[Secure-testing-commits] r19184 - data/CVE

Henri Salo fgeek-guest at alioth.debian.org
Wed May 9 14:57:27 UTC 2012 

Author: fgeek-guest
Date: 2012-05-09 14:57:27 +0000 (Wed, 09 May 2012)
New Revision: 19184

Modified:
   data/CVE/list
Log:
Second part of SilverStripe updates.

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-05-09 14:49:23 UTC (rev 19183)
+++ data/CVE/list	2012-05-09 14:57:27 UTC (rev 19184)
@@ -320,26 +320,39 @@
 CVE-2010-5095 [SilverStripe escaping exploit]
 	RESERVED
     - silverstripe <itp> (bug #528461)
+    NOTE: http://seclists.org/oss-sec/2012/q2/209
 CVE-2010-5094 [SilverStripe unauthenticated remote removal of index.php under certain conditions]
 	RESERVED
     - silverstripe <itp> (bug #528461)
+    NOTE: http://seclists.org/oss-sec/2012/q2/209
 CVE-2010-5093 [SilverStripe privilege escalation exploit]
 	RESERVED
     - silverstripe <itp> (bug #528461)
-CVE-2010-5092
+    NOTE: http://seclists.org/oss-sec/2012/q2/209
+CVE-2010-5092 [SilverStripe fixed password encryption when saving members through the "Add Member" dialog in the "Security" admin. The saving process was disregarding password encyrption and saving them as plaintext]
 	RESERVED
-CVE-2010-5091
+    - silverstripe <itp> (bug #528461)
+    NOTE: http://seclists.org/oss-sec/2012/q2/209
+CVE-2010-5091 [SilverStripe fixed a security issue where logged-in CMS authors were allowed to rename files with harmful extensions]
 	RESERVED
-CVE-2010-5090
+    - silverstripe <itp> (bug #528461)
+    NOTE: http://seclists.org/oss-sec/2012/q2/209
+CVE-2010-5090 [SilverStripe fixed a security issue where users with access to admin/security (but limited privileges) can take over a known administrator account by changing its password]
 	RESERVED
+    - silverstripe <itp> (bug #528461)
+    NOTE: http://seclists.org/oss-sec/2012/q2/209
 CVE-2010-5089 [SilverStripe information disclosure]
 	RESERVED
     - silverstripe <itp> (bug #528461)
-CVE-2010-5088
+    NOTE: http://seclists.org/oss-sec/2012/q2/209
+CVE-2010-5088 [SilverStripe CSRF]
 	RESERVED
+    - silverstripe <itp> (bug #528461)
+    NOTE: http://seclists.org/oss-sec/2012/q2/209
 CVE-2010-5087 [SilverStripe CSRF protection bypassed when handling form action requests through controller]
 	RESERVED
     - silverstripe <itp> (bug #528461)
+    NOTE: http://seclists.org/oss-sec/2012/q2/209
 CVE-2012-2416 (chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x ...)
 	- asterisk 1:1.8.11.1~dfsg-1 (bug #670180)
 	[squeeze] - asterisk <not-affected> (Vulnerable code not present)
@@ -5832,18 +5845,23 @@
 CVE-2011-4962 [silverstripe: Potential remote code execution]
 	RESERVED
 	- silverstripe <itp> (bug #528461)
+    NOTE: http://seclists.org/oss-sec/2012/q2/209
 CVE-2011-4961 [silverstripe: Privilege escalation]
 	RESERVED
 	- silverstripe <itp> (bug #528461)
+    NOTE: http://seclists.org/oss-sec/2012/q2/209
 CVE-2011-4960 [silverstripe: SQL injection]
 	RESERVED
 	- silverstripe <itp> (bug #528461)
+    NOTE: http://seclists.org/oss-sec/2012/q2/209
 CVE-2011-4959 [silverstripe: SQL injection]
 	RESERVED
 	- silverstripe <itp> (bug #528461)
+    NOTE: http://seclists.org/oss-sec/2012/q2/209
 CVE-2011-4958 [silverstripe:XSS]
 	RESERVED
 	- silverstripe <itp> (bug #528461)
+    NOTE: http://seclists.org/oss-sec/2012/q2/209
 CVE-2011-4957
 	RESERVED
 	- wordpress 3.2.1+dfsg-1
@@ -6254,12 +6272,15 @@
 CVE-2010-5080 [SilverStripe HTTP referer leakage on Security/changepassword]
 	RESERVED
     - silverstripe <itp> (bug #528461)
+    NOTE: http://seclists.org/oss-sec/2012/q2/209
 CVE-2010-5079 [SilverStripe weak entropy in tokens for CSRF protection, autologin, "forgot password" emails and password salts]
 	RESERVED
     - silverstripe <itp> (bug #528461)
+    NOTE: http://seclists.org/oss-sec/2012/q2/209
 CVE-2010-5078 [SilverStripe version number information disclosure]
 	RESERVED
     - silverstripe <itp> (bug #528461)
+    NOTE: http://seclists.org/oss-sec/2012/q2/209
 CVE-2010-5077 [quake3 reflective UDP denial of service]
 	RESERVED
 	{DSA-2442-1}
@@ -11893,12 +11914,15 @@
 CVE-2010-4824 [SilverStripe SQL injection with Translatable extension enabled]
 	RESERVED
     - silverstripe <itp> (bug #528461)
+    NOTE: http://seclists.org/oss-sec/2012/q2/209
 CVE-2010-4823 [SilverStripe XSS in controller handling for missing actions]
 	RESERVED
     - silverstripe <itp> (bug #528461)
+    NOTE: http://seclists.org/oss-sec/2012/q2/209
 CVE-2010-4822 [SilverStripe SQL information disclosure in MySQLDatabase]
 	RESERVED
     - silverstripe <itp> (bug #528461)
+    NOTE: http://seclists.org/oss-sec/2012/q2/209
 CVE-2010-4821
 	RESERVED
 	NOT-FOR-US: phpMyFAQ

More information about the Secure-testing-commits mailing list