 CVE-1999-0127 (swinstall and swmodify commands in SD-UX package in HP-UX systems ...)
-	TODO: check
+	NOT-FOR-US: HP-UX
 CVE-1999-0123 (Race condition in Linux mailx command allows local users to ...)
 	TODO: check
 CVE-1999-0121 (Buffer overflow in dtaction command gives root access. ...)
 	TODO: check
 CVE-1999-0119 (Windows NT 4.0 beta allows users to read and delete shares. ...)
-	TODO: check
+	NOT-FOR-US: Windows
 CVE-1999-0114 (Local users can execute commands as other users, and read other users' ...)
 	TODO: check
 CVE-1999-0110
@@ -3116,13 +3116,13 @@ CVE-1999-0104 (A later variation on the Teardrop IP denial of service attack, ..
 CVE-1999-0098 (Buffer overflow in SMTP HELO command in Sendmail allows a remote ...)
 	TODO: check
 CVE-1999-0092 (Various vulnerabilities in the AIX portmir command allows ...)
-	TODO: check
+	NOT-FOR-US: AIX
 CVE-1999-0089 (Buffer overflow in AIX libDtSvc library can allow local users ...)
-	TODO: check
+	NOT-FOR-US: AIX
 CVE-1999-0088 (IRIX and AIX automountd services (autofsd) allow remote users to ...)
-	TODO: check
+	NOT-FOR-US: AIX
 CVE-1999-0086 (AIX routed allows remote users to modify sensitive files. ...)
-	TODO: check
+	NOT-FOR-US: AIX
 CVE-1999-0078 (pcnfsd (aka rpc.pcnfsd) allows local users to change file permissions, ...)
 	TODO: check
 CVE-1999-0076 (Buffer overflow in wu-ftp from PASV command causes a core dump. ...)
@@ -3132,7 +3132,7 @@ CVE-1999-0061 (File creation and deletion, and remote execution, in the BSD ...)
 CVE-1999-0033 (Command execution in Sun systems via buffer overflow in the at ...)
 	TODO: check
 CVE-1999-0030 (root privileges via buffer overflow in xlock command on SGI IRIX ...)
-	TODO: check
+	NOT-FOR-US: SGI
 CVE-1999-0020
 	REJECTED
 CVE-1999-0015 (Teardrop IP denial of service. ...)
diff --git a/data/CVE/2002.list b/data/CVE/2002.list
index 8468974ae1..3172744f9a 100644
--- a/data/CVE/2002.list
+++ b/data/CVE/2002.list
@@ -3369,75 +3369,75 @@ CVE-2002-0639 (Integer overflow in sshd in OpenSSH 2.9.9 through 3.3 allows remo
 CVE-2002-0638 (setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 ...)
 	TODO: check
 CVE-2002-0631 (Unknown vulnerability in nveventd in NetVisualyzer on SGI IRIX 6.5 ...)
-	TODO: check
+	NOT-FOR-US: SGI
 CVE-2002-0630 (The Telnet service for Polycom ViewStation before 7.2.4 allows remote ...)
-	TODO: check
+	NOT-FOR-US: Polycom
 CVE-2002-0627 (The Web server for Polycom ViewStation before 7.2.4 allows remote ...)
-	TODO: check
+	NOT-FOR-US: Polycom
 CVE-2002-0623 (Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2002-0622 (The Office Web Components (OWC) package installer for Microsoft ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2002-0621 (Buffer overflow in the Office Web Components (OWC) package installer ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2002-0619 (The Mail Merge Tool in Microsoft Word 2002 for Windows, when Microsoft ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2002-0618 (The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2002-0617 (The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2002-0616 (The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2002-0615 (The Windows Media Active Playlist in Microsoft Windows Media Player ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2002-0613 (dnstools.php for DNSTools 2.0 beta 4 and earlier allows remote ...)
-	TODO: check
+	NOT-FOR-US: DNSTools
 CVE-2002-0605 (Buffer overflow in Flash OCX for Macromedia Flash 6 revision 23 ...)
-	TODO: check
+	NOT-FOR-US: Flash
 CVE-2002-0601 (ISS RealSecure Network Sensor 5.x through 6.5 allows remote attackers ...)
-	TODO: check
+	NOT-FOR-US: ISS
 CVE-2002-0599 (Blahz-DNS 0.2 and earlier allows remote attackers to bypass ...)
-	TODO: check
+	NOT-FOR-US: Blahz
 CVE-2002-0598 (Format string vulnerability in Foundstone FScan 1.12 with banner ...)
-	TODO: check
+	NOT-FOR-US: Foundstone
 CVE-2002-0597 (LANMAN service on Microsoft Windows 2000 allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2002-0594 (Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to ...)
 	TODO: check
 CVE-2002-0576 (ColdFusion 5.0 and earlier on Windows systems allows remote attackers ...)
-	TODO: check
+	NOT-FOR-US: ColdFusion
 CVE-2002-0575 (Buffer overflow in OpenSSH before 2.9.9, and 3.x before 3.2.1, with ...)
 	TODO: check
 CVE-2002-0574 (Memory leak in FreeBSD 4.5 and earlier allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: FreeBSD
 CVE-2002-0573 (Format string vulnerability in RPC wall daemon (rpc.rwalld) for ...)
 	TODO: check
 CVE-2002-0571 (Oracle Oracle9i database server 9.0.1.x allows local users to access ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2002-0569 (Oracle 9i Application Server allows remote attackers to bypass access ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2002-0567 (Oracle 8i and 9i with PL/SQL package for External Procedures (EXTPROC) ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2002-0553 (Cross-site scripting vulnerability in SunShop 2.5 and earlier allows ...)
-	TODO: check
+	NOT-FOR-US: SunShop
 CVE-2002-0546 (Cross-site scripting vulnerability in the mini-browser for Winamp 2.78 ...)
-	TODO: check
+	NOT-FOR-US: Winamp
 CVE-2002-0545 (Cisco Aironet before 11.21 with Telnet enabled allows remote attackers ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2002-0543 (Directory traversal vulnerability in Aprelium Abyss Web Server ...)
-	TODO: check
+	NOT-FOR-US: Aprelium
 CVE-2002-0542 (mail in OpenBSD 2.9 and 3.0 processes a tilde (~) escape character in ...)
 	TODO: check
 CVE-2002-0539 (Demarc PureSecure 1.05 allows remote attackers to gain administrative ...)
-	TODO: check
+	NOT-FOR-US: Demarc
 CVE-2002-0538 (FTP proxy in Symantec Raptor Firewall 6.5.3 and Enterprise 7.0 ...)
-	TODO: check
+	NOT-FOR-US: Symantec
 CVE-2002-0536 (PHPGroupware 0.9.12 and earlier, when running with the ...)
 	TODO: check
 CVE-2002-0532 (EMU Webmail allows local users to execute arbitrary programs via a .. ...)
-	TODO: check
+	NOT-FOR-US: EMU
 CVE-2002-0531 (Directory traversal vulnerability in emumail.cgi in EMU Webmail 4.5.x ...)
-	TODO: check
+	NOT-FOR-US: EMU
 CVE-2002-0516 (SquirrelMail 1.2.5 and earlier allows authenticated SquirrelMail users ...)
 	TODO: check
 CVE-2002-0513 (The PHP administration script in popper_mod 1.2.1 and earlier relies ...)
@@ -3449,13 +3449,13 @@ CVE-2002-0511 (The default configuration of Name Service Cache Daemon (nscd) in
 CVE-2002-0506 (Buffer overflow in newt.c of newt windowing library (libnewt) 0.50.33 ...)
 	TODO: check
 CVE-2002-0505 (Memory leak in the Call Telephony Integration (CTI) Framework ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2002-0501 (Format string vulnerability in log_print() function of Posadis DNS ...)
-	TODO: check
+	NOT-FOR-US: Posadis
 CVE-2002-0497 (Buffer overflow in mtr 0.46 and earlier, when installed setuid root, ...)
 	TODO: check
 CVE-2002-0495 (csSearch.cgi in csSearch 2.3 and earlier allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: csSearch
 CVE-2002-0494 (Cross-site scripting vulnerability in WebSight Directory System 0.1 ...)
 	TODO: check
 CVE-2002-0493 (Apache Tomcat may be started without proper security settings if ...)
diff --git a/data/CVE/2005.list b/data/CVE/2005.list
index 8628a1956d..5ae0c787f4 100644
--- a/data/CVE/2005.list
+++ b/data/CVE/2005.list
@@ -23,13 +23,13 @@ CVE-2005-4795 (Unspecified vulnerability in the multi-language environment libra
 CVE-2005-4794 (Cisco IP Phones 7902/7905/7912, ATA 186/188, Unity Express, ACNS, and ...)
 	NOT-FOR-US: Cisco
 CVE-2005-4793 (Multiple unspecified vulnerabilities in the web utility function in ...)
-	TODO: check
+	NOT-FOR-US: Hitachi
 CVE-2005-4792 (SQL injection vulnerability in index.php in Appalachian State ...)
-	TODO: check
+	NOT-FOR-US: phpWebSite
 CVE-2005-4791 (Multiple untrusted search path vulnerabilities in SUSE Linux 10.0 ...)
 	TODO: check
 CVE-2005-4790 (Multiple untrusted search path vulnerabilities in SUSE Linux 9.3 and ...)
-	TODO: check
+	NOT-FOR-US: SUSE-specific
 CVE-2005-4789 (resmgr in SUSE Linux 9.2 and 9.3, and possibly other distributions, ...)
 	TODO: check
 CVE-2005-4788 (resmgr in SUSE Linux 9.2 and 9.3, and possibly other distributions, ...)
@@ -4028,9 +4028,9 @@ CVE-2005-3060 (Buffer overflow in getconf in IBM AIX 5.2 to 5.3 allows local use
 CVE-2005-3059 (Multiple unspecified vulnerabilities in Opera 8.50 on Linux and ...)
 	NOT-FOR-US: Opera
 CVE-2005-3058 (Interpretation conflict in Fortinet FortiGate 2.8, running FortiOS ...)
-	TODO: check
+	NOT-FOR-US: FortiGate
 CVE-2005-3057 (Unspecified vulnerability in the FTP component in FortiGate 2.8, ...)
-	TODO: check
+	NOT-FOR-US: FortiGate
 CVE-2005-3056 [TWiki INCLUDE function allows arbitrary shell command execution ]
 	RESERVED
 	- twiki 20040902-2 (bug #330733; high)
@@ -4330,7 +4330,7 @@ CVE-2005-2936 (Unquoted Windows search path vulnerability in RealNetworks RealPl
 CVE-2005-2935 (Unquoted Windows search path vulnerability in Microsoft AntiSpyware ...)
 	NOT-FOR-US: Microsoft AntiSpyware
 CVE-2005-2934 (Unspecified vulnerability in ptrace in SCO UnixWare 7.1.3 and 7.1.4 ...)
-	TODO: check
+	NOT-FOR-US: SCO
 CVE-2005-2933 (Buffer overflow in the mail_valid_net_parse_work function in mail.c ...)
 	{DSA-861-1}
 	- uw-imap 7:2002edebian1-12 (medium; bug #332215)
@@ -7670,7 +7670,7 @@ CVE-2005-1530 (Sophos Anti-Virus 5.0.1, with "Scan inside archive files&quo
 CVE-2005-1529
 	RESERVED
 CVE-2005-1528 (Untrusted search path vulnerability in the crttrap command in QNX ...)
-	TODO: check
+	NOT-FOR-US: QNX
 CVE-2005-1527 (Eval injection vulnerability in awstats.pl in AWStats 6.4 and earlier, ...)
 	{DSA-892-1}
 	- awstats 6.4-1.1 (bug #322591; bug #334833; bug #336137; medium)
@@ -11123,7 +11123,7 @@ CVE-2005-0038 (The DNS implementation of PowerDNS 2.9.16 and earlier allows remo
 CVE-2005-0037 (The DNS implementation of DNRD before 2.10 allows remote attackers to ...)
 	TODO: check
 CVE-2005-0036 (The DNS implementation in DeleGate 8.10.2 and earlier allows remote ...)
-	TODO: check
+	NOT-FOR-US: DeleGate
 CVE-2005-0035 (The Acrobat web control in Adobe Acrobat and Acrobat Reader 7.0 and ...)
 	NOT-FOR-US: Adobe
 CVE-2005-0034 (An "incorrect assumption" in the authvalidated validator function in ...)
diff --git a/data/CVE/2006.list b/data/CVE/2006.list
index 1154964853..0095b81137 100644
--- a/data/CVE/2006.list
+++ b/data/CVE/2006.list
@@ -5464,7 +5464,7 @@ CVE-2006-0061 [xlock segfaults when using libpam-opensc]
 CVE-2006-0060
 	RESERVED
 CVE-2006-0059 (Heap-based buffer overflow in the ISO Transport Service over TCP (RFC ...)
-	TODO: check
+	NOT-FOR-US: LiveData
 CVE-2006-0058 (Signal handler race condition in Sendmail 8.13.x before 8.13.6 allows ...)
 	{DSA-1015-1}
 	- sendmail 8.13.6-1 (bug #358440; high)
@@ -5535,7 +5535,7 @@ CVE-2006-0019 (Heap-based buffer overflow in the encodeURI and decodeURI functio
 	{DSA-948-1}
 	- kdelibs <unfixed> (medium)
 CVE-2006-0034 (Heap-based buffer overflow in the CRpcIoManagerServer::BuildContext ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2006-0033
 	RESERVED
 CVE-2006-0032