[Secure-testing-commits] r15962 - data/CVE
Moritz Muehlenhoff
jmm at alioth.debian.org
Tue Jan 25 19:02:14 UTC 2011
Author: jmm
Date: 2011-01-25 19:01:58 +0000 (Tue, 25 Jan 2011)
New Revision: 15962
Modified:
data/CVE/list
Log:
shib issue doesn't affect Debian
updated status on several drupal mods, none affect testing or stable
mojarra not-affected
xulrunner issue only affected experimental
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2011-01-25 17:47:53 UTC (rev 15961)
+++ data/CVE/list 2011-01-25 19:01:58 UTC (rev 15962)
@@ -6,9 +6,8 @@
- redmine 1.0.5-1 (bug #608397)
NOTE: http://www.redmine.org/news/49
CVE-2011-XXXX [shibboleth Single TransientID Mapped to Multiple Principals]
- - shibboleth-sp2 <unfixed>
+ NOTE: Not packaged in Debian, separate package Shibboleth IdP
NOTE: http://shibboleth.internet2.edu/secadv/secadv_20110113.txt
- TODO: report & request id
CVE-2011-0520 [maradns crash with long queries]
RESERVED
- maradns <unfixed> (bug #610834)
@@ -1770,14 +1769,11 @@
CVE-2010-4522 (Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka ...)
NOT-FOR-US: MyBB
CVE-2010-4521 (Cross-site scripting (XSS) vulnerability in the Views module 6.x ...)
- - drupal6-mod-views <undetermined>
- TODO: check
+ - drupal6-mod-views 2.12-1
CVE-2010-4520 (Multiple cross-site scripting (XSS) vulnerabilities in the Views ...)
- - drupal6-mod-views <undetermined>
- TODO: check
+ - drupal6-mod-views 2.11-1
CVE-2010-4519 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
- - drupal6-mod-views <undetermined>
- TODO: check
+ - drupal6-mod-views 2.11-1
CVE-2010-4518 (Cross-site scripting (XSS) vulnerability in ...)
NOT-FOR-US: Safe Search plugin for WordPress
CVE-2010-4517 (SQL injection vulnerability in the JExtensions JE Auto (com_jeauto) ...)
@@ -3143,8 +3139,7 @@
{DSA-2128-1}
- libxml2 2.7.8.dfsg-1 (bug #602609)
CVE-2010-4007 (Oracle Mojarra uses an encrypted View State without a Message ...)
- - mojarra <unfixed>
- TODO: check
+ - mojarra <not-affected> (Fixed before initial upload, in 2.0.1)
CVE-2010-4006 (Multiple SQL injection vulnerabilities in search.php in WSN Links ...)
NOT-FOR-US: WSN Links
CVE-2010-4005 (The (1) tomboy and (2) tomboy-panel scripts in GNOME Tomboy 1.5.2 and ...)
@@ -3739,13 +3734,7 @@
- iceape 2.0.11-1
[lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-3777 (Unspecified vulnerability in Mozilla Firefox 3.6.x before 3.6.13 and ...)
- - xulrunner <removed>
- - icedove <undetermined>
- - iceweasel <undetermined>
- [lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
- - iceape <undetermined>
- [lenny] - iceape <not-affected> (Only a stub package)
- TODO: check
+ - iceweasel <not-affected> (Only affects Firefox 3.6, which is only in experimental)
CVE-2010-3776 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
{DSA-2132-1}
- xulrunner <removed>
@@ -7617,11 +7606,9 @@
CVE-2010-2354 (SQL injection vulnerability in subscribe.php in Pilot Group (PG) eLMS ...)
NOT-FOR-US: Pilot Group eLMS Pro
CVE-2010-2353 (The Node Reference module in Content Construction Kit (CCK) module 6.x ...)
- - drupal6-mod-cck <undetermined>
- TODO: check
+ - drupal6-mod-cck <not-affected> (Fixed before initial upload)
CVE-2010-2352 (The Node Reference module in Content Construction Kit (CCK) module 5.x ...)
- - drupal6-mod-cck <undetermined>
- TODO: check
+ - drupal6-mod-cck <not-affected> (Fixed before initial upload)
CVE-2010-2351 (Stack-based buffer overflow in the CIFS.NLM driver in Netware SMB 1.0 ...)
NOT-FOR-US: Novell Netware
CVE-2010-2350 (Heap-based buffer overflow in the PNG decoder in Ziproxy 3.1.0 allows ...)
@@ -22578,11 +22565,9 @@
CVE-2009-2078 (Multiple cross-site scripting (XSS) vulnerabilities in Booktree 5.x ...)
NOT-FOR-US: Booktree module for drupal
CVE-2009-2077 (Drupal 6.x before 6.x-2.6, a module for Drupal, allows remote ...)
- - drupal6-mod-views <undetermined>
- TODO: check
+ - drupal6-mod-views <not-affected> (Fixed before initial upload)
CVE-2009-2076 (Cross-site scripting (XSS) vulnerability in Views 6.x before 6.x-2.6, ...)
- - drupal6-mod-views <undetermined>
- TODO: check
+ - drupal6-mod-views <not-affected> (Fixed before initial upload)
CVE-2009-2075 (Nodequeue 5.x before 5.x-2.7 and 6.x before 6.x-2.2, a module for ...)
NOT-FOR-US: Nodequeue module for Drupal
CVE-2009-2074 (Cross-site scripting (XSS) vulnerability in Nodequeue 5.x before ...)
More information about the Secure-testing-commits
mailing list