Author: thijs
Date: 2009-11-04 21:17:35 +0000 (Wed, 04 Nov 2009)
New Revision: 13196
Modified:
data/CVE/list
Log:
smarty fixed in sid
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-11-04 21:16:30 UTC (rev 13195)
+++ data/CVE/list 2009-11-04 21:17:35 UTC (rev 13196)
@@ -6534,10 +6534,9 @@
NOT-FOR-US: TCPDB
CVE-2009-1669 (The smarty_function_math function in
libs/plugins/function.math.php in ...)
{DSA-1919-1}
- - smarty <unfixed> (low; bug #529810)
+ - smarty 2.6.26-0.1 (low; bug #529810)
[etch] - smarty <not-affected> (Vulnerable code not present)
[lenny] - smarty <no-dsa> (Minor issue)
- NOTE: NMU of Smarty 2.6.26-0.1 fixing this, uploaded to delayed/10
CVE-2009-1668 (TYPSoft FTP Server 1.11 allows remote attackers to cause a
denial of ...)
NOT-FOR-US: TYPSoft
CVE-2009-1667 (Stack-based buffer overflow in Mini-stream CastRipper 2.50.70
allows ...)
@@ -15389,20 +15388,18 @@
NOT-FOR-US: Adobe Reader Explorer extension
CVE-2008-4811 (The _expand_quoted_text function in
libs/Smarty_Compiler.class.php in ...)
{DSA-1691-1}
- - smarty <unfixed> (bug #504328)
+ - smarty 2.6.26-0.1 (bug #504328)
[lenny] - smarty <no-dsa> (Minor issue, fix will change behaviour)
[etch] - smarty <no-dsa> (Minor issue, fix will change behaviour)
- moodle 1.8.2-2 (bug #504345)
[etch] - gallery2 <unfixed>
NOTE: This attack vector is *not* fixed in r2797
- NOTE: NMU of Smarty 2.6.26-0.1 fixing this, uploaded to delayed/10
CVE-2008-4810 (The _expand_quoted_text function in
libs/Smarty_Compiler.class.php in ...)
{DSA-1919-1 DSA-1691-1}
- - smarty <unfixed> (bug #504328)
+ - smarty 2.6.26-0.1 (bug #504328)
- moodle 1.8.2-2 (bug #504345)
[etch] - gallery2 <unfixed>
NOTE: This attack vector is fixed in r2797
- NOTE: NMU of Smarty 2.6.26-0.1 fixing this, uploaded to delayed/10
CVE-2008-4809 (Multiple unspecified vulnerabilities in the Profiles search
pages in ...)
NOT-FOR-US: IBM Lotus Connections
CVE-2008-4808 (IBM Lotus Connections 2.x before 2.0.1 allows attackers to
discover ...)