Author: geissert
Date: 2011-02-12 05:26:41 +0000 (Sat, 12 Feb 2011)
New Revision: 16110
Modified:
data/CVE/list
Log:
new smarty issue
2 php5 issues are unimportant, 1 doesn''t affect us, and 1 is low
(rather unimportant actually, but will be fixed via a DSA)
Modified: data/CVE/list
==================================================================---
data/CVE/list 2011-02-11 21:18:31 UTC (rev 16109)
+++ data/CVE/list 2011-02-12 05:26:41 UTC (rev 16110)
@@ -1,3 +1,9 @@
+CVE-2011-XXXX [incorrect handling of {$smarty.template} and
{$smarty.current_dir}]
+ - smarty3 <unfixed>
+ - smarty <unfixed>
+ NOTE: http://www.smarty.net/forums/viewtopic.php?t=18815
+ NOTE: http://code.google.com/p/smarty-php/source/detail?r=3989
+ TODO: check
CVE-2011-0985 (Google Chrome before 9.0.597.94 does not properly perform
process ...)
TODO: check
CVE-2011-0984 (Google Chrome before 9.0.597.94 does not properly handle
plug-ins, ...)
@@ -1150,13 +1156,14 @@
CVE-2011-0486 (Cross-site scripting (XSS) vulnerability in cognos.cgi in IBM
Cognos 8 ...)
NOT-FOR-US: IBM Cognos
CVE-2010-4700 (The set_magic_quotes_runtime function in PHP 5.3.2 and 5.3.3,
when the ...)
- - php5 <unfixed>
+ - php5 <not-affected> (vuln code in mysqlnd, we use libmysqlclient)
CVE-2010-4699 (The iconv_mime_decode_headers function in the Iconv extension in
PHP ...)
- - php5 <unfixed>
+ - php5 <unfixed> (unimportant)
CVE-2010-4698 (Stack-based buffer overflow in the GD extension in PHP before
5.2.15 ...)
- - libgd2 <undetermined>
+ - php5 <unfixed> (low)
CVE-2010-4697 (Use-after-free vulnerability in the Zend engine in PHP before
5.2.15 ...)
- - php5 <unfixed>
+ - php5 <unfixed> (unimportant)
+ NOTE: requires attacker to be able to execute code already
CVE-2010-4696 (Multiple SQL injection vulnerabilities in Joomla! 1.5.x before
1.5.22 ...)
NOT-FOR-US: Joomla
CVE-2009-5051 (Hastymail2 before RC 8 does not set the secure flag for the
session ...)