[Secure-testing-commits] r14199 - data/CVE

Sat, 06 Mar 2010 13:37:40 -0800 

Author: pedrib-guest
Date: 2010-03-06 21:37:33 +0000 (Sat, 06 Mar 2010)
New Revision: 14199

Modified:
   data/CVE/list
Log:
solved an issue with fwbuilder, and another unaffected with typo3


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2010-03-06 21:15:05 UTC (rev 14198)
+++ data/CVE/list       2010-03-06 21:37:33 UTC (rev 14199)
@@ -242,7 +242,12 @@
 CVE-2010-0825
        RESERVED
 CVE-2009-4664 (Firewall Builder 3.0.4, 3.0.5, and 3.0.6, when running on 
Linux, ...)
-       TODO: check
+       - fwbuilder 3.0.7-1 (bug #547390; medium)
+       - libfwbuilder8 3.0.7-1 (bug #547390; medium)
+       [lenny] - fwbuilder <not-affected> (only versions 3.0.4, 3.0.5 and 
3.0.6 are affected)
+       [lenny] - libfwbuilder8 <not-affected> (only versions 3.0.4, 3.0.5 and 
3.0.6 are affected)
+       NOTE: m68k package in debports in still affected at version 3.0.5
+       NOTE: see 
http://www.fwbuilder.org/docs/firewall_builder_release_notes.html#3.0.7
 CVE-2009-4663 (Heap-based buffer overflow in the Quiksoft EasyMail Objects 6 
ActiveX ...)
        NOT-FOR-US: Quiksoft EasyMail Objects
 CVE-2009-4662 (Cross-site scripting (XSS) vulnerability in the WebAccess 
component in ...)
@@ -317,9 +322,9 @@
 CVE-2010-0799 (Directory traversal vulnerability in 
misc/tell_a_friend/tell.php in ...)
        NOT-FOR-US: phpunity.newsmanager
 CVE-2010-0798 (SQL injection vulnerability in the T3BLOG extension 0.6.2 and 
earlier ...)
-       TODO: check
+       - typo3 <not-affected> (Vulnerable code not present)
 CVE-2010-0797 (Cross-site scripting (XSS) vulnerability in the T3BLOG 
extension 0.6.2 ...)
-       TODO: check
+       - typo3 <not-affected> (Vulnerable code not present)
 CVE-2010-0796 (SQL injection vulnerability in the JE Quiz 
(com_jequizmanagement) ...)
        NOT-FOR-US: Joomla!
 CVE-2010-0795 (SQL injection vulnerability in the JE Event Calendars ...)
@@ -571,8 +576,8 @@
 CVE-2010-0683 (Unspecified vulnerability in TIBRepoServer5.jar in TIBCO 
Administrator ...)
        NOT-FOR-US: TIBCO Administrator
 CVE-2010-0682 (WordPress 2.9 before 2.9.2 allows remote authenticated users to 
read ...)
-       - wordpress <undetermined>
-       TODO: check
+       - wordpress 2.9.2-1 (low)
+       [lenny] - wordpress <not-affected> (Only affects Wordpress >= 2.9)
 CVE-2010-XXXX [http://downloads.digium.com/pub/security/AST-2010-003.pdf]
        - asterisk <unfixed>
        [lenny] - asterisk <not-affected> (Only affects Asterisk 1.6)
@@ -5677,10 +5682,6 @@
        NOT-FOR-US: Sun OpenSolaris xscreensaver
 CVE-2009-3431 (Stack consumption vulnerability in Adobe Reader and Acrobat 
9.1.3, ...)
        NOT-FOR-US: Adobe Acrobat
-CVE-2009-XXXX [fwbuilder insecure temp file usage]
-       - fwbuilder 3.0.7-1 (low; bug #547390)
-       [lenny] - fwbuilder <not-affected> (Introduced in 3.0.4)
-       [etch] - fwbuilder <not-affected> (Introduced in 3.0.4)
 CVE-2009-3892 (Cross-site scripting (XSS) vulnerability in Best Practical 
Solutions ...)
        - request-tracker3.8 3.8.5-1 (bug #546829)
        - request-tracker3.6 3.6.9-1 (bug #546778)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

Reply via email to