[Secure-testing-commits] r12315 - data/CVE

[Nico Golde]

Author: nion
Date: 2009-07-10 00:33:04 +0000 (Fri, 10 Jul 2009)
New Revision: 12315

Modified:
   data/CVE/list
Log:
cveified drupal

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-07-09 21:14:35 UTC (rev 12314)
+++ data/CVE/list	2009-07-10 00:33:04 UTC (rev 12315)
@@ -1,11 +1,5 @@
 CVE-2009-2386
 	RESERVED
-CVE-2009-2374 (Drupal 5.x before 5.19 and 6.x before 6.13 does not properly sanitize ...)
-	TODO: check
-CVE-2009-2373 (Cross-site scripting (XSS) vulnerability in the Forum module in Drupal ...)
-	TODO: check
-CVE-2009-2372 (Drupal 6.x before 6.13 does not prevent users from modifying user ...)
-	TODO: check
 CVE-2009-2369 (Integer overflow in the wxImage::Create function in ...)
 	TODO: check
 CVE-2009-2360 (Cross-site scripting (XSS) vulnerability in passwd/main.php in the ...)
@@ -273,18 +267,18 @@
 	NOT-FOR-US: component for Joomla!
 CVE-2008-6840 (Multiple PHP remote file inclusion vulnerabilities in V-webmail 1.6.4 ...)
 	NOT-FOR-US: V-webmail
-CVE-2009-XXXX [XSS in forum module]
+CVE-2009-2373 (Cross-site scripting (XSS) vulnerability in the Forum module in Drupal ...)
 	- drupal6 6.12-1.1 (low; bug #535435)
 	- drupal5 <not-affected> (Vulnerable code not present)
 	NOTE: http://drupal.org/node/507572
 	NOTE: requested CVE id
-CVE-2009-XXXX [input format access bypass]
+CVE-2009-2372 (Drupal 6.x before 6.13 does not prevent users from modifying user ...)
 	- drupal6 6.12-1.1 (medium; bug #535435)
 	- drupal5 <not-affected> (Vulnerable code not present)
 	NOTE: http://drupal.org/node/507572
 	NOTE: marked as medium as this might lead to code execution if the php filter is enabled
 	NOTE: requested CVE id
-CVE-2009-XXXX [URL password leakage]
+CVE-2009-2374 (Drupal 5.x before 5.19 and 6.x before 6.13 does not properly sanitize ...)
 	- drupal6 6.12-1.1 (low; bug #535435)
 	- drupal5 5.18-1.1 (low; bug #535476)
 	NOTE: http://drupal.org/node/507572