Secure testing commits - May 2010 - r14735 - data/CVE

Author: thijs
Date: 2010-05-24 12:32:11 +0000 (Mon, 24 May 2010)
New Revision: 14735

Modified:
   data/CVE/list
Log:
phpbb3 updates


Modified: data/CVE/list
==================================================================---
data/CVE/list	2010-05-24 10:17:15 UTC (rev 14734)
+++ data/CVE/list	2010-05-24 12:32:11 UTC (rev 14735)
@@ -867,7 +867,7 @@
 CVE-2010-1631
 	RESERVED
 CVE-2010-1630 (Unspecified vulnerability in posting.php in phpBB before 3.0.5
has ...)
-	- phpbb3 <unfixed>
+	- phpbb3 3.0.7-PL1-1
 CVE-2010-1629 (Cross-site scripting (XSS) vulnerability in Phorum before 5.2.15
...)
 	NOT-FOR-US: Phorum
 CVE-2010-1628 (Ghostscript 8.64, 8.70, and possibly other versions allows ...)
@@ -876,7 +876,7 @@
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/ghostscript/+bug/546009
 	NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=691295
 CVE-2010-1627 (feed.php in phpBB 3.0.7 before 3.0.7-PL1 does not properly check
...)
-	- phpbb3 <unfixed>
+	- phpbb3 3.0.7-PL1-1
 CVE-2010-1626
 	RESERVED
 	- mysql-dfsg-5.1 <unfixed>
@@ -2872,7 +2872,9 @@
 	NOTE: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4931.php
 	NOTE: obscure exploit scenario, not reproducible
 CVE-2010-XXXX [phpbb 3.0.7 permissions bypass]
-	- phpbb3 <not-affected> (older version is in the archive)
+	- phpbb3 3.0.7-PL1
+	[lenny] - phpbb3 <not-affected> (older version is in the archive)
+	[squeeze] - phpbb3 <not-affected> (older version is in the archive)
 	NOTE: http://www.phpbb.com/community/viewtopic.php?f=14&t=2014195
 CVE-2010-0928 (OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx
...)
 	- openssl <unfixed> (unimportant)
@@ -3744,7 +3746,7 @@
 	- pyfribidi 0.10.0-2 (bug #570068)
 	[lenny] - pyfribidi <not-affected> (fribidi 0.19.1 or higher needs to be
installed to trigger this)
 CVE-2010-XXXX [phpbb3 weak captcha]
-	- phpbb3 <unfixed> (unimportant; bug #570011)
+	- phpbb3 3.0.7-PL1-1 (unimportant; bug #570011)
 CVE-2010-0634 (Unspecified vulnerability in Fast Lexical Analyzer Generator
(flex) ...)
 	- flex 2.5.35-1
 CVE-2010-0629 (Use-after-free vulnerability in kadmin/server/server_stubs.c in
...)
@@ -4503,10 +4505,9 @@
 	- sudosh3 <unfixed> (high; bug #566142)
 	NOTE: package is likely to be removed
 CVE-2010-XXXX [phpbb: many issues]
-	- phpbb3 <undetermined>
+	- phpbb3 3.0.7-PL1-1
 	- phpbb2 <removed>
 	NOTE: http://www.openwall.com/lists/oss-security/2010/01/16/2
-	TODO: check
 CVE-2010-0379 (Multiple unspecified vuilnerabilities in the Macromedia Flash
ActiveX ...)
 	NOT-FOR-US: Macromedia Flash ActiveX
 CVE-2010-0378 (Use-after-free vulnerability in Adobe Flash Player 6.0.79, as
...)