Author: nion
Date: 2011-07-04 21:35:13 +0000 (Mon, 04 Jul 2011)
New Revision: 16890
Modified:
data/CVE/list
Log:
- NFUs
- CVE-2011-2167 fixed in dovecot 1:2.0.13-1, stable not affected
- smarty issue non-issue imho
Modified: data/CVE/list
==================================================================---
data/CVE/list 2011-07-04 21:14:20 UTC (rev 16889)
+++ data/CVE/list 2011-07-04 21:35:13 UTC (rev 16890)
@@ -1019,9 +1019,9 @@
CVE-2011-2186
RESERVED
CVE-2011-2181 (Multiple SQL injection vulnerabilities in A Really Simple Chat
(ARSC) ...)
- TODO: check
+ NOT-FOR-US: A Really Simple Chat
CVE-2011-2180 (Cross-site scripting (XSS) vulnerability in dereferer.php in A
Really ...)
- TODO: check
+ NOT-FOR-US: A Really Simple Chat
CVE-2011-2177
RESERVED
CVE-2011-2176 [NetworkManager: did not honour PolicyKit auth_admin action ...]
@@ -1030,9 +1030,13 @@
TODO: check serverity
TODO: maintainer was consulted about the other affected versions.
CVE-2011-2167 (script-login in Dovecot 2.0.x before 2.0.13 does not follow the
chroot ...)
- TODO: check
+ - dovecot 1:2.0.13-1 (low)
+ [squeeze] - dovecot <not-affected> (Vulnerable script not present)
+ [lenny] - dovecot <not-affected> (Vulnerable script not present)
CVE-2011-2166 (script-login in Dovecot 2.0.x before 2.0.13 does not follow the
user ...)
- TODO: check
+ - dovecot 1:2.0.13-1 (low)
+ [squeeze] - dovecot <not-affected> (Vulnerable script not present)
+ [lenny] - dovecot <not-affected> (Vulnerable script not present)
CVE-2010-4805 (The socket implementation in net/core/sock.c in the Linux kernel
...)
- linux-2.6 2.6.34-1
CVE-2009-5077 (CRE Loaded before 6.2.14 allows remote attackers to bypass ...)
@@ -1694,11 +1698,11 @@
[lenny] - syslog-ng <not-affected> (Only affects PCRE >= 8.12)
NOTE:
http://git.balabit.hu/?p=bazsi/syslog-ng-3.2.git;a=commit;h=09710c0b105e579d35c7b5f6c66d1ea5e3a3d3ff
CVE-2011-1950 (plone.app.users in Plone 4.0 and 4.1 allows remote authenticated
users ...)
- TODO: check
+ NOT-FOR-US: Plone
CVE-2011-1949 (Cross-site scripting (XSS) vulnerability in the safe_html filter
in ...)
- TODO: check
+ NOT-FOR-US: Plone
CVE-2011-1948 (Cross-site scripting (XSS) vulnerability in Plone 4.1 and
earlier ...)
- TODO: check
+ NOT-FOR-US: Plone
CVE-2011-1947 (fetchmail 5.9.9 through 6.3.19 does not properly limit the wait
time ...)
- fetchmail <unfixed> (unimportant)
NOTE:
http://gitorious.org/fetchmail/fetchmail/blobs/legacy_63/fetchmail-SA-2011-01.txt
@@ -4648,11 +4652,11 @@
NOTE: http://bugs.proftpd.org/show_bug.cgi?id=3586
NOTE: http://www.exploit-db.com/exploits/16129/
CVE-2011-XXXX [incorrect handling of {$smarty.template} and
{$smarty.current_dir}]
- - smarty3 <unfixed>
- - smarty <unfixed>
+ - smarty3 <unfixed> (unimportant)
+ - smarty <unfixed> (unimportant)
NOTE: http://www.smarty.net/forums/viewtopic.php?t=18815
NOTE: http://code.google.com/p/smarty-php/source/detail?r=3989
- TODO: check
+ NOTE: non-issue in practice, if you can place arbitrary template files you
have worse problems
CVE-2011-0987 (The PMA_Bookmark_get function in libraries/bookmark.lib.php in
...)
{DSA-2167-1}
- phpmyadmin 4:3.3.9.2-1