Author: geissert
Date: 2011-02-13 23:52:47 +0000 (Sun, 13 Feb 2011)
New Revision: 16135
Modified:
data/CVE/list
Log:
new proftpd and xinha (serendipity, dotlrn, openacs) issues
NFUs
Modified: data/CVE/list
==================================================================---
data/CVE/list 2011-02-13 22:46:09 UTC (rev 16134)
+++ data/CVE/list 2011-02-13 23:52:47 UTC (rev 16135)
@@ -1,3 +1,14 @@
+CVE-2010-XXXX [xinha multiple vulns]
+ - serendipity <unfixed>
+ - openacs <unfixed>
+ - dotlrn <unfixed>
+ TODO: check & request ids
+ NOTE: http://secunia.com/advisories/40669/
+CVE-2011-XXXX [proftpd mod_sftp DoS]
+ - proftpd-dfsg <unfixed>
+ NOTE: http://bugs.proftpd.org/show_bug.cgi?id=3586
+ NOTE: http://www.exploit-db.com/exploits/16129/
+ TODO: request CVE id
CVE-2011-XXXX [incorrect handling of {$smarty.template} and
{$smarty.current_dir}]
- smarty3 <unfixed>
- smarty <unfixed>
@@ -1065,6 +1076,7 @@
[lenny] - tomcat6 <not-affected> (Only ships the servlet package)
CVE-2011-0533
RESERVED
+ NOT-FOR-US: Apache Continuum
CVE-2011-0532
RESERVED
CVE-2011-0531 (demux/mkv/mkv.hpp in the MKV demuxer plugin in VideoLAN VLC
media ...)
@@ -2401,7 +2413,7 @@
{DSA-2158-1}
- cgiirc <unfixed> (bug #612671)
CVE-2011-0049 (Directory traversal vulnerability in the _list_file_get function
in ...)
- TODO: check
+ NOT-FOR-US: Majordomo
CVE-2011-0048 (Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4,
and ...)
- bugzilla <unfixed> (bug #611176)
NOTE: http://www.bugzilla.org/security/3.2.9/