[Secure-testing-commits] r17215 - data/CVE

[Moritz Muehlenhoff]

Author: jmm
Date: 2011-09-12 07:48:28 +0000 (Mon, 12 Sep 2011)
New Revision: 17215

Modified:
   data/CVE/list
Log:
mantis CVEfied


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2011-09-12 07:45:36 UTC (rev 17214)
+++ data/CVE/list	2011-09-12 07:48:28 UTC (rev 17215)
@@ -11,11 +11,6 @@
 	NOT-FOR-US: IBM OpenAdmin Too
 CVE-2010-4833 (Untrusted search path vulnerability in ...)
 	TODO: check
-CVE-2011-XXXX [mantis multiple issues]
-	- mantis 1.2.7-1 (medium; bug #640297)
-	TODO: split into individual CVE ids after assignment
-	NOTE: requested CVE ids
-	NOTE: medium due to LFI
 CVE-2011-3350 [masqmail improper privilege dropping]
 	RESERVED
 	- masqmail <unfixed> (low; bug #638002)
@@ -83,12 +78,15 @@
 	RESERVED
 CVE-2011-3359
 	RESERVED
-CVE-2011-3358
+CVE-2011-3358 [XSS issues with unescaped os, os_build and platform]
 	RESERVED
-CVE-2011-3357
+	- mantis 1.2.7-1 (low; bug #640297)
+CVE-2011-3357 [LFI and XSS via bug_actiongroup_ext_page.php]
 	RESERVED
-CVE-2011-3356
+	- mantis 1.2.7-1 (medium; bug #640297)
+CVE-2011-3356 [XSS injection via PHP_SELF]
 	RESERVED
+	- mantis 1.2.7-1 (low; bug #640297)
 CVE-2011-3355
 	RESERVED
 	- evolution-data-server3 <unfixed>