[Secure-testing-commits] r16890 - data/CVE

Nico Golde nion at alioth.debian.org
Mon Jul 4 21:35:13 UTC 2011


Author: nion
Date: 2011-07-04 21:35:13 +0000 (Mon, 04 Jul 2011)
New Revision: 16890

Modified:
   data/CVE/list
Log:
- NFUs
- CVE-2011-2167 fixed in dovecot 1:2.0.13-1, stable not affected
- smarty issue non-issue imho


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2011-07-04 21:14:20 UTC (rev 16889)
+++ data/CVE/list	2011-07-04 21:35:13 UTC (rev 16890)
@@ -1019,9 +1019,9 @@
 CVE-2011-2186
 	RESERVED
 CVE-2011-2181 (Multiple SQL injection vulnerabilities in A Really Simple Chat (ARSC) ...)
-	TODO: check
+	NOT-FOR-US: A Really Simple Chat
 CVE-2011-2180 (Cross-site scripting (XSS) vulnerability in dereferer.php in A Really ...)
-	TODO: check
+	NOT-FOR-US: A Really Simple Chat
 CVE-2011-2177
 	RESERVED
 CVE-2011-2176 [NetworkManager: did not honour PolicyKit auth_admin action ...]
@@ -1030,9 +1030,13 @@
 	TODO: check serverity
 	TODO: maintainer was consulted about the other affected versions.
 CVE-2011-2167 (script-login in Dovecot 2.0.x before 2.0.13 does not follow the chroot ...)
-	TODO: check
+	- dovecot 1:2.0.13-1 (low)
+	[squeeze] - dovecot <not-affected> (Vulnerable script not present)
+	[lenny] - dovecot <not-affected> (Vulnerable script not present)
 CVE-2011-2166 (script-login in Dovecot 2.0.x before 2.0.13 does not follow the user ...)
-	TODO: check
+	- dovecot 1:2.0.13-1 (low)
+	[squeeze] - dovecot <not-affected> (Vulnerable script not present)
+	[lenny] - dovecot <not-affected> (Vulnerable script not present)
 CVE-2010-4805 (The socket implementation in net/core/sock.c in the Linux kernel ...)
 	- linux-2.6 2.6.34-1
 CVE-2009-5077 (CRE Loaded before 6.2.14 allows remote attackers to bypass ...)
@@ -1694,11 +1698,11 @@
 	[lenny] - syslog-ng <not-affected> (Only affects PCRE >= 8.12)
 	NOTE: http://git.balabit.hu/?p=bazsi/syslog-ng-3.2.git;a=commit;h=09710c0b105e579d35c7b5f6c66d1ea5e3a3d3ff
 CVE-2011-1950 (plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users ...)
-	TODO: check
+	NOT-FOR-US: Plone
 CVE-2011-1949 (Cross-site scripting (XSS) vulnerability in the safe_html filter in ...)
-	TODO: check
+	NOT-FOR-US: Plone
 CVE-2011-1948 (Cross-site scripting (XSS) vulnerability in Plone 4.1 and earlier ...)
-	TODO: check
+	NOT-FOR-US: Plone
 CVE-2011-1947 (fetchmail 5.9.9 through 6.3.19 does not properly limit the wait time ...)
 	- fetchmail <unfixed> (unimportant)
 	NOTE: http://gitorious.org/fetchmail/fetchmail/blobs/legacy_63/fetchmail-SA-2011-01.txt
@@ -4648,11 +4652,11 @@
 	NOTE: http://bugs.proftpd.org/show_bug.cgi?id=3586
 	NOTE: http://www.exploit-db.com/exploits/16129/
 CVE-2011-XXXX [incorrect handling of {$smarty.template} and {$smarty.current_dir}]
-	- smarty3 <unfixed>
-	- smarty <unfixed>
+	- smarty3 <unfixed> (unimportant)
+	- smarty <unfixed> (unimportant)
 	NOTE: http://www.smarty.net/forums/viewtopic.php?t=18815
 	NOTE: http://code.google.com/p/smarty-php/source/detail?r=3989
-	TODO: check
+	NOTE: non-issue in practice, if you can place arbitrary template files you have worse problems
 CVE-2011-0987 (The PMA_Bookmark_get function in libraries/bookmark.lib.php in ...)
 	{DSA-2167-1}
 	- phpmyadmin 4:3.3.9.2-1




More information about the Secure-testing-commits mailing list