[Secure-testing-commits] r13229 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Sat Nov 7 09:14:28 UTC 2009
Author: joeyh
Date: 2009-11-07 09:14:27 +0000 (Sat, 07 Nov 2009)
New Revision: 13229
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-11-07 08:23:15 UTC (rev 13228)
+++ data/CVE/list 2009-11-07 09:14:27 UTC (rev 13229)
@@ -4932,17 +4932,20 @@
CVE-2008-6840 (Multiple PHP remote file inclusion vulnerabilities in V-webmail 1.6.4 ...)
NOT-FOR-US: V-webmail
CVE-2009-2373 (Cross-site scripting (XSS) vulnerability in the Forum module in Drupal ...)
+ {DSA-1930-1}
- drupal6 6.12-1.1 (low; bug #535435)
- drupal5 <not-affected> (Vulnerable code not present)
NOTE: http://drupal.org/node/507572
NOTE: requested CVE id
CVE-2009-2372 (Drupal 6.x before 6.13 does not prevent users from modifying user ...)
+ {DSA-1930-1}
- drupal6 6.12-1.1 (medium; bug #535435)
- drupal5 <not-affected> (Vulnerable code not present)
NOTE: http://drupal.org/node/507572
NOTE: marked as medium as this might lead to code execution if the php filter is enabled
NOTE: requested CVE id
CVE-2009-2374 (Drupal 5.x before 5.19 and 6.x before 6.13 does not properly sanitize ...)
+ {DSA-1930-1}
- drupal6 6.12-1.1 (low; bug #535435)
- drupal5 5.18-1.1 (low; bug #535476)
NOTE: http://drupal.org/node/507572
More information about the Secure-testing-commits
mailing list