[Secure-testing-commits] r13831 - in data: . CVE

Michael Gilbert gilbert-guest at alioth.debian.org
Sat Jan 16 01:59:00 UTC 2010 

Author: gilbert-guest
Date: 2010-01-16 01:59:00 +0000 (Sat, 16 Jan 2010)
New Revision: 13831

Modified:
   data/CVE/list
   data/embedded-code-copies
Log:
mydms issue; plone3 removed; prototype/jquery embed fixed

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-01-15 21:38:35 UTC (rev 13830)
+++ data/CVE/list	2010-01-16 01:59:00 UTC (rev 13831)
@@ -1,3 +1,7 @@
+CVE-2010-XXXX [mydms multiple issues]
+	- mydms <undetermined>
+	TODO: check
+	NOTE: http://seclists.org/fulldisclosure/2010/Jan/267
 CVE-2010-XXXX [dokuwiki CSRF]
 	- dokuwiki <unfixed>
 	TODO: check
@@ -4703,7 +4707,7 @@
 	- libhtml-prototype-perl 1.48-3 (low; bug #558977)
 	[etch] - libhtml-prototype-perl <no-dsa> (minor issue)
 	[lenny] - libhtml-prototype-perl <no-dsa> (minor issue)
-	- plone3 <unfixed> (low; bug #555274)
+	- plone3 <removed> (low; bug #555274)
 	- wesnoth <not-affected> (prototype.js not included in any of the binary packages; bug #555266)
 	- webcit <not-affected> (fixed since initial inclusion)
 	- zabbix <not-affected> (fixed since initial inclusion)
@@ -13328,7 +13332,7 @@
 	{DSA-1780-1}
 	- libdbd-pg-perl 2.1.3-1
 CVE-2009-0662 (The PlonePAS product 3.x before 3.9 and 3.2.x before 3.2.2, a product ...)
-	- plone3 <unfixed> (medium; bug #525943)
+	- plone3 <removed> (medium; bug #525943)
 CVE-2009-0661 (Wee Enhanced Environment for Chat (WeeChat) 0.2.6 allows remote ...)
 	{DSA-1744-1}
 	- weechat 0.2.6.1-1 (medium; bug #519940)
@@ -26701,10 +26705,10 @@
 CVE-2008-1397 (Check Point VPN-1 Power/UTM, with NGX R60 through R65 and NG AI R55 ...)
 	NOT-FOR-US: Check Point VPN
 CVE-2008-1396 (Plone CMS 3.x uses invariant data (a client username and a server ...)
-	- plone3 <unfixed> (low; bug #473571)
+	- plone3 <removed> (low; bug #473571)
 	[lenny] - plone3 <no-dsa> (Only an issue if not following best practices, see bug #473571)
 CVE-2008-1395 (Plone CMS does not record users' authentication states, and implements ...)
-	- plone3 <unfixed> (low; bug #473571)
+	- plone3 <removed> (low; bug #473571)
 	[lenny] - plone3 <no-dsa> (Only an issue if not following best practices, see bug #473571)
 CVE-2008-1394 (Plone CMS before 3 places a base64 encoded form of the username and ...)
 	- zope-cmfplone <removed>
@@ -26712,7 +26716,7 @@
 	NOTE: doesn't apply to v3
 	NOTE: more a security enhancement
 CVE-2008-1393 (Plone CMS 3.0.5, and probably other 3.x versions, places a base64 ...)
-	- plone3 <unfixed> (low; bug #473571; bug #486333)
+	- plone3 <removed> (low; bug #473571; bug #486333)
 	[lenny] - plone3 <no-dsa> (Only an issue if not following best practices, see bug #473571)
 CVE-2008-1392 (The default configuration of VMware Workstation 6.0.2, VMware Player ...)
 	- vmware-package <removed> (low; bug #486177)
@@ -41544,7 +41548,7 @@
 	- otrs2 <not-affected> (fixed since initial inclusion)
 	- webcalendar <unfixed> (low; bug #555268)
 	[lenny] - webcalendar <not-affected> (prototype.js not present)
-	- plone3 <unfixed> (low; bug #555274)
+	- plone3 <removed> (low; bug #555274)
 	- wesnoth <not-affected> (fixed since initial inclusion)
 	- libhtml-prototype-perl 1.48-3 (low; bug #558977)
 	[etch] - libhtml-prototype-perl <no-dsa> (minor issue)
@@ -41568,7 +41572,7 @@
 CVE-2007-2380 (The Microsoft Atlas framework exchanges data using JavaScript Object ...)
 	NOT-FOR-US: Microsoft Atlas
 CVE-2007-2379 (The jQuery framework exchanges data using JavaScript Object Notation ...)
-	NOT-FOR-US: jQuery framework
+	- jquery <undetermined> (low)
 CVE-2007-2378 (The Google Web Toolkit (GWT) framework exchanges data using JavaScript ...)
 	- gwt <undetermined> (low; bug #563542)
 CVE-2007-2377 (The Getahead Direct Web Remoting (DWR) framework 1.1.4 exchanges data ...)

Modified: data/embedded-code-copies
===================================================================
--- data/embedded-code-copies	2010-01-15 21:38:35 UTC (rev 13830)
+++ data/embedded-code-copies	2010-01-16 01:59:00 UTC (rev 13831)
@@ -715,7 +715,7 @@
 	- coherence 0.6.2-1 (embed)
 	- paste <unfixed> (embed)
 	- turbogears <unfixed> (embed)
-	- plone3 <unfixed> (embed)
+	- plone3 <removed> (embed)
 	- xulrunner <unfixed> (embed)
 	- libjifty-plugin-chart-perl <unfixed> (embed)
 	- sabnzbdplus <unfixed> (embed)
@@ -757,9 +757,9 @@
 	- webcalendar <unfixed> (embed; bug #555269)
 	- redmine 0.9.0~svn2907-1 (embed; bug #555270)
 	- jifty 0.90519-1 (embed; bug #555271)
-	- jquery <unfixed> (embed; bug #555272)
+	- jquery 1.4-1 (embed; bug #555272)
 	- passenger 2.2.5debian1-1 (embed; bug #555273)
-	- plone3 <unfixed> (embed; bug #555275)
+	- plone3 <removed> (embed; bug #555275)
 	- wesnoth <not-affected> (prototype.js not included in any of the binary packages; bug #555277)
 	- libhtml-prototype-perl 1.48-3 (embed; bug #538920)
 	- xulrunner <unfixed> (embed)
@@ -1291,7 +1291,7 @@
 	NOTE: embeds msgfmt.py script
 	- moin <unfixed> (embed)
 	NOTE: embeds msgfmt.py script, stdlib modules: cgitb, difflib, tarfile
-	- plone3 <unfixed> (embed)
+	- plone3 <removed> (embed)
 	NOTE: embeds msgfmt.py script
 	- roundup <unfixed> (embed)
 	NOTE: embeds msgfmt.py script, stdlib modules: cgitb
@@ -1414,7 +1414,7 @@
 	- freevo <unfixed> (embed; bug #555353)
 	- pida <unfixed> (embed; bug #555354)
 	- planet-venus <unfixed> (embed; bug #555355)
-	- plone3 <unfixed> (embed; bug #555356)
+	- plone3 <removed> (embed; bug #555356)
 	- exaile 0.2.14+debian-1 (embed)
 	- screenlets 0.1.2-3 (embed)
 	NOTE: included twice
@@ -1698,7 +1698,7 @@
 	- kdenetwork <unfixed> (embed)
 	- mediatomb <unfixed> (embed) 
 	- plastex <unfixed> (embed) 
-	- plone3 <unfixed> (embed)
+	- plone3 <removed> (embed)
 	- python-chaco <unfixed> (embed) 
 	- python-docutils <unfixed> (embed)
 	- s5 <unfixed> (embed)

More information about the Secure-testing-commits mailing list