[Secure-testing-commits] r15272 - in data: . CVE
Raphael Geissert
geissert at alioth.debian.org
Sun Sep 5 23:36:42 UTC 2010
Author: geissert
Date: 2010-09-05 23:36:41 +0000 (Sun, 05 Sep 2010)
New Revision: 15272
Modified:
data/CVE/list
data/embedded-code-copies
Log:
mantis updates
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-09-05 21:34:49 UTC (rev 15271)
+++ data/CVE/list 2010-09-05 23:36:41 UTC (rev 15272)
@@ -994,8 +994,11 @@
RESERVED
{DSA-2094-1}
- linux-2.6 2.6.32-22
-CVE-2010-2802
+CVE-2010-2802 [mantis attachment XSS]
RESERVED
+ - mantis <not-affected> (vulnerable code introduced in 1.2.x)
+ TODO: confirm 1.1.x is not affected
+ NOTE: http://www.mantisbt.org/bugs/view.php?id=11952
CVE-2010-2801 (Integer signedness error in the Quantum decompressor in cabextract ...)
{DSA-2087-1}
- cabextract 1.3-1 (bug #591552)
Modified: data/embedded-code-copies
===================================================================
--- data/embedded-code-copies 2010-09-05 21:34:49 UTC (rev 15271)
+++ data/embedded-code-copies 2010-09-05 23:36:41 UTC (rev 15272)
@@ -1063,8 +1063,7 @@
- gallery2 <unfixed> (embed)
- typo3-src <unfixed> (embed)
- phpgacl 3.3.7-7 (embed)
- - mantis <unfixed> (embed)
- TODO: already depends on nusoap, so may be using system lib; check
+ - mantis 1.1.8+dfsg-1 (embed)
libept
- adept <unfixed> (embed; bug #540649)
More information about the Secure-testing-commits
mailing list