[Secure-testing-commits] r17860 - data/CVE
Moritz Muehlenhoff
jmm at alioth.debian.org
Fri Dec 23 13:54:29 UTC 2011
Author: jmm
Date: 2011-12-23 13:54:28 +0000 (Fri, 23 Dec 2011)
New Revision: 17860
Modified:
data/CVE/list
Log:
two zabbix issues fixed
shadow no-dsa
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2011-12-23 12:56:35 UTC (rev 17859)
+++ data/CVE/list 2011-12-23 13:54:28 UTC (rev 17860)
@@ -881,7 +881,7 @@
NOTE: Nearly a duplicate of CVE-2011-1932.
NOTE: CVE's SPLIT decision is unclear.
CVE-2011-4674 (SQL injection vulnerability in popup.php in Zabbix 1.8.3 and 1.8.4, ...)
- - zabbix <unfixed> (high; bug #651225)
+ - zabbix 1:1.8.9-1 (high; bug #651225)
CVE-2011-4673 (SQL injection vulnerability in modules/sharedaddy.php in the Jetpack ...)
NOT-FOR-US: Jetpack plugin for Wordpress
CVE-2011-4672 (Multiple SQL injection vulnerabilities in Valid tiny-erp 1.6 and ...)
@@ -4999,7 +4999,7 @@
CVE-2010-4825 (Cross-site scripting (XSS) vulnerability in magpie_debug.php in the ...)
NOT-FOR-US: Wordpress plugin
CVE-2011-3265 (popup.php in Zabbix before 1.8.7 allows remote attackers to read the ...)
- - zabbix <unfixed>
+ - zabbix 1:1.8.9-1
CVE-2011-3264 (Zabbix before 1.8.6 allows remote attackers to obtain sensitive ...)
- zabbix 1:1.8.6-1 (unimportant)
NOTE: Installation path is known anyway for the Debian package
@@ -8144,7 +8144,9 @@
[squeeze] - linux-2.6 2.6.32-36
CVE-2005-4890 [login: tty hijacking possible in "su" via TIOCSTI ioctl]
RESERVED
- - shadow <unfixed> (bug #628843)
+ - shadow <unfixed> (low; bug #628843)
+ [squeeze] - shadow <no-dsa> (Minor issue)
+ [lenny] - shadow <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=173008
- sudo <undetermined>
NOTE: ubuntu indicates sudo may also be affected, but that code is completely different, so that seems unlikely
More information about the Secure-testing-commits
mailing list