Author: pedrib-guest Date: 2010-03-06 21:37:33 +0000 (Sat, 06 Mar 2010) New Revision: 14199 Modified: data/CVE/list Log: solved an issue with fwbuilder, and another unaffected with typo3 Modified: data/CVE/list ==================================================================--- data/CVE/list 2010-03-06 21:15:05 UTC (rev 14198) +++ data/CVE/list 2010-03-06 21:37:33 UTC (rev 14199) @@ -242,7 +242,12 @@ CVE-2010-0825 RESERVED CVE-2009-4664 (Firewall Builder 3.0.4, 3.0.5, and 3.0.6, when running on Linux, ...) - TODO: check + - fwbuilder 3.0.7-1 (bug #547390; medium) + - libfwbuilder8 3.0.7-1 (bug #547390; medium) + [lenny] - fwbuilder <not-affected> (only versions 3.0.4, 3.0.5 and 3.0.6 are affected) + [lenny] - libfwbuilder8 <not-affected> (only versions 3.0.4, 3.0.5 and 3.0.6 are affected) + NOTE: m68k package in debports in still affected at version 3.0.5 + NOTE: see http://www.fwbuilder.org/docs/firewall_builder_release_notes.html#3.0.7 CVE-2009-4663 (Heap-based buffer overflow in the Quiksoft EasyMail Objects 6 ActiveX ...) NOT-FOR-US: Quiksoft EasyMail Objects CVE-2009-4662 (Cross-site scripting (XSS) vulnerability in the WebAccess component in ...) @@ -317,9 +322,9 @@ CVE-2010-0799 (Directory traversal vulnerability in misc/tell_a_friend/tell.php in ...) NOT-FOR-US: phpunity.newsmanager CVE-2010-0798 (SQL injection vulnerability in the T3BLOG extension 0.6.2 and earlier ...) - TODO: check + - typo3 <not-affected> (Vulnerable code not present) CVE-2010-0797 (Cross-site scripting (XSS) vulnerability in the T3BLOG extension 0.6.2 ...) - TODO: check + - typo3 <not-affected> (Vulnerable code not present) CVE-2010-0796 (SQL injection vulnerability in the JE Quiz (com_jequizmanagement) ...) NOT-FOR-US: Joomla! CVE-2010-0795 (SQL injection vulnerability in the JE Event Calendars ...) @@ -571,8 +576,8 @@ CVE-2010-0683 (Unspecified vulnerability in TIBRepoServer5.jar in TIBCO Administrator ...) NOT-FOR-US: TIBCO Administrator CVE-2010-0682 (WordPress 2.9 before 2.9.2 allows remote authenticated users to read ...) - - wordpress <undetermined> - TODO: check + - wordpress 2.9.2-1 (low) + [lenny] - wordpress <not-affected> (Only affects Wordpress >= 2.9) CVE-2010-XXXX [http://downloads.digium.com/pub/security/AST-2010-003.pdf] - asterisk <unfixed> [lenny] - asterisk <not-affected> (Only affects Asterisk 1.6) @@ -5677,10 +5682,6 @@ NOT-FOR-US: Sun OpenSolaris xscreensaver CVE-2009-3431 (Stack consumption vulnerability in Adobe Reader and Acrobat 9.1.3, ...) NOT-FOR-US: Adobe Acrobat -CVE-2009-XXXX [fwbuilder insecure temp file usage] - - fwbuilder 3.0.7-1 (low; bug #547390) - [lenny] - fwbuilder <not-affected> (Introduced in 3.0.4) - [etch] - fwbuilder <not-affected> (Introduced in 3.0.4) CVE-2009-3892 (Cross-site scripting (XSS) vulnerability in Best Practical Solutions ...) - request-tracker3.8 3.8.5-1 (bug #546829) - request-tracker3.6 3.6.9-1 (bug #546778)