[Secure-testing-commits] r21364 - data/CVE

[Salvatore Bonaccorso]

Author: carnil
Date: 2013-02-21 19:01:55 +0000 (Thu, 21 Feb 2013)
New Revision: 21364

Modified:
   data/CVE/list
Log:
add owncloud XSS vulnerabilities

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2013-02-21 18:51:41 UTC (rev 21363)
+++ data/CVE/list	2013-02-21 19:01:55 UTC (rev 21364)
@@ -4604,8 +4604,11 @@
 	- linux-2.6 <removed>
 CVE-2013-0308
 	RESERVED
-CVE-2013-0307
+CVE-2013-0307 [XSS vulnerability]
 	RESERVED
+	- owncloud <unfixed>
+	NOTE: http://owncloud.org/about/security/advisories/oC-SA-2013-003/
+	TODO: report to BTS
 CVE-2013-0306 [Formset denial-of-service]
 	RESERVED
 	- python-django <unfixed>
@@ -4627,10 +4630,16 @@
 	RESERVED
 CVE-2013-0299
 	RESERVED
-CVE-2013-0298
+CVE-2013-0298 [XSS vulnerability]
 	RESERVED
-CVE-2013-0297
+	- owncloud <not-affected> (Vulnerably code not present, only affects 4.5 branch)
+	NOTE: http://owncloud.org/about/security/advisories/oC-SA-2013-003/
+	NOTE: only affecting owncloud 4.5
+CVE-2013-0297 [XSS vulnerability]
 	RESERVED
+	- owncloud <unfixed>
+	NOTE: http://owncloud.org/about/security/advisories/oC-SA-2013-003/
+	TODO: report to BTS
 CVE-2013-0296 [creates temp files with too wide permissions]
 	RESERVED
 	- pigz <unfixed> (low; bug #700608)