[Secure-testing-commits] r14457 - data/CVE

Michael Gilbert michael.s.gilbert at gmail.com
Sun Apr 11 23:40:10 UTC 2010


On Sun, 11 Apr 2010 22:37:50 +0000 Pedro Ribeiro wrote:

> Author: pedrib-guest
> Date: 2010-04-11 22:37:44 +0000 (Sun, 11 Apr 2010)
> New Revision: 14457
> 
> Modified:
>    data/CVE/list
> Log:
> a few NMUs plus a unaffected for drupal6
> 
> 
> Modified: data/CVE/list
> ===================================================================
> --- data/CVE/list	2010-04-11 21:20:44 UTC (rev 14456)
> +++ data/CVE/list	2010-04-11 22:37:44 UTC (rev 14457)
> @@ -59,21 +59,21 @@
>  CVE-2010-1304 (Directory traversal vulnerability in userstatus.php in the User Status ...)
>     NOT-FOR-US: Joomla!
>  CVE-2010-1303 (Multiple cross-site scripting (XSS) vulnerabilities in the Taxonomy ...)
> -	TODO: check
> +	- drupal6 <not-affected> (Vulnerable code not present)

this is actually an issue in a drupal module, not drupal itself.
issues in modules that aren't packaged are usually tracked as NFUs.

>  CVE-2010-XXXX [abcm2ps]
>  	- abcm2ps <unfixed> (bug filed)
>  CVE-2010-1302 (Directory traversal vulnerability in dwgraphs.php in the DecryptWeb DW ...)
> -	TODO: check
> +	NOT-FOR-US: Joomla!

similarly, this is a joomla module, not joomla itself.  module names
are usually mentioned since if for some reason that code ever does get
packaged, a text search will turn the issue up. although that's not a
big deal or anything.

thanks for your help triaging these issues!

mike



More information about the Secure-testing-commits mailing list