[Secure-testing-commits] r13196 - data/CVE

Thijs Kinkhorst thijs at alioth.debian.org
Wed Nov 4 21:17:35 UTC 2009 

Author: thijs
Date: 2009-11-04 21:17:35 +0000 (Wed, 04 Nov 2009)
New Revision: 13196

Modified:
   data/CVE/list
Log:
smarty fixed in sid


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-11-04 21:16:30 UTC (rev 13195)
+++ data/CVE/list	2009-11-04 21:17:35 UTC (rev 13196)
@@ -6534,10 +6534,9 @@
 	NOT-FOR-US: TCPDB
 CVE-2009-1669 (The smarty_function_math function in libs/plugins/function.math.php in ...)
 	{DSA-1919-1}
-	- smarty <unfixed> (low; bug #529810)
+	- smarty 2.6.26-0.1 (low; bug #529810)
 	[etch] - smarty <not-affected> (Vulnerable code not present)
 	[lenny] - smarty <no-dsa> (Minor issue)
-	NOTE: NMU of Smarty 2.6.26-0.1 fixing this, uploaded to delayed/10
 CVE-2009-1668 (TYPSoft FTP Server 1.11 allows remote attackers to cause a denial of ...)
 	NOT-FOR-US: TYPSoft
 CVE-2009-1667 (Stack-based buffer overflow in Mini-stream CastRipper 2.50.70 allows ...)
@@ -15389,20 +15388,18 @@
 	NOT-FOR-US: Adobe Reader Explorer extension
 CVE-2008-4811 (The _expand_quoted_text function in libs/Smarty_Compiler.class.php in ...)
 	{DSA-1691-1}
-	- smarty <unfixed> (bug #504328)
+	- smarty 2.6.26-0.1 (bug #504328)
 	[lenny] - smarty <no-dsa> (Minor issue, fix will change behaviour)
 	[etch] - smarty <no-dsa> (Minor issue, fix will change behaviour)
 	- moodle 1.8.2-2 (bug #504345)
 	[etch] - gallery2 <unfixed>
 	NOTE: This attack vector is *not* fixed in r2797
-	NOTE: NMU of Smarty 2.6.26-0.1 fixing this, uploaded to delayed/10
 CVE-2008-4810 (The _expand_quoted_text function in libs/Smarty_Compiler.class.php in ...)
 	{DSA-1919-1 DSA-1691-1}
-	- smarty <unfixed> (bug #504328)
+	- smarty 2.6.26-0.1 (bug #504328)
 	- moodle 1.8.2-2 (bug #504345)
 	[etch] - gallery2 <unfixed>
 	NOTE: This attack vector is fixed in r2797
-	NOTE: NMU of Smarty 2.6.26-0.1 fixing this, uploaded to delayed/10
 CVE-2008-4809 (Multiple unspecified vulnerabilities in the Profiles search pages in ...)
 	NOT-FOR-US: IBM Lotus Connections
 CVE-2008-4808 (IBM Lotus Connections 2.x before 2.0.1 allows attackers to discover ...)

More information about the Secure-testing-commits mailing list