[Secure-testing-commits] r20035 - data/CVE

[Moritz Muehlenhoff]

Author: jmm
Date: 2012-08-27 06:49:34 +0000 (Mon, 27 Aug 2012)
New Revision: 20035

Modified:
   data/CVE/list
Log:
gnugk CVEfied
smarty3 fixed
roundcube issues do not affect stable


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-08-27 06:28:10 UTC (rev 20034)
+++ data/CVE/list	2012-08-27 06:49:34 UTC (rev 20035)
@@ -1,7 +1,3 @@
-CVE-2012-XXXX [gnugk unspecified security fix]
-	- gnugk <unfixed>
-	TODO: check what the alleged issue is all about and report if necessary
-	NOTE: upstream contacted, CCing oss-sec
 CVE-2012-4606
 	RESERVED
 CVE-2011-5117 (Sophos SafeGuard Enterprise Device Encryption 5.x through 5.50.8.13, ...)
@@ -740,7 +736,7 @@
 CVE-2012-4278 (Multiple cross-site scripting (XSS) vulnerabilities in Free Realty ...)
 	NOT-FOR-US: Free Realty
 CVE-2012-4277 (Cross-site scripting (XSS) vulnerability in the ...)
-	- smarty3 <unfixed>
+	- smarty3 3.1.10-1
 	TODO: check smarty 2 and embedded copies
 CVE-2012-4276 (Unspecified vulnerability in Hitachi IT Operations Director 02-50-01 ...)
 	NOT-FOR-US: Hitachi IT Operations Director
@@ -2309,8 +2305,9 @@
 	RESERVED
 CVE-2012-3535
 	RESERVED
-CVE-2012-3534
+CVE-2012-3534 [gnugk connection overload DoS]
 	RESERVED
+	- gnugk <unfixed> (bug #685969)
 CVE-2012-3533 [ovirt 3.1: does not validate server identity in new python SDK and CLI]
 	RESERVED
 	NOT-FOR-US: ovirt
@@ -2397,10 +2394,12 @@
 	RESERVED
 CVE-2012-4668 [SA50279: roundcube self XSS/issue 2b]
 	- roundcube <unfixed> (bug #685475)
+	[squeeze] - roundcube <not-affected> (Vulnerable code not present)
 	NOTE: http://trac.roundcube.net/ticket/1488613
 CVE-2012-3508 [SA50279: roundcube stored XSS/issue 2a]
 	RESERVED
 	- roundcube 0.7.2-4 (bug #685475)
+	[squeeze] - roundcube <not-affected> (Vulnerable code not present)
 	NOTE: http://trac.roundcube.net/ticket/1488613
 CVE-2012-3507 [SA50212: roundcube 0.8 XSS]
 	RESERVED