NFUs corrections (including multiple different issues marked as NFUs)

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@13093 e39458fd-73e7-0310-bf30-c45bca0a0e42

5 files changed, 26 insertions, 21 deletions

diff --git a/data/CVE/2002.list b/data/CVE/2002.list
index c118b24e57..aefc44d807 100644
--- a/data/CVE/2002.list
+++ b/data/CVE/2002.list
@@ -1373,7 +1373,7 @@ CVE-2002-1771 (Matt Wright FormMail 1.9 and earlier allows remote attackers to s
 CVE-2002-1770 (Qualcomm Eudora 5.1 allows remote attackers to execute arbitrary code ...)
 	NOT-FOR-US: Eudora
 CVE-2002-1769 (Microsoft Site Server 3.0 prior to SP4 installs a default user, ...)
-	NOT-FOR-US: Mirosoft
+	NOT-FOR-US: Microsoft
 CVE-2002-1768 (Cisco IOS 11.1 through 12.2, when HSRP support is not enabled, allows ...)
 	NOT-FOR-US: Cisco
 CVE-2002-1767 (Buffer overflow in tnslsnr of Oracle 8i Database Server 8.1.5 for ...)
diff --git a/data/CVE/2005.list b/data/CVE/2005.list
index c73d4cba07..2561fa52b6 100644
--- a/data/CVE/2005.list
+++ b/data/CVE/2005.list
@@ -366,7 +366,7 @@ CVE-2005-XXXX [xsupplicant information leak]
 CVE-2005-4731 (The Next action in PEAR HTML_QuickForm_Controller 1.0.4 includes the ...)
 	NOT-FOR-US: PEAR HTML_QuickForm_Controller
 CVE-2005-4730 (Unspecified vulnerability in PEAR Text_Password 1.0 has unknown impact ...)
-	NOT-FOR-US: Not included in php-pear or php4-pear
+	NOT-FOR-US: PEAR Text_Password
 CVE-2005-4729 (SQL injection vulnerabilitiy in show.php in VBZooM Forum allows remote ...)
 	NOT-FOR-US: VBZooM
 CVE-2005-4728 (Untrusted search path vulnerability (RPATH) in amaya 9.2.1 on Debian ...)
@@ -2900,7 +2900,7 @@ CVE-2005-3591 (Macromedia Flash plugin (1) Flash.ocx 7.0.19.0 (Windows) and earl
 	- flashplugin-nonfree 7.0.61-1 (bug #339290; high)
 	[sarge] - flashplugin-nonfree <no-dsa> (Only affects proprietary Flash plugin)
 CVE-2005-3589 (Buffer overflow in FileZilla Server Terminal 0.9.4d may allow remote ...)
-	NOT-FOR-US: FileZilla
+	NOT-FOR-US: FileZilla Server
 CVE-2005-3588 (SQL injection vulnerability in admin.php in Advanced Guestbook 2.2 ...)
 	NOT-FOR-US: Advanced Guestbook
 CVE-2005-3587 (Improper boundary checks in petite.c in Clam AntiVirus (ClamAV) before ...)
diff --git a/data/CVE/2006.list b/data/CVE/2006.list
index 8a9117b920..2970d26f25 100644
--- a/data/CVE/2006.list
+++ b/data/CVE/2006.list
@@ -3176,9 +3176,9 @@ CVE-2006-5810 (Cross-site scripting (XSS) vulnerability in ...)
 CVE-2006-5809 (Multiple unspecified vulnerabilities in Jonathon J. Freeman OvBB ...)
 	NOT-FOR-US: OvBB
 CVE-2006-5808 (The installation of Cisco Secure Desktop (CSD) before 3.1.1.45 uses ...)
-	NOT-FOR-US: Cicso
+	NOT-FOR-US: Cisco
 CVE-2006-5807 (Cisco Secure Desktop (CSD) before 3.1.1.45 allows local users to ...)
-	NOT-FOR-US: Cicso
+	NOT-FOR-US: Cisco
 CVE-2006-5806 (SSL VPN Client in Cisco Secure Desktop before 3.1.1.45, when ...)
 	NOT-FOR-US: Cisco
 CVE-2006-5805 (Microsoft Internet Explorer 7 allows remote attackers to cause a ...)
@@ -4867,7 +4867,8 @@ CVE-2006-5033 (Unspecified vulnerability in StoresAndCalendarsList.cgi in Paul S
 CVE-2006-5032 (PHP remote file inclusion vulnerability in dix.php3 in PHPartenaire ...)
 	NOT-FOR-US: PHPartenaire
 CVE-2006-5031 (Directory traversal vulnerability in app/webroot/js/vendors.php in ...)
-	NOT-FOR-US: CakePHP
+	- cakephp <unfixed>
+	TODO: check
 CVE-2006-5030 (SQL injection vulnerability in modules/messages/index.php in exV2 ...)
 	NOT-FOR-US: exV2
 CVE-2006-5029 (SQL injection vulnerability in thread.php in WoltLab Burning Board ...)
@@ -7037,7 +7038,8 @@ CVE-2006-4069 (Multiple cross-site scripting (XSS) vulnerabilities in Elaine Aqu
 CVE-2006-4068 (The pswd.js script relies on the client to calculate whether a ...)
 	NOT-FOR-US: pswd.js
 CVE-2006-4067 (Cross-site scripting (XSS) vulnerability in cake/libs/error.php in ...)
-	NOT-FOR-US: CakePHP
+	- cakephp <unfixed>
+	TODO: check
 CVE-2006-4066 (The Graphical Device Interface Plus library (gdiplus.dll) in Microsoft ...)
 	NOT-FOR-US: Microsoft
 CVE-2006-4065 (Multiple PHP remote file inclusion vulnerabilities in Dmitry Sheiko ...)
@@ -9425,13 +9427,13 @@ CVE-2006-3011 (The error_log function in basic_functions.c in PHP before 4.4.4 a
 	- php5 5.1.6-1 (unimportant)
 	NOTE: Safe mode violations are not supported
 CVE-2006-3010 (Multiple SQL injection vulnerabilities in Open Business Management ...)
-	NOT-FOR-US: not packaged for Debian
+	NOT-FOR-US: Open Business Management
 CVE-2006-3009 (Multiple cross-site scripting (XSS) vulnerabilities in Open Business ...)
-	NOT-FOR-US: not packaged for Debian
+	NOT-FOR-US: Open Business Management
 CVE-2006-3008
 	REJECTED
 CVE-2006-3007 (Multiple cross-site scripting (XSS) vulnerabilities in SHOUTcast 1.9.5 ...)
-	NOT-FOR-US: not packaged for Debian
+	NOT-FOR-US: SHOUTcast
 CVE-2006-3006 (Cross-site scripting (XSS) vulnerability in iFoto 0.20, and possibly ...)
 	NOT-FOR-US: iFoto
 CVE-2006-3005 (The JPEG library in media-libs/jpeg before 6b-r7 on Gentoo Linux is ...)
@@ -9441,17 +9443,17 @@ CVE-2006-3005 (The JPEG library in media-libs/jpeg before 6b-r7 on Gentoo Linux
 CVE-2006-3004 (Multiple cross-site scripting (XSS) vulnerabilities in Ez Ringtone ...)
 	NOT-FOR-US: Ez Ringtone
 CVE-2006-3003 (details.php in Easy Ad-Manager allows remote attackers to obtain the ...)
-	NOT-FOR-US: not packaged for Debian
+	NOT-FOR-US: Easy Ad-Manager
 CVE-2006-3002 (Cross-site scripting (XSS) vulnerability in details.php in Easy ...)
-	NOT-FOR-US: not packaged for Debian
+	NOT-FOR-US: OkScripts product
 CVE-2006-3001 (Cross-site scripting (XSS) vulnerability in search.php in OkScripts ...)
-	NOT-FOR-US: not packaged for Debian
+	NOT-FOR-US: OkScripts product
 CVE-2006-3000 (Cross-site scripting (XSS) vulnerability in search.php in OkScripts ...)
-	NOT-FOR-US: not packaged for Debian
+	NOT-FOR-US: OkScripts product
 CVE-2006-2999 (Cross-site scripting (XSS) vulnerability in search.php in OkScripts ...)
-	NOT-FOR-US: not packaged for Debian
+	NOT-FOR-US: OkScripts product
 CVE-2006-2998 (PHP remote file inclusion vulnerability in board/post.php in free ...)
-	NOT-FOR-US: not packaged for Debian
+	NOT-FOR-US: QBoard
 CVE-2006-2997 (Cross-site scripting (XSS) vulnerability in ZMS 2.9 and earlier, when ...)
 	- zope-zms <unfixed> (bug #373667; unimportant)
 	[sarge] - zope-zms <no-dsa> (Only exploitable with register_globals)
@@ -16058,7 +16060,8 @@ CVE-2006-0162 (Heap-based buffer overflow in libclamav/upx.c in Clam Antivirus .
 	{DSA-947-1}
 	- clamav 0.88-1
 CVE-2006-0138 (aMSN (aka Alvaro's Messenger) allows remote attackers to cause a ...)
-	NOT-FOR-US: Alvaro's Messenger
+	- amsn <unfixed>
+	TODO: check (possibly affects etch)
 CVE-2006-0137 (SQL injection vulnerability in linkcategory.php in Phanatic Softwares ...)
 	NOT-FOR-US: Phanatic Softwares Chimera Web Portal System
 CVE-2006-0136 (Multiple cross-site scripting (XSS) vulnerabilities in the guestbook ...)
diff --git a/data/CVE/2007.list b/data/CVE/2007.list
index cc31dd40a5..062c9263ca 100644
--- a/data/CVE/2007.list
+++ b/data/CVE/2007.list
@@ -9537,7 +9537,8 @@ CVE-2007-2716 (Multiple cross-site scripting (XSS) vulnerabilities in EQdkp 1.3.
 CVE-2007-2715 (Admin/users.php in Snaps! Gallery 1.4.4 allows remote attackers to ...)
 	NOT-FOR-US: Snaps! Gallery
 CVE-2007-2714 (Unspecified vulnerability in akismet.php in Matt Mullenweg Akismet ...)
-	NOT-FOR-US: Akismet
+	- wordpress <unfixed>
+	TODO: check
 CVE-2007-2713 (ifdate 2.x sends a redirect to the web browser but does not exit when ...)
 	NOT-FOR-US: iFdate
 CVE-2007-2712 (Unspecified vulnerability in MH Software Connect Daily before 3.3.3 ...)
diff --git a/data/CVE/2008.list b/data/CVE/2008.list
index 7e38dcbe75..73964c79c3 100644
--- a/data/CVE/2008.list
+++ b/data/CVE/2008.list
@@ -3276,7 +3276,8 @@ CVE-2008-5678 (Fretwell-Downing Informatics (FDI) OLIB7 WebView 2.5.1.1 allows r
 CVE-2008-5677 (Unrestricted file upload vulnerability in Kwalbum 2.0.4, 2.0.2, and ...)
 	NOT-FOR-US: Kwalbum
 CVE-2008-5676 (Multiple unspecified vulnerabilities in the ModSecurity (aka ...)
-	NOT-FOR-US: ModSecurity
+	- libapache-mod-security <unfixed>
+	TODO: check
 CVE-2008-5675 (Unspecified vulnerability in IBM WebSphere Portal 6.0 before 6.0.1.5 ...)
 	NOT-FOR-US: IBM WebSphere Portal
 CVE-2008-5674 (Multiple array index errors in the HTTP server in Darkwet Network ...)
@@ -12207,7 +12208,7 @@ CVE-2008-1984 (The eTrust Common Services (Transport) Daemon (eCSqdmn) in CA Sec
 CVE-2008-1983 (Cross-site scripting (XSS) vulnerability in Advanced Electron Forum ...)
 	NOT-FOR-US: Advanced Electron Forum (AEF)
 CVE-2008-1982 (SQL injection vulnerability in ss_load.php in the Spreadsheet (wpSS) ...)
-	NOT-FOR-US: Spreadsheet plugin
+	NOT-FOR-US: Wordpress Spreadsheet plugin
 CVE-2008-1981 (Cross-site request forgery (CSRF) vulnerability in E-Publish 5.x ...)
 	NOT-FOR-US: e-publish
 CVE-2008-1980 (Cross-site scripting (XSS) vulnerability in E-Publish 5.x before ...)
@@ -14120,7 +14121,7 @@ CVE-2008-1185 (Unspecified vulnerability in the Virtual Machine for Sun Java Run
 	- sun-java5 1.5.0-15-1
 	[etch] - sun-java5 <no-dsa> (Non-free not supported)
 CVE-2008-1184 (The DNSSEC validation library (libval) library in dnssec-tools before ...)
-	NOT-FOR-US: dnssec-tools
+	- dnssec-tools <not-affected> (first version in Debian was 1.4.1)
 CVE-2008-1183 (Multiple cross-site scripting (XSS) vulnerabilities in Crafty Syntax ...)
 	NOT-FOR-US: Crafty Syntax Live Help
 CVE-2008-1182 (Cross-site scripting (XSS) vulnerability in BSD Perimeter pfSense ...)