[Secure-testing-commits] r17034 - data/CVE

Johnathan Ritzi jrdioko-guest at alioth.debian.org
Thu Jul 28 23:41:32 UTC 2011 

Author: jrdioko-guest
Date: 2011-07-28 23:41:32 +0000 (Thu, 28 Jul 2011)
New Revision: 17034

Modified:
   data/CVE/list
Log:
Joomla! issues

Updated several TODOs and NFUs to the joomla RFP. Many may still be in
NFU state (I only got through 16% of the file). Also not sure how to
handle the many Joomla! component issues (ITP/RFP or NFU). Probably
doesn't matter though, since if Joomla! was ever added people would be
aware there are hundreds of CVEs for it and its components...


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2011-07-28 22:26:50 UTC (rev 17033)
+++ data/CVE/list	2011-07-28 23:41:32 UTC (rev 17034)
@@ -127,13 +127,13 @@
 CVE-2011-2893 (The DataPilot feature in IBM Lotus Symphony 3 before FP3 allows ...)
 	NOT-FOR-US: IBM Lotus Symphony
 CVE-2011-2892 (Joomla! 1.6.x before 1.6.2 does not prevent page rendering inside a ...)
-	TODO: check
+	- joomla <itp> (bug #571794)
 CVE-2011-2891 (Joomla! 1.6.x before 1.6.2 allows remote attackers to obtain sensitive ...)
-	TODO: check
+	- joomla <itp> (bug #571794)
 CVE-2011-2890 (The MediaViewMedia class in ...)
-	TODO: check
+	- joomla <itp> (bug #571794)
 CVE-2011-2889 (templates/system/error.php in Joomla! before 1.5.23 might allow remote ...)
-	TODO: check
+	- joomla <itp> (bug #571794)
 CVE-2011-2888 (IBM Lotus Symphony 3 before FP3 allows remote attackers to cause a ...)
 	NOT-FOR-US: IBM Lotus Symphony
 CVE-2011-2887 (IBM Lotus Symphony 3 before FP3 on Linux allows remote attackers to ...)
@@ -516,7 +516,7 @@
 	RESERVED
 	NOT-FOR-US: cgit
 CVE-2011-2710 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before ...)
-	TODO: check
+	- joomla <itp> (bug #571794)
 CVE-2011-2709
 	RESERVED
 CVE-2011-2708
@@ -1039,7 +1039,7 @@
 	[squeeze] - dokuwiki <no-dsa> (Minor issue, will be fixed in point update)
 	[lenny] - dokuwiki <no-dsa> (Minor issue)
 CVE-2011-2509 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before ...)
-	TODO: check
+	- joomla <itp> (bug #571794)
 CVE-2011-2508 (Directory traversal vulnerability in libraries/display_tbl.lib.php in ...)
 	{DSA-2286-1}
 	- phpmyadmin 4:3.4.3.1-1
@@ -1108,7 +1108,7 @@
 	{DSA-2281-1}
 	- opie <removed> (bug #631344)
 CVE-2011-2488 (Joomla! before 1.5.23 does not properly check for errors, which allows ...)
-	NOT-FOR-US: Joomla
+	- joomla <itp> (bug #571794)
 CVE-2011-2487
 	RESERVED
 CVE-2011-2486
@@ -6761,7 +6761,7 @@
 	- php5 5.3.5-1 (unimportant)
 	NOTE: requires attacker to be able to execute code already
 CVE-2010-4696 (Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 ...)
-	NOT-FOR-US: Joomla 
+	- joomla <itp> (bug #571794)
 CVE-2009-5051 (Hastymail2 before RC 8 does not set the secure flag for the session ...)
 	NOT-FOR-US: Hastymail
 CVE-2011-0493 (Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha might allow ...)
@@ -7475,7 +7475,7 @@
 CVE-2010-4639 (SQL injection vulnerability in index.php in MySource Matrix allows ...)
 	NOT-FOR-US: MySource Matrix
 CVE-2010-4638 (SQL injection vulnerability in the submitSurvey function in ...)
-	NOT-FOR-US: Joomla!
+	NOT-FOR-US: Joomla! JQuarks4s component
 CVE-2010-4637 (Cross-site scripting (XSS) vulnerability in feedlist/handler_image.php ...)
 	NOT-FOR-US: FeedList
 CVE-2010-4636 (SQL injection vulnerability in detail.asp in Site2Nite Business ...)
@@ -9620,7 +9620,7 @@
 	- imagemagick 8:6.6.0.4-3 (low; bug #601824)
 	[lenny] - imagemagick 7:6.3.7.9.dfsg2-1~lenny4
 CVE-2010-4166 (Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 ...)
-	NOT-FOR-US: Joomla
+	- joomla <itp> (bug #571794)
 CVE-2010-4165 (The do_tcp_setsockopt function in net/ipv4/tcp.c in the Linux kernel ...)
 	- linux-2.6 2.6.32-28
 	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.28)
@@ -10862,7 +10862,7 @@
 CVE-2010-3713 (rss.php in UseBB before 1.0.11 does not properly handle forum ...)
 	NOT-FOR-US: UseBB
 CVE-2010-3712 (Cross-site scripting (XSS) vulnerability in Joomla! 1.5.x before ...)
-	NOT-FOR-US: Joomla!
+	- joomla <itp> (bug #571794)
 CVE-2010-3711 (libpurple in Pidgin before 2.7.4 does not properly validate the return ...)
 	- pidgin 2.7.4-1
 	[squeeze] - pidgin 2.7.3-1+squeeze1
@@ -14122,7 +14122,7 @@
 CVE-2010-2536 (Multiple cross-site scripting (XSS) vulnerabilities in rekonq 0.5 and ...)
 	- rekonq 0.5.0-2 (bug #593300)
 CVE-2010-2535 (Multiple cross-site scripting (XSS) vulnerabilities in the Back End in ...)
-	NOT-FOR-US: Joomla
+	- joomla <itp> (bug #571794)
 CVE-2010-2534 (The NetworkSyncCommandQueue function in network/network_command.cpp in ...)
 	- openttd 1.0.3-1
 	[lenny] - openttd <not-affected> (Introduced in 1.0.1)
@@ -16524,7 +16524,7 @@
 CVE-2010-1650 (IBM WebSphere Application Server (WAS) 6.0.x before 6.0.2.41, 6.1.x ...)
 	NOT-FOR-US: IBM WebSphere Application Server
 CVE-2010-1649 (Multiple cross-site scripting (XSS) vulnerabilities in the back end in ...)
-	NOT-FOR-US: Joomla
+	- joomla <itp> (bug #571794)
 CVE-2010-1648 (Cross-site request forgery (CSRF) vulnerability in the login interface ...)
 	- mediawiki 1:1.15.4-1 (bug #585918; low)
 	[lenny] - mediawiki 1:1.12.0-2lenny6

More information about the Secure-testing-commits mailing list