[Secure-testing-commits] r12056 - in data: . CVE

Stefan Fritsch sf at alioth.debian.org
Sat Jun 6 08:39:34 UTC 2009 

Author: sf
Date: 2009-06-06 08:39:34 +0000 (Sat, 06 Jun 2009)
New Revision: 12056

Modified:
   data/CVE/list
   data/problematic-packages
Log:
bugzilla bug references

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-06-06 08:13:13 UTC (rev 12055)
+++ data/CVE/list	2009-06-06 08:39:34 UTC (rev 12056)
@@ -2247,7 +2247,7 @@
 	- screen 4.0.3-13 (unimportant; bug #521123)
 	NOTE: documented behaviour "or the public accessible screen-exchange", see man screen
 CVE-2009-1213 (Cross-site request forgery (CSRF) vulnerability in attachment.cgi in ...)
-	- bugzilla <unfixed> (low)
+	- bugzilla <unfixed> (low; bug #514143)
 	[etch] - bugzilla <no-dsa> (Minor issue)
 	[lenny] - bugzilla <no-dsa> (Minor issue)
 	NOTE: should this really be considered minor?  see fedora bug and FSA:
@@ -5045,23 +5045,23 @@
 	[etch] - bugzilla <not-affected> (Versions before 3.2.1, 3.0.7, and 3.3.2 were not affected)
 	[lenny] - bugzilla <not-affected> (Versions before 3.2.1, 3.0.7, and 3.3.2 were not affected)
 CVE-2009-0485 (Cross-site request forgery (CSRF) vulnerability in Bugzilla 2.17 to ...)
-	- bugzilla <unfixed> (low)
+	- bugzilla <unfixed> (low; bug #514143)
 	[etch] - bugzilla <no-dsa> (Minor issue)
 	[lenny] - bugzilla <no-dsa> (Minor issue)
 CVE-2009-0484 (Cross-site request forgery (CSRF) vulnerability in Bugzilla 3.0 before ...)
-	- bugzilla <unfixed> (low)
+	- bugzilla <unfixed> (low; bug #514143)
 	[etch] - bugzilla <no-dsa> (Minor issue)
 	[lenny] - bugzilla <no-dsa> (Minor issue)
 CVE-2009-0483 (Cross-site request forgery (CSRF) vulnerability in Bugzilla 2.22 ...)
-	- bugzilla <unfixed> (low)
+	- bugzilla <unfixed> (low; bug #514143)
 	[etch] - bugzilla <no-dsa> (Minor issue)
 	[lenny] - bugzilla <no-dsa> (Minor issue)
 CVE-2009-0482 (Cross-site request forgery (CSRF) vulnerability in Bugzilla before 3.2 ...)
-	- bugzilla <unfixed> (low)
+	- bugzilla <unfixed> (low; bug #514143)
 	[etch] - bugzilla <no-dsa> (Minor issue)
 	[lenny] - bugzilla <no-dsa> (Minor issue)
 CVE-2009-0481 (Bugzilla 2.x before 2.22.7, 3.0 before 3.0.7, 3.2 before 3.2.1, and ...)
-	- bugzilla <unfixed> (low)
+	- bugzilla <unfixed> (low; bug #514143)
 	[etch] - bugzilla <no-dsa> (Minor issue)
 	[lenny] - bugzilla <no-dsa> (Minor issue)
 CVE-2009-0480 (The IP implementation in Sun Solaris 8 through 10, and OpenSolaris ...)

Modified: data/problematic-packages
===================================================================
--- data/problematic-packages	2009-06-06 08:13:13 UTC (rev 12055)
+++ data/problematic-packages	2009-06-06 08:39:34 UTC (rev 12056)
@@ -6,6 +6,11 @@
 
 ----
 
+bugzilla: (June 2009)
+No reply to security bugs #514143 in unstable in 4 months.
+
+----
+
 jasper (June 2009)
 A security fix was dropped in a later upload, no followup on
 the respective bug for three weeks as of 2009-06-02.

More information about the Secure-testing-commits mailing list