Author: luk
Date: 2012-06-17 16:29:15 +0000 (Sun, 17 Jun 2012)
New Revision: 19523
Modified:
data/CVE/list
Log:
mark smarty as removed
Modified: data/CVE/list
==================================================================---
data/CVE/list 2012-06-17 15:55:00 UTC (rev 19522)
+++ data/CVE/list 2012-06-17 16:29:15 UTC (rev 19523)
@@ -20919,7 +20919,7 @@
NOTE: http://www.exploit-db.com/exploits/16129/
CVE-2011-XXXX [incorrect handling of {$smarty.template} and
{$smarty.current_dir}]
- smarty3 <unfixed> (unimportant)
- - smarty <unfixed> (unimportant)
+ - smarty <removed> (unimportant)
NOTE: http://www.smarty.net/forums/viewtopic.php?t=18815
NOTE: http://code.google.com/p/smarty-php/source/detail?r=3989
NOTE: non-issue in practice, if you can place arbitrary template files you
have worse problems
@@ -21508,40 +21508,31 @@
NOT-FOR-US: Recaptcha plugin for WordPress
CVE-2010-4727 (Smarty before 3.0.0 beta 7 does not properly handle the
<?php and ?> ...)
- smarty3 3.0~rc1-1
- - smarty <unfixed>
- TODO: check
+ - smarty <removed>
CVE-2010-4726 (Unspecified vulnerability in the math plugin in Smarty before
3.0.0 ...)
- smarty3 3.0.8-1
- - smarty <unfixed>
- TODO: check
+ - smarty <removed>
CVE-2010-4725 (Smarty before 3.0.0 RC3 does not properly handle an on value of
the ...)
- smarty3 3.0.8-1
- - smarty <unfixed>
- TODO: check
+ - smarty <removed>
CVE-2010-4724 (Multiple unspecified vulnerabilities in the parser
implementation in ...)
- smarty3 3.0.8-1
- - smarty <unfixed>
- TODO: check
+ - smarty <removed>
CVE-2010-4723 (Smarty before 3.0.0, when security is enabled, does not prevent
access ...)
- smarty3 3.0.8-1
- - smarty <unfixed>
- TODO: check
+ - smarty <removed>
CVE-2010-4722 (Unspecified vulnerability in the fetch plugin in Smarty before
3.0.2 ...)
- smarty3 3.0.8-1
- - smarty <unfixed>
- TODO: check
+ - smarty <removed>
CVE-2009-5054 (Smarty before 3.0.0 beta 4 does not consider the umask value
when ...)
- smarty3 3.0~rc1-1
- - smarty <unfixed>
- TODO: check
+ - smarty <removed>
CVE-2009-5053 (Unspecified vulnerability in Smarty before 3.0.0 beta 6 allows
remote ...)
- smarty3 3.0~rc1-1
- - smarty <unfixed>
- TODO: check
+ - smarty <removed>
CVE-2009-5052 (Multiple unspecified vulnerabilities in Smarty before 3.0.0 beta
6 ...)
- smarty3 3.0~rc1-1
- - smarty <unfixed>
- TODO: check
+ - smarty <removed>
CVE-2011-0758 (The eCS component (ECSQdmn.exe) in CA ETrust Secure Content
Manager ...)
NOT-FOR-US: CA ETrust
CVE-2011-0757 (IBM DB2 9.1 before FP10, 9.5 before FP6a, and 9.7 before FP2 on
Linux, ...)
@@ -78571,7 +78562,7 @@
CVE-2007-2327 (PHP remote file inclusion vulnerability in _editor.php in
HTMLeditbox ...)
NOT-FOR-US: HTMLeditbox
CVE-2007-2326 (Multiple PHP remote file inclusion vulnerabilities in HYIP
Manager Pro ...)
- - smarty <unfixed> (unimportant; bug #488523)
+ - smarty <removed> (unimportant; bug #488523)
- moodle 1.8.2-2 (unimportant; bug #488525)
- gallery2 2.2.5-2 (unimportant; bug #488527)
NOTE: this is a non-issue