[Secure-testing-commits] r14457 - data/CVE
Michael Gilbert
michael.s.gilbert at gmail.com
Sun Apr 11 23:40:10 UTC 2010
On Sun, 11 Apr 2010 22:37:50 +0000 Pedro Ribeiro wrote:
> Author: pedrib-guest
> Date: 2010-04-11 22:37:44 +0000 (Sun, 11 Apr 2010)
> New Revision: 14457
>
> Modified:
> data/CVE/list
> Log:
> a few NMUs plus a unaffected for drupal6
>
>
> Modified: data/CVE/list
> ===================================================================
> --- data/CVE/list 2010-04-11 21:20:44 UTC (rev 14456)
> +++ data/CVE/list 2010-04-11 22:37:44 UTC (rev 14457)
> @@ -59,21 +59,21 @@
> CVE-2010-1304 (Directory traversal vulnerability in userstatus.php in the User Status ...)
> NOT-FOR-US: Joomla!
> CVE-2010-1303 (Multiple cross-site scripting (XSS) vulnerabilities in the Taxonomy ...)
> - TODO: check
> + - drupal6 <not-affected> (Vulnerable code not present)
this is actually an issue in a drupal module, not drupal itself.
issues in modules that aren't packaged are usually tracked as NFUs.
> CVE-2010-XXXX [abcm2ps]
> - abcm2ps <unfixed> (bug filed)
> CVE-2010-1302 (Directory traversal vulnerability in dwgraphs.php in the DecryptWeb DW ...)
> - TODO: check
> + NOT-FOR-US: Joomla!
similarly, this is a joomla module, not joomla itself. module names
are usually mentioned since if for some reason that code ever does get
packaged, a text search will turn the issue up. although that's not a
big deal or anything.
thanks for your help triaging these issues!
mike
More information about the Secure-testing-commits
mailing list