[Secure-testing-commits] r19047 - data/CVE

Tue Apr 24 09:17:01 UTC 2012

Author: fw
Date: 2012-04-24 09:17:01 +0000 (Tue, 24 Apr 2012)
New Revision: 19047

Modified:
   data/CVE/list
Log:
CVE-2011-5083: dotclear bug filed


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2012-04-24 09:09:07 UTC (rev 19046)
+++ data/CVE/list	2012-04-24 09:17:01 UTC (rev 19047)
@@ -1376,8 +1376,8 @@
 	- vlc <unfixed>
 	TODO: check
 CVE-2011-5083 (Unrestricted file upload vulnerability in inc/swf/swfupload.swf in ...)
-	- dotclear <unfixed>
-	TODO: check
+	- dotclear <unfixed> (low; bug #670227)
+	NOTE: Post-authentication; vulnerability is actually in admin/media.php.
 CVE-2012-1790 (Absolute path traversal vulnerability in Webgrind 1.0 and 1.0.2 allows ...)
 	NOT-FOR-US: Webgrind
 CVE-2012-1789 (Multiple cross-site scripting (XSS) vulnerabilities in Kongreg8 1.7.3 ...)


