white at alioth.debian.org
2008-Nov-04 12:15 UTC
[Secure-testing-commits] r10273 - data/CVE
Author: white Date: 2008-11-04 12:15:07 +0000 (Tue, 04 Nov 2008) New Revision: 10273 Modified: data/CVE/list Log: Remove Rejected TODO; smarty issue CVEified, checking with oss-sec why there are two CVEs Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-11-04 11:55:46 UTC (rev 10272) +++ data/CVE/list 2008-11-04 12:15:07 UTC (rev 10273) @@ -7,7 +7,6 @@ TODO: check if version in stable is also affected, which is very likely CVE-2008-6432 REJECTED - TODO: check CVE-2008-4878 (Unrestricted file upload vulnerability in the "Add Image Macro" ...) NOT-FOR-US: WebCards CVE-2008-4877 (SQL injection vulnerability in admin.php in WebCards 1.3, when ...) @@ -145,9 +144,17 @@ CVE-2008-4812 RESERVED CVE-2008-4811 (The _expand_quoted_text function in libs/Smarty_Compiler.class.php in ...) - TODO: check + - smarty <unfixed> (bug #504328) + - moodle <unfixed> (bug #504345) + [etch] - gallery2 <unfixed> + NOTE: this issue is SA32329 + NOTE: trying to clarify on oss-sec, why there are two CVEs CVE-2008-4810 (The _expand_quoted_text function in libs/Smarty_Compiler.class.php in ...) - TODO: check + - smarty <unfixed> (bug #504328) + - moodle <unfixed> (bug #504345) + [etch] - gallery2 <unfixed> + NOTE: this issue is SA32329 + NOTE: trying to clarify on oss-sec, why there are two CVEs CVE-2008-4809 (Multiple unspecified vulnerabilities in the Profiles search pages in ...) NOT-FOR-US: IBM Lotus Connections CVE-2008-4808 (IBM Lotus Connections 2.x before 2.0.1 allows attackers to discover ...) @@ -180,11 +187,6 @@ CVE-2008-XXXX [eog: Python scripts load modules from current directory] - eog <unfixed> (bug #504352; low) [etch] - eog <not-affected> (Vulnerable code not present) -CVE-2008-XXXX [smarty _expand_quoted_text security bypass] - - smarty <unfixed> (bug #504328) - - moodle <unfixed> (bug #504345) - [etch] - gallery2 <unfixed> - NOTE: this issue is SA32329 CVE-2008-XXXX [htop display corruption] - htop <unfixed> (low; bug #504144) NOTE: CVE id requested