[Secure-testing-commits] r15229 - data/CVE

Sat Aug 28 21:46:05 UTC 2010

Author: geissert
Date: 2010-08-28 21:46:05 +0000 (Sat, 28 Aug 2010)
New Revision: 15229

Modified:
   data/CVE/list
Log:
we do ship phpCAS


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2010-08-28 21:14:46 UTC (rev 15228)
+++ data/CVE/list	2010-08-28 21:46:05 UTC (rev 15229)
@@ -908,9 +908,15 @@
 CVE-2010-2797
 	RESERVED
 CVE-2010-2796 (Cross-site scripting (XSS) vulnerability in phpCAS before 1.1.2, when ...)
-	NOT-FOR-US: phpCAS
+	- libphp-cas <itp> (bug #495542)
+	- glpi <unfixed>
+	- moodle <unfixed>
+	TODO: check embedders
 CVE-2010-2795 (phpCAS before 1.1.2 allows remote authenticated users to hijack ...)
-	NOT-FOR-US: phpCAS
+	- libphp-cas <itp> (bug #495542)
+	- glpi <unfixed>
+	- moodle <unfixed>
+	TODO: check embedders
 CVE-2010-2794
 	RESERVED
 CVE-2010-2793
@@ -4021,7 +4027,10 @@
 CVE-2010-1619 (Cross-site scripting (XSS) vulnerability in the ...)
 	- moodle 1.9.8-1 (low; bug #585425)
 CVE-2010-1618 (Cross-site scripting (XSS) vulnerability in the phpCAS client library ...)
+	- libphp-cas <itp> (bug #495542)
 	- moodle 1.9.8-1 (low; bug #574757)
+	- glpi <unfixed>
+	TODO: check glpi
 CVE-2010-1617 (user/view.php in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 ...)
 	- moodle 1.9.8-1 (unimportant; bug #585427)
 	NOTE: i have a hard time seeing the security impact, moodle is a course management
@@ -5820,6 +5829,7 @@
 	- alien-arena 7.33-5 (low; bug #575621)
 	[lenny] - alien-arena 7.0-1+lenny2
 CVE-2010-XXXX [phpCAS XSS in final_uri; PHPCAS-52]
+	- libphp-cas <itp> (bug #495542)
 	- glpi 0.72.4-2 (bug #574760; unimportant)
 	NOTE: Only supported behind an authenticated HTTP zone
 	NOTE: http://www.ja-sig.org/issues/browse/PHPCAS-52


