Author: thijs
Date: 2009-10-24 12:48:00 +0000 (Sat, 24 Oct 2009)
New Revision: 13085
Modified:
data/CVE/list
Log:
smarty, typo3, phpmyadmin
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-10-24 09:14:28 UTC (rev 13084)
+++ data/CVE/list 2009-10-24 12:48:00 UTC (rev 13085)
@@ -52,9 +52,6 @@
RESERVED
CVE-2009-3734
RESERVED
-CVE-2009-XXXX [multiple typo3 issues]
- - typo3-src <unfixed> (medium; bug #552020)
- NOTE: CVE id requested
CVE-2009-XXXX [mandos 0600 file being included in initrd]
- mandos <unfixed> (bug #551907)
TODO: determine real impact
@@ -137,6 +134,7 @@
NOT-FOR-US: Dalvik API in Android
CVE-2009-3697 (SQL injection vulnerability in the PDF schema generator
functionality ...)
- phpmyadmin 4:3.2.2.1-1
+ [etch] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2009-3696 (Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.11.x
before ...)
- phpmyadmin 4:3.2.2.1-1
CVE-2009-3610
@@ -261,24 +259,24 @@
CVE-2009-3637 [alien-arena server issue]
RESERVED
- alien-arena <unfixed> (bug #552038)
-CVE-2009-3636
- RESERVED
-CVE-2009-3635
- RESERVED
-CVE-2009-3634
- RESERVED
-CVE-2009-3633
- RESERVED
-CVE-2009-3632
- RESERVED
-CVE-2009-3631
- RESERVED
-CVE-2009-3630
- RESERVED
-CVE-2009-3629
- RESERVED
-CVE-2009-3628
- RESERVED
+CVE-2009-3636 [typo3-sa-2009-016]
+ - typo3-src 4.2.10-1 (medium; bug #552020)
+CVE-2009-3635 [typo3-sa-2009-016]
+ - typo3-src 4.2.10-1 (medium; bug #552020)
+CVE-2009-3634 [typo3-sa-2009-016]
+ - typo3-src 4.2.10-1 (medium; bug #552020)
+CVE-2009-3633 [typo3-sa-2009-016]
+ - typo3-src 4.2.10-1 (medium; bug #552020)
+CVE-2009-3632 [typo3-sa-2009-016]
+ - typo3-src 4.2.10-1 (medium; bug #552020)
+CVE-2009-3631 [typo3-sa-2009-016]
+ - typo3-src 4.2.10-1 (medium; bug #552020)
+CVE-2009-3630 [typo3-sa-2009-016]
+ - typo3-src 4.2.10-1 (medium; bug #552020)
+CVE-2009-3629 [typo3-sa-2009-016]
+ - typo3-src 4.2.10-1 (medium; bug #552020)
+CVE-2009-3628 [typo3-sa-2009-016]
+ - typo3-src 4.2.10-1 (medium; bug #552020)
CVE-2009-3627
RESERVED
CVE-2009-3626
@@ -6213,6 +6211,7 @@
- smarty <unfixed> (low; bug #529810)
[etch] - smarty <not-affected> (Vulnerable code not present)
[lenny] - smarty <no-dsa> (Minor issue)
+ NOTE: NMU of Smarty 2.6.26-0.1 fixing this, uploaded to delayed/10
CVE-2009-1668 (TYPSoft FTP Server 1.11 allows remote attackers to cause a
denial of ...)
NOT-FOR-US: TYPSoft
CVE-2009-1667 (Stack-based buffer overflow in Mini-stream CastRipper 2.50.70
allows ...)
@@ -15067,12 +15066,14 @@
- moodle 1.8.2-2 (bug #504345)
[etch] - gallery2 <unfixed>
NOTE: This attack vector is *not* fixed in r2797
+ NOTE: NMU of Smarty 2.6.26-0.1 fixing this, uploaded to delayed/10
CVE-2008-4810 (The _expand_quoted_text function in
libs/Smarty_Compiler.class.php in ...)
{DSA-1691-1}
- smarty <unfixed> (bug #504328)
- moodle 1.8.2-2 (bug #504345)
[etch] - gallery2 <unfixed>
NOTE: This attack vector is fixed in r2797
+ NOTE: NMU of Smarty 2.6.26-0.1 fixing this, uploaded to delayed/10
CVE-2008-4809 (Multiple unspecified vulnerabilities in the Profiles search
pages in ...)
NOT-FOR-US: IBM Lotus Connections
CVE-2008-4808 (IBM Lotus Connections 2.x before 2.0.1 allows attackers to
discover ...)