[Secure-testing-commits] r5945 - in data: CVE DSA

[jmm-guest at alioth.debian.org]

Author: jmm-guest
Date: 2007-05-28 23:25:34 +0000 (Mon, 28 May 2007)
New Revision: 5945

Modified:
   data/CVE/list
   data/DSA/list
Log:
add otrs2 DSA
record fixed version for otrs2 in unstable


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-05-28 21:14:08 UTC (rev 5944)
+++ data/CVE/list	2007-05-28 23:25:34 UTC (rev 5945)
@@ -582,8 +582,8 @@
 CVE-2007-2525 (Memory leak in the PPPoE socket implementation in the Linux kernel ...)
 	- linux-2.6 <unfixed>
 CVE-2007-2524 (Cross-site scripting (XSS) vulnerability in index.pl in OTRS (Open ...)
-	- otrs2 <unfixed> (bug #423524)
-	[etch] - otrs2 2.0.4p01-17
+	- otrs2 2.1.1-1 (bug #423524)
+	NOTE: 2.1 and 2.2 are not affected, so recording earliest 2.1 version as fix
 CVE-2007-2523 (CA Anti-Virus for the Enterprise r8 and Threat Manager r8 before ...)
 	NOT-FOR-US: CA Anti-Virus
 CVE-2007-2522 (Stack-based buffer overflow in the inoweb Console Server in CA ...)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2007-05-28 21:14:08 UTC (rev 5944)
+++ data/DSA/list	2007-05-28 23:25:34 UTC (rev 5945)
@@ -1,3 +1,6 @@
+[28 May 2007] DSA-1298-1 otrs2
+	{CVE-2007-2524}
+	[etch] - otrs2 2.0.4p01-17
 [24 May 2007] DSA-1297-1 gforge-plugin-scmcvs
 	{CVE-2007-0246}
 	[etch] - gforge-plugin-scmcvs 4.5.14-5etch1