[Secure-testing-commits] r12595 - in data: CVE DSA

Fri Aug 14 20:16:54 UTC 2009

Author: derevko-guest
Date: 2009-08-14 20:16:54 +0000 (Fri, 14 Aug 2009)
New Revision: 12595

Modified:
   data/CVE/list
   data/DSA/list
Log:
- CVE-2007-4483 already covered by DSA-1285-1
- CVE-2009-2336 and CVE-2009-2335 marked as unimportant
- wordpress in etch is not affected by CVE-2008-5278, CVE-2008-2392, CVE-2007-3544, CVE-2007-3543
- CVE-2009-2730 fixed in gnutls26 2.8.3-1


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2009-08-14 19:31:52 UTC (rev 12594)
+++ data/CVE/list	2009-08-14 20:16:54 UTC (rev 12595)
@@ -154,7 +154,7 @@
 CVE-2009-2731
 	RESERVED
 CVE-2009-2730 (libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0' ...)
-	- gnutls26 <unfixed> (low; bug #541439)
+	- gnutls26 2.8.3-1 (low; bug #541439)
 	- gnutls13 <removed>
 CVE-2009-2729
 	RESERVED
@@ -1396,9 +1396,11 @@
 CVE-2008-6848 (Cross-site scripting (XSS) vulnerability in index.php in phpGreetCards ...)
 	NOT-FOR-US: phpGreetCards
 CVE-2009-2336 (The forgotten mail interface in WordPress and WordPress MU before ...)
-	- wordpress 2.8.3-1 (low; bug #536724)
+	- wordpress 2.8.3-1 (unimportant; bug #536724)
+	NOTE: Minor information leak
 CVE-2009-2335 (WordPress and WordPress MU before 2.8.1 exhibit different behavior for ...)
-	- wordpress 2.8.3-1 (low; bug #536724)
+	- wordpress 2.8.3-1 (unimportant; bug #536724)
+	NOTE: Minor information leak
 CVE-2009-2334 (wp-admin/admin.php in WordPress and WordPress MU before 2.8.1 does not ...)
 	- wordpress 2.8.3-1 (low; bug #536724)
 CVE-2009-2333 (Multiple directory traversal vulnerabilities in CMS Chainuk 1.2 and ...)
@@ -10964,6 +10966,8 @@
 	NOTE: CVE id requested denied
 CVE-2008-5278 (Cross-site scripting (XSS) vulnerability in the self_link function in ...)
 	- wordpress 2.5.1-11 (low; bug #507193)
+	[etch] - wordpress <not-affected> (Vulnerable code not present)
+	NOTE: introduced in 2.5
 CVE-2008-5286 (Integer overflow in the _cupsImageReadPNG function in CUPS 1.1.17 ...)
 	{DSA-1677-1}
 	- cups 1.3.8-1lenny4 (bug #507183; medium)
@@ -17867,6 +17871,8 @@
 	NOT-FOR-US: EntertainmentScript
 CVE-2008-2392 (Unrestricted file upload vulnerability in WordPress 2.5.1 and earlier ...)
 	- wordpress 2.5.1-4 (low; bug #485807)
+	[etch] - wordpress <not-affected> (Vulnerable code not present)
+	NOTE: Unrestricted file upload vulnerability was introduced in 2.3.0
 CVE-2008-2391 (SubSonic allows remote attackers to bypass pagesize limits and cause a ...)
 	NOT-FOR-US: SubSonic
 CVE-2008-2390 (Hpufunction.dll 4.0.0.1 in HP Software Update exposes the unsafe (1) ...)
@@ -32089,8 +32095,10 @@
 	NOT-FOR-US: Warzone
 CVE-2007-3544 (Unrestricted file upload vulnerability in (1) wp-app.php and (2) ...)
 	- wordpress 2.2.2-1
+	[etch] - wordpress <not-affected> (Vulnerable code not present)
 CVE-2007-3543 (Unrestricted file upload vulnerability in WordPress before 2.2.1 and ...)
 	- wordpress 2.2.1-1
+	[etch] - wordpress <not-affected> (Vulnerable code not present)
 CVE-2007-3542 (Cross-site scripting (XSS) vulnerability in admin/auth.php in Pluxml ...)
 	NOT-FOR-US: Pluxml
 CVE-2007-3541 (Cross-site scripting (XSS) vulnerability in Kurinton sHTTPd 20070408 ...)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2009-08-14 19:31:52 UTC (rev 12594)
+++ data/DSA/list	2009-08-14 20:16:54 UTC (rev 12595)
@@ -2055,7 +2055,7 @@
 	{CVE-2007-0005 CVE-2007-0958 CVE-2007-1357 CVE-2007-1592}
 	[etch] - linux-2.6 2.6.18.dfsg.1-12etch1
 [01 May 2007] DSA-1285-1 wordpress
-	{CVE-2007-1622 CVE-2007-1893 CVE-2007-1894 CVE-2007-1897}
+	{CVE-2007-1622 CVE-2007-1893 CVE-2007-1894 CVE-2007-1897 CVE-2007-4483}
 	[etch] - wordpress 2.0.10-1
 [01 May 2007] DSA-1284-1 qemu
 	{CVE-2007-1320 CVE-2007-1321 CVE-2007-1322 CVE-2007-1366 CVE-2007-5729 CVE-2007-5730}


