[Secure-testing-commits] r13144 - data/CVE
Michael Gilbert
gilbert-guest at alioth.debian.org
Thu Oct 29 15:32:38 UTC 2009
Author: gilbert-guest
Date: 2009-10-29 15:32:38 +0000 (Thu, 29 Oct 2009)
New Revision: 13144
Modified:
data/CVE/list
Log:
fix request-tracker tracking based on maintainers feedback
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-10-29 15:29:23 UTC (rev 13143)
+++ data/CVE/list 2009-10-29 15:32:38 UTC (rev 13144)
@@ -994,7 +994,7 @@
[etch] - libfwbuilder <not-affected> (Introduced in 3.0.4)
CVE-2009-XXXX [RT: XSS security problem in custom field display]
- request-tracker3.8 3.8.5-1 (bug #546829)
- - request-tracker3.6 3.6.9-1
+ - request-tracker3.6 3.6.9-1 (bug #546778)
[lenny] - request-tracker3.6 <no-dsa> (Minor issue)
TODO: next point update: [lenny] - request-tracker3.6 3.6.7-5+lenny2
CVE-2009-3430 (SQL injection vulnerability in login.php in Allomani Mobile 2.5 allows ...)
@@ -5106,13 +5106,6 @@
{DSA-1899-1 DSA-1898-1}
- strongswan 4.2.14-1.2 (bug #533837)
- openswan 1:2.6.22+dfsg-1
-CVE-2009-XXXX [request-tracker: root priviledges for dialog]
- - request-tracker3.4 <removed> (low; bug #534498)
- [etch] - request-tracker3.4 <not-affected> (flaw introduced in 3.6.2)
- - request-tracker3.6 3.6.8-1 (low; bug #534497)
- [lenny] - request-tracker3.6 <no-dsa> (Targeted for stable point update)
- [etch] - request-tracker3.6 <not-affected> (flaw introduced in 3.6.2)
- - request-tracker3.8 3.8.4-1
CVE-2009-2184 (Absolute path traversal vulnerability in forcedownload.php in Gravy ...)
NOT-FOR-US: Gravy Media Photo
CVE-2009-2183 (Directory traversal vulnerability in admin-files/ad.php in Campsite ...)
@@ -5306,6 +5299,10 @@
CVE-2009-XXXX [ShowConfigTab unintentionally grants rights intended for SuperUsers]
- request-tracker3.6 3.6.8-1 (low; bug #532990)
[lenny] - request-tracker3.6 3.6.7-5+lenny1
+ [etch] - request-tracker3.6 <not-affected> (flaw introduced in 3.6.2)
+ - request-tracker3.4 <removed> (low; bug #534498)
+ [etch] - request-tracker3.4 <not-affected> (flaw introduced in 3.6.2)
+ - request-tracker3.8 3.8.4-1
CVE-2009-2106 (SQL injection vulnerability in the Virtual Civil Services (civserv) ...)
NOT-FOR-US: Virtual Civil Services extension for TYPO3
CVE-2009-2105 (SQL injection vulnerability in the References database (t3references) ...)
More information about the Secure-testing-commits
mailing list