[Secure-testing-commits] r14199 - data/CVE

Pedro Ribeiro pedrib-guest at alioth.debian.org
Sat Mar 6 21:37:33 UTC 2010 

Author: pedrib-guest
Date: 2010-03-06 21:37:33 +0000 (Sat, 06 Mar 2010)
New Revision: 14199

Modified:
   data/CVE/list
Log:
solved an issue with fwbuilder, and another unaffected with typo3


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-03-06 21:15:05 UTC (rev 14198)
+++ data/CVE/list	2010-03-06 21:37:33 UTC (rev 14199)
@@ -242,7 +242,12 @@
 CVE-2010-0825
 	RESERVED
 CVE-2009-4664 (Firewall Builder 3.0.4, 3.0.5, and 3.0.6, when running on Linux, ...)
-	TODO: check
+	- fwbuilder 3.0.7-1 (bug #547390; medium)
+	- libfwbuilder8 3.0.7-1 (bug #547390; medium)
+	[lenny] - fwbuilder <not-affected> (only versions 3.0.4, 3.0.5 and 3.0.6 are affected)
+	[lenny] - libfwbuilder8 <not-affected> (only versions 3.0.4, 3.0.5 and 3.0.6 are affected)
+	NOTE: m68k package in debports in still affected at version 3.0.5
+	NOTE: see http://www.fwbuilder.org/docs/firewall_builder_release_notes.html#3.0.7
 CVE-2009-4663 (Heap-based buffer overflow in the Quiksoft EasyMail Objects 6 ActiveX ...)
 	NOT-FOR-US: Quiksoft EasyMail Objects
 CVE-2009-4662 (Cross-site scripting (XSS) vulnerability in the WebAccess component in ...)
@@ -317,9 +322,9 @@
 CVE-2010-0799 (Directory traversal vulnerability in misc/tell_a_friend/tell.php in ...)
 	NOT-FOR-US: phpunity.newsmanager
 CVE-2010-0798 (SQL injection vulnerability in the T3BLOG extension 0.6.2 and earlier ...)
-	TODO: check
+	- typo3 <not-affected> (Vulnerable code not present)
 CVE-2010-0797 (Cross-site scripting (XSS) vulnerability in the T3BLOG extension 0.6.2 ...)
-	TODO: check
+	- typo3 <not-affected> (Vulnerable code not present)
 CVE-2010-0796 (SQL injection vulnerability in the JE Quiz (com_jequizmanagement) ...)
 	NOT-FOR-US: Joomla!
 CVE-2010-0795 (SQL injection vulnerability in the JE Event Calendars ...)
@@ -571,8 +576,8 @@
 CVE-2010-0683 (Unspecified vulnerability in TIBRepoServer5.jar in TIBCO Administrator ...)
 	NOT-FOR-US: TIBCO Administrator
 CVE-2010-0682 (WordPress 2.9 before 2.9.2 allows remote authenticated users to read ...)
-	- wordpress <undetermined>
-	TODO: check
+	- wordpress 2.9.2-1 (low)
+	[lenny] - wordpress <not-affected> (Only affects Wordpress >= 2.9)
 CVE-2010-XXXX [http://downloads.digium.com/pub/security/AST-2010-003.pdf]
 	- asterisk <unfixed>
 	[lenny] - asterisk <not-affected> (Only affects Asterisk 1.6)
@@ -5677,10 +5682,6 @@
 	NOT-FOR-US: Sun OpenSolaris xscreensaver
 CVE-2009-3431 (Stack consumption vulnerability in Adobe Reader and Acrobat 9.1.3, ...)
 	NOT-FOR-US: Adobe Acrobat
-CVE-2009-XXXX [fwbuilder insecure temp file usage]
-	- fwbuilder 3.0.7-1 (low; bug #547390)
-	[lenny] - fwbuilder <not-affected> (Introduced in 3.0.4)
-	[etch] - fwbuilder <not-affected> (Introduced in 3.0.4)
 CVE-2009-3892 (Cross-site scripting (XSS) vulnerability in Best Practical Solutions ...)
 	- request-tracker3.8 3.8.5-1 (bug #546829)
 	- request-tracker3.6 3.6.9-1 (bug #546778)

More information about the Secure-testing-commits mailing list