[Secure-testing-commits] r10273 - data/CVE

white at alioth.debian.org white at alioth.debian.org
Tue Nov 4 12:15:09 UTC 2008 

Author: white
Date: 2008-11-04 12:15:07 +0000 (Tue, 04 Nov 2008)
New Revision: 10273

Modified:
   data/CVE/list
Log:
Remove Rejected TODO; smarty issue CVEified, checking with oss-sec why there are two CVEs

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-11-04 11:55:46 UTC (rev 10272)
+++ data/CVE/list	2008-11-04 12:15:07 UTC (rev 10273)
@@ -7,7 +7,6 @@
 	TODO: check if version in stable is also affected, which is very likely
 CVE-2008-6432
 	REJECTED
-	TODO: check
 CVE-2008-4878 (Unrestricted file upload vulnerability in the "Add Image Macro" ...)
 	NOT-FOR-US: WebCards
 CVE-2008-4877 (SQL injection vulnerability in admin.php in WebCards 1.3, when ...)
@@ -145,9 +144,17 @@
 CVE-2008-4812
 	RESERVED
 CVE-2008-4811 (The _expand_quoted_text function in libs/Smarty_Compiler.class.php in ...)
-	TODO: check
+	- smarty <unfixed> (bug #504328)
+	- moodle <unfixed> (bug #504345)
+	[etch] - gallery2 <unfixed>
+	NOTE: this issue is SA32329
+	NOTE: trying to clarify on oss-sec, why there are two CVEs
 CVE-2008-4810 (The _expand_quoted_text function in libs/Smarty_Compiler.class.php in ...)
-	TODO: check
+	- smarty <unfixed> (bug #504328)
+	- moodle <unfixed> (bug #504345)
+	[etch] - gallery2 <unfixed>
+	NOTE: this issue is SA32329
+	NOTE: trying to clarify on oss-sec, why there are two CVEs
 CVE-2008-4809 (Multiple unspecified vulnerabilities in the Profiles search pages in ...)
 	NOT-FOR-US: IBM Lotus Connections
 CVE-2008-4808 (IBM Lotus Connections 2.x before 2.0.1 allows attackers to discover ...)
@@ -180,11 +187,6 @@
 CVE-2008-XXXX [eog: Python scripts load modules from current directory]
 	- eog <unfixed> (bug #504352; low)
 	[etch] - eog <not-affected> (Vulnerable code not present)
-CVE-2008-XXXX [smarty _expand_quoted_text security bypass]
-	- smarty <unfixed> (bug #504328)
-	- moodle <unfixed> (bug #504345)
-	[etch] - gallery2 <unfixed>
-	NOTE: this issue is SA32329
 CVE-2008-XXXX [htop display corruption]
 	- htop <unfixed> (low; bug #504144)
 	NOTE: CVE id requested

More information about the Secure-testing-commits mailing list