[Secure-testing-commits] r21819 - data/CVE

Helmut Grohne helmut-guest at alioth.debian.org
Wed Apr 3 07:15:24 UTC 2013 

Author: helmut-guest
Date: 2013-04-03 07:15:24 +0000 (Wed, 03 Apr 2013)
New Revision: 21819

Modified:
   data/CVE/list
Log:
drupal stuff (NFUs, not-affected)

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2013-04-03 05:58:09 UTC (rev 21818)
+++ data/CVE/list	2013-04-03 07:15:24 UTC (rev 21819)
@@ -61,7 +61,7 @@
 CVE-2013-2716
 	RESERVED
 CVE-2013-2715 (Cross-site scripting (XSS) vulnerability in the admin view in the ...)
-	TODO: check
+	NOT-FOR-US: Drupal module search_api
 CVE-2013-2714
 	RESERVED
 CVE-2013-2713
@@ -1893,7 +1893,8 @@
 	[squeeze] - python-pip <not-affected>
 	NOTE: https://github.com/pypa/pip/pull/780/files
 CVE-2013-1887 (Multiple cross-site scripting (XSS) vulnerabilities in the Views ...)
-	TODO: check
+	- drupal6 <not-affected> (only affects 7.x-3.x to 7.x-3.6)
+	- drupal7 <not-affected> (views module not packaged)
 CVE-2013-1886
 	RESERVED
 CVE-2013-1885
@@ -1972,7 +1973,7 @@
 	- linux 3.2.41-1
 	- linux-2.6 <removed>
 CVE-2013-1859 (The Node Parameter Control module 6.x-1.x for Drupal does not properly ...)
-	TODO: check
+	NOT-FOR-US: Drupal module Node Parameter Control
 CVE-2013-1858 [linux: CLONE_NEWUSER|CLONE_FS root exploit]
 	RESERVED
 	- linux <not-affected> (Only exploitable starting with 3.7)
@@ -6165,13 +6166,14 @@
 CVE-2013-0261 ((1) installer/basedefs.py and (2) modules/ospluginutils.py in ...)
 	NOT-FOR-US: Openstack Packstack
 CVE-2013-0260 (Unspecified vulnerability in the Drush Debian Packaging module for ...)
-	TODO: check
+	NOT-FOR-US: Drupal module debuild
+	NOTE: This is a different thing from the drush package.
 CVE-2013-0259 (Cross-site scripting (XSS) vulnerability in the Boxes module 7.x-1.x ...)
-	TODO: check
+	NOT-FOR-US: Drupal module Boxes
 CVE-2013-0258 (The Google Authenticator login (ga_login) module 7.x before 7.x-1.3 ...)
-	TODO: check
+	NOT-FOR-US: Drupal module ga_login
 CVE-2013-0257 (The email2image module 6.x-1.x and 6.x-2.x for Drupal does not ...)
-	TODO: check
+	NOT-FOR-US: Drupal module email2image
 CVE-2013-0256 (darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before ...)
 	- ruby1.9.1 1.9.3.194-6 (low; bug #699929)
 	- ruby1.8 <not-affected> (Only affects 1.9 and 2.0)
@@ -6420,9 +6422,9 @@
 	- ruby-rack 1.4.1-2.1 (bug #698440)
 	- librack-ruby <removed>
 CVE-2013-0182 (The Payment module 7.x-1.x before 7.x-1.3 for Drupal does not properly ...)
-	TODO: check
+	NOT-FOR-US: Drupal module Payment
 CVE-2013-0181 (Cross-site scripting (XSS) vulnerability in Views in the Search API ...)
-	TODO: check
+	NOT-FOR-US: Drupal module search_api
 CVE-2013-0180
 	RESERVED
 CVE-2013-0179 [memcached DoS]

More information about the Secure-testing-commits mailing list