[Secure-testing-commits] r12296 - in data: CVE NMU

[Nico Golde]

Author: nion
Date: 2009-07-06 18:36:38 +0000 (Mon, 06 Jul 2009)
New Revision: 12296

Modified:
   data/CVE/list
   data/NMU/list
Log:
drupal5/6 issues fixed in 5.18-1.1/6.12-1.1

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-07-06 16:27:55 UTC (rev 12295)
+++ data/CVE/list	2009-07-06 18:36:38 UTC (rev 12296)
@@ -107,11 +107,22 @@
 	NOT-FOR-US: component for Joomla!
 CVE-2008-6840 (Multiple PHP remote file inclusion vulnerabilities in V-webmail 1.6.4 ...)
 	NOT-FOR-US: V-webmail
-CVE-2009-XXXX [multiple drupal issues]
-	- drupal6 <unfixed> (bug #535435)
-	- drupal5 <unfixed> (bug #535476)
+CVE-2009-XXXX [XSS in forum module]
+	- drupal6 6.12-1.1 (low; bug #535435)
+	- drupal5 <not-affected> (Vulnerable code not present)
 	NOTE: http://drupal.org/node/507572
 	NOTE: requested CVE id
+CVE-2009-XXXX [input format access bypass]
+	- drupal6 6.12-1.1 (medium; bug #535435)
+	- drupal5 <not-affected> (Vulnerable code not present)
+	NOTE: http://drupal.org/node/507572
+	NOTE: marked as medium as this might lead to code execution if the php filter is enabled
+	NOTE: requested CVE id
+CVE-2009-XXXX [URL password leakage]
+	- drupal6 6.12-1.1 (low; bug #535435)
+	- drupal5 5.18-1.1 (low; bug #535476)
+	NOTE: http://drupal.org/node/507572
+	NOTE: requested CVE id
 CVE-2009-2284 (Cross-site scripting (XSS) vulnerability in phpMyAdmin before 3.2.0.1 ...)
 	- phpmyadmin 4:3.2.0.1-1 (medium; bug #535890)
 CVE-2009-2280

Modified: data/NMU/list
===================================================================
--- data/NMU/list	2009-07-06 16:27:55 UTC (rev 12295)
+++ data/NMU/list	2009-07-06 18:36:38 UTC (rev 12296)
@@ -155,3 +155,5 @@
 2009-06-22 amule 2.2.5-1.1
 2009-07-01 gupnp 0.12.6-3.1
 2009-07-06 ipplan 4.91a-1.1
+2009-07-06 drupal5 5.18-1.1
+2009-07-06 drupal6 6.12-1.1