[Secure-testing-commits] r17389 - data/CVE
Jonathan Wiltshire
jmw at alioth.debian.org
Fri Oct 7 18:04:16 UTC 2011
Author: jmw
Date: 2011-10-07 18:04:16 +0000 (Fri, 07 Oct 2011)
New Revision: 17389
Modified:
data/CVE/list
Log:
Update bugzilla statuses
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2011-10-07 15:50:21 UTC (rev 17388)
+++ data/CVE/list 2011-10-07 18:04:16 UTC (rev 17389)
@@ -2615,6 +2615,8 @@
- bugzilla <not-affected> (Only affects Bugzilla 4.1, never uploaded to the archive)
CVE-2011-2978 (Bugzilla 2.16rc1 through 2.22.7, 3.0.x through 3.3.x, 3.4.x before ...)
- bugzilla <removed> (low)
+ [squeeze] - bugzilla <unfixed> (low)
+ [lenny] - bugzilla <unfixed> (low)
CVE-2011-2977 (Bugzilla 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x ...)
- bugzilla <not-affected> (Only affects Bugzilla on Windows)
CVE-2011-2976 (Cross-site scripting (XSS) vulnerability in Bugzilla 2.16rc1 through ...)
@@ -4213,10 +4215,16 @@
RESERVED
CVE-2011-2381 (CRLF injection vulnerability in Bugzilla 2.17.1 through 2.22.7, 3.0.x ...)
- bugzilla <removed> (low)
+ [squeeze] - bugzilla <unfixed> (low)
+ [lenny] - bugzilla <unfixed> (low)
CVE-2011-2380 (Bugzilla 2.23.3 through 2.22.7, 3.0.x through 3.3.x, 3.4.x before ...)
- bugzilla <removed> (low)
+ [squeeze] - bugzilla <unfixed> (low)
+ [lenny] - bugzilla <unfixed> (low)
CVE-2011-2379 (Cross-site scripting (XSS) vulnerability in Bugzilla 2.4 through ...)
- bugzilla <removed> (low)
+ [squeeze] - bugzilla <unfixed> (low)
+ [lenny] - bugzilla <unfixed> (low)
CVE-2011-2378 (The appendChild function in Mozilla Firefox before 3.6.20, Thunderbird ...)
{DSA-2297-1 DSA-2296-1 DSA-2295-1}
- icedove 3.1.12-1
@@ -11245,14 +11253,18 @@
CVE-2011-0049 (Directory traversal vulnerability in the _list_file_get function in ...)
NOT-FOR-US: Majordomo
CVE-2011-0048 (Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and ...)
- - bugzilla <unfixed> (bug #611176)
+ - bugzilla <removed> (bug #611176)
+ [squeeze] - bugzilla <unfixed> (bug #611176)
+ [lenny] - bugzilla <unfixed> (bug #611176)
NOTE: http://www.bugzilla.org/security/3.2.9/
CVE-2011-0047 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.2 ...)
- mediawiki 1:1.15.5-3 (low; bug #611787)
[lenny] - mediawiki 1:1.12.0-2lenny8 (low; bug #611787)
[squeeze] - mediawiki 1:1.15.5-2squeeze1 (low; bug #611787)
CVE-2011-0046 (Multiple cross-site request forgery (CSRF) vulnerabilities in Bugzilla ...)
- - bugzilla <unfixed> (bug #611176)
+ - bugzilla <removed> (bug #611176)
+ [squeeze] - bugzilla <unfixed> (bug #611176)
+ [lenny] - bugzilla <unfixed> (bug #611176)
NOTE: http://www.bugzilla.org/security/3.2.9/
CVE-2010-4578 (Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 do ...)
{DSA-2188-1}
@@ -11280,7 +11292,9 @@
CVE-2010-4573 (The Update Installer in VMware ESXi 4.1, when a modified sfcb.cfg is ...)
NOT-FOR-US: VMware ESXi
CVE-2010-4572 (CRLF injection vulnerability in chart.cgi in Bugzilla before 3.2.10, ...)
- - bugzilla <unfixed>
+ - bugzilla <removed>
+ [squeeze] - bugzilla <unfixed>
+ [lenny] - bugzilla <unfixed>
NOTE: http://www.bugzilla.org/security/3.2.9/
NOTE: perl and associate packages are CVE-2010-2761 and CVE-2010-4411 (see above reference)
CVE-2010-4571
@@ -11290,10 +11304,14 @@
CVE-2010-4569 (Cross-site scripting (XSS) vulnerability in Bugzilla 3.7.1, 3.7.2, ...)
- bugzilla <not-affected> (vulnerable code introduced in 3.7)
CVE-2010-4568 (Bugzilla 2.14 through 2.22.7; 3.0.x, 3.1.x, and 3.2.x before 3.2.10; ...)
- - bugzilla <unfixed> (bug #611176)
+ - bugzilla <removed> (bug #611176)
+ [squeeze] - bugzilla <unfixed> (bug #611176)
+ [lenny] - bugzilla <unfixed> (bug #611176)
NOTE: http://www.bugzilla.org/security/3.2.9/
CVE-2010-4567 (Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and ...)
- - bugzilla <unfixed> (high; bug #611176)
+ - bugzilla <removed> (high; bug #611176)
+ [squeeze] - bugzilla <unfixed> (high; bug #611176)
+ [lenny] - bugzilla <unfixed> (high; bug #611176)
NOTE: http://www.bugzilla.org/security/3.2.9/
CVE-2010-4566 (The web authentication form in the NT4 authentication component in ...)
NOT-FOR-US: Citrix Acces Gateway
More information about the Secure-testing-commits
mailing list