Author: jmm Date: 2011-12-23 13:54:28 +0000 (Fri, 23 Dec 2011) New Revision: 17860 Modified: data/CVE/list Log: two zabbix issues fixed shadow no-dsa Modified: data/CVE/list ==================================================================--- data/CVE/list 2011-12-23 12:56:35 UTC (rev 17859) +++ data/CVE/list 2011-12-23 13:54:28 UTC (rev 17860) @@ -881,7 +881,7 @@ NOTE: Nearly a duplicate of CVE-2011-1932. NOTE: CVE''s SPLIT decision is unclear. CVE-2011-4674 (SQL injection vulnerability in popup.php in Zabbix 1.8.3 and 1.8.4, ...) - - zabbix <unfixed> (high; bug #651225) + - zabbix 1:1.8.9-1 (high; bug #651225) CVE-2011-4673 (SQL injection vulnerability in modules/sharedaddy.php in the Jetpack ...) NOT-FOR-US: Jetpack plugin for Wordpress CVE-2011-4672 (Multiple SQL injection vulnerabilities in Valid tiny-erp 1.6 and ...) @@ -4999,7 +4999,7 @@ CVE-2010-4825 (Cross-site scripting (XSS) vulnerability in magpie_debug.php in the ...) NOT-FOR-US: Wordpress plugin CVE-2011-3265 (popup.php in Zabbix before 1.8.7 allows remote attackers to read the ...) - - zabbix <unfixed> + - zabbix 1:1.8.9-1 CVE-2011-3264 (Zabbix before 1.8.6 allows remote attackers to obtain sensitive ...) - zabbix 1:1.8.6-1 (unimportant) NOTE: Installation path is known anyway for the Debian package @@ -8144,7 +8144,9 @@ [squeeze] - linux-2.6 2.6.32-36 CVE-2005-4890 [login: tty hijacking possible in "su" via TIOCSTI ioctl] RESERVED - - shadow <unfixed> (bug #628843) + - shadow <unfixed> (low; bug #628843) + [squeeze] - shadow <no-dsa> (Minor issue) + [lenny] - shadow <no-dsa> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=173008 - sudo <undetermined> NOTE: ubuntu indicates sudo may also be affected, but that code is completely different, so that seems unlikely