Author: jmm Date: 2012-08-27 06:49:34 +0000 (Mon, 27 Aug 2012) New Revision: 20035 Modified: data/CVE/list Log: gnugk CVEfied smarty3 fixed roundcube issues do not affect stable Modified: data/CVE/list ==================================================================--- data/CVE/list 2012-08-27 06:28:10 UTC (rev 20034) +++ data/CVE/list 2012-08-27 06:49:34 UTC (rev 20035) @@ -1,7 +1,3 @@ -CVE-2012-XXXX [gnugk unspecified security fix] - - gnugk <unfixed> - TODO: check what the alleged issue is all about and report if necessary - NOTE: upstream contacted, CCing oss-sec CVE-2012-4606 RESERVED CVE-2011-5117 (Sophos SafeGuard Enterprise Device Encryption 5.x through 5.50.8.13, ...) @@ -740,7 +736,7 @@ CVE-2012-4278 (Multiple cross-site scripting (XSS) vulnerabilities in Free Realty ...) NOT-FOR-US: Free Realty CVE-2012-4277 (Cross-site scripting (XSS) vulnerability in the ...) - - smarty3 <unfixed> + - smarty3 3.1.10-1 TODO: check smarty 2 and embedded copies CVE-2012-4276 (Unspecified vulnerability in Hitachi IT Operations Director 02-50-01 ...) NOT-FOR-US: Hitachi IT Operations Director @@ -2309,8 +2305,9 @@ RESERVED CVE-2012-3535 RESERVED -CVE-2012-3534 +CVE-2012-3534 [gnugk connection overload DoS] RESERVED + - gnugk <unfixed> (bug #685969) CVE-2012-3533 [ovirt 3.1: does not validate server identity in new python SDK and CLI] RESERVED NOT-FOR-US: ovirt @@ -2397,10 +2394,12 @@ RESERVED CVE-2012-4668 [SA50279: roundcube self XSS/issue 2b] - roundcube <unfixed> (bug #685475) + [squeeze] - roundcube <not-affected> (Vulnerable code not present) NOTE: http://trac.roundcube.net/ticket/1488613 CVE-2012-3508 [SA50279: roundcube stored XSS/issue 2a] RESERVED - roundcube 0.7.2-4 (bug #685475) + [squeeze] - roundcube <not-affected> (Vulnerable code not present) NOTE: http://trac.roundcube.net/ticket/1488613 CVE-2012-3507 [SA50212: roundcube 0.8 XSS] RESERVED