Author: nion Date: 2010-06-10 15:58:35 +0000 (Thu, 10 Jun 2010) New Revision: 14852 Modified: data/CVE/list Log: - CVE-2009-4855 fixed in typo3-src 4.2.5-1+lenny3 - NFU - freeradius in debian doesn''t seem to be affected by CVE-2010-0524 Modified: data/CVE/list ==================================================================--- data/CVE/list 2010-06-10 14:56:08 UTC (rev 14851) +++ data/CVE/list 2010-06-10 15:58:35 UTC (rev 14852) @@ -877,8 +877,9 @@ CVE-2009-4856 (Cross-site scripting (XSS) vulnerability in subitems.php in PHP Easy ...) NOT-FOR-US: PHP Easy Shopping Cart CVE-2009-4855 (SQL injection vulnerability in index.php in TYPO3 4.0 allows remote ...) - - typo3-src <undetermined> - TODO: check + - typo3-src 4.2.5-1+lenny3 + NOTE: I have on idea when this was fixed, 4.2.5-1+lenny3 is the version currently in lenny + NOTE: which is not affected by this bug CVE-2009-4854 (addons/import.php in TalkBack 2.3.14 allows remote attackers to ...) NOT-FOR-US: TalkBack CVE-2009-4853 (Multiple cross-site scripting (XSS) vulnerabilities in JumpBox before ...) @@ -2011,7 +2012,7 @@ - texlive-bin 2009-6 (low; bug #580668) [lenny] - texlive-bin <no-dsa> (minor issue) CVE-2010-1439 (yum-rhn-plugin in Red Hat Network Client Tools (aka rhn-client-tools) ...) - TODO: check + NOT-FOR-US: Red Hat Network Client Tools CVE-2010-1438 (Web Application Finger Printer (WAFP) 0.01-26c3 uses fixed pathnames ...) - wafp <itp> (bug #562949) CVE-2010-1437 (Race condition in the find_keyring_by_name function in ...) @@ -4610,7 +4611,7 @@ NOT-FOR-US: Apple QuickTime CVE-2010-0535 (Dovecot in Apple Mac OS X 10.6 before 10.6.3, when Kerberos is ...) - dovecot <undetermined> - NOTE: is this CVE-2009-3897? + NOTE: no reference or information found for this bug, contacted apple security TODO: check CVE-2010-0534 (Wiki Server in Apple Mac OS X 10.6 before 10.6.3 does not enforce the ...) NOT-FOR-US: Apple Wiki Server @@ -4633,9 +4634,7 @@ CVE-2010-0525 (Mail in Apple Mac OS X before 10.6.3 does not properly enforce the key ...) NOT-FOR-US: Apple Mail CVE-2010-0524 (The default configuration of the FreeRADIUS server in Apple Mac OS X ...) - - freeradius <undetermined> - NOTE: very likely os X specific (problem in their default settings), but needs checked - TODO: check + - freeradius <not-affected> (Apple specific configuration issue) CVE-2010-0523 (Wiki Server in Apple Mac OS X 10.5.8 does not restrict the file types ...) NOT-FOR-US: Apple Wiki Server CVE-2010-0522 (Server Admin in Apple Mac OS X Server 10.5.8 does not properly ...)