[Secure-testing-commits] r12883 - in data: . CVE

Fri Sep 25 08:49:18 UTC 2009

Author: derevko-guest
Date: 2009-09-25 08:49:13 +0000 (Fri, 25 Sep 2009)
New Revision: 12883

Modified:
   data/CVE/list
   data/ospu-candidates.txt
Log:
mediawiki in etch is a metapackage

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2009-09-24 21:14:38 UTC (rev 12882)
+++ data/CVE/list	2009-09-25 08:49:13 UTC (rev 12883)
@@ -1328,7 +1328,6 @@
 	- planet-venus <unfixed> (low; bug #546179)
 	[lenny] - planet-venus <no-dsa> (Minor issue)
 	[etch] - planet-venus <no-dsa> (Minor issue)
-	
 CVE-2009-2936
 	RESERVED
 CVE-2009-2935 (Google V8, as used in Google Chrome before 2.0.172.43, allows remote ...)
@@ -2882,7 +2881,9 @@
 	[lenny] - movabletype-opensource <no-dsa> (Minor information disclosure)
 CVE-2009-XXXX [mediawiki: XSS via specialblock]
 	- mediawiki 1:1.15.0-1.1 (low; bug #537634)
-	[etch] - mediawiki <not-affected> (vulnerably code introduced in 1.14.0)
+	- mediawiki1.7 <removed>
+	[etch] - mediawiki <not-affected> (metapackage)
+	[etch] - mediawiki1.7 <not-affected> (vulnerably code introduced in 1.14.0)
 	[lenny] - mediawiki <not-affected> (vulnerably code introduced in 1.14.0)
 	NOTE: fixed in upstream 1.15.1
 CVE-2009-XXXX [insecure tmp file vulnerability in slim]
@@ -9588,7 +9589,9 @@
 	NOTE: need to submit a request for CVE id
 CVE-2009-0737 (Multiple cross-site scripting (XSS) vulnerabilities in the web-based ...)
 	- mediawiki 1:1.14.0-1 (low; bug #514547)
+	- mediawiki1.7 <removed>
 	[lenny] - mediawiki 1:1.12.0-2lenny3
+	[etch] - mediawiki <not-affected> (metapackage)
 CVE-2009-0524 (Cross-site scripting (XSS) vulnerability in Adobe RoboHelp 6 and 7, ...)
 	NOT-FOR-US: Adobe RoboHelp
 CVE-2009-0523 (Cross-site scripting (XSS) vulnerability in Adobe RoboHelp Server 6 ...)
@@ -11705,11 +11708,14 @@
 	NOT-FOR-US: Solaris
 CVE-2008-5688 (MediaWiki 1.8.1, and other versions before 1.13.3, when the ...)
 	- mediawiki <unfixed> (unimportant)
+	- mediawiki1.7 <removed> (unimportant)
 	NOTE: Installation path disclosure not treated as a security issue
 CVE-2008-5687 (MediaWiki 1.11, and other versions before 1.13.3, does not properly ...)
 	{DTSA-186-1}
 	- mediawiki 1:1.13.3-1 (low)
-	[etch] - mediawiki <not-affected> (The backup feature was introduced in 1.11)
+	- mediawiki1.7 <removed>
+	[etch] - mediawiki1.7 <not-affected> (The backup feature was introduced in 1.11)
+	[etch] - mediawiki <not-affected> (metapackage)
 CVE-2008-5686 (IBM Tivoli Provisioning Manager (TPM) before 5.1.1.1 IF0006, when its ...)
 	NOT-FOR-US: IBM Tivoli Provisioning Manager
 CVE-2008-5685 (Sun ScApp firmware 5.18.x, 5.19.x, and 5.20.0 through 5.20.10 on Sun ...)
@@ -12919,15 +12925,20 @@
 CVE-2008-5252 (Cross-site request forgery (CSRF) vulnerability in the Special:Import ...)
 	{DTSA-186-1}
 	- mediawiki 1:1.13.3-1 (bug #508870)
+	- mediawiki1.7 <removed>
+	[etch] - mediawiki <not-affected> (metapackage)
 CVE-2008-5251
 	RESERVED
 CVE-2008-5250 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.6.11, ...)
 	{DTSA-186-1}
 	- mediawiki 1:1.13.3-1 (bug #508869)
+	- mediawiki1.7 <removed>
+	[etch] - mediawiki <not-affected> (metapackage)
 CVE-2008-5249 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.13.0 through ...)
 	{DTSA-186-1}
 	- mediawiki 1:1.13.3-1 (bug #508868)
-	[etch] - mediawiki <not-affected> (Only 1.13.x is affected)
+	- mediawiki1.7 <removed>
+	[etch] - mediawiki <not-affected> (metapackage)
 CVE-2008-5276 (Integer overflow in the ReadRealIndex function in real.c in the Real ...)
 	- vlc <not-affected> (vulnerable code not present)
 	NOTE: affected versions are >= 0.9.x (experimental)

Modified: data/ospu-candidates.txt
===================================================================
--- data/ospu-candidates.txt	2009-09-24 21:14:38 UTC (rev 12882)
+++ data/ospu-candidates.txt	2009-09-25 08:49:13 UTC (rev 12883)
@@ -553,6 +553,7 @@
 
 planet (CVE-2009-2937)
 bug #546178
+notified maintainer through initial bugreport
 
 --
 


