[Secure-testing-commits] r21469 - data/CVE

[Salvatore Bonaccorso]

Author: carnil
Date: 2013-03-01 18:27:52 +0000 (Fri, 01 Mar 2013)
New Revision: 21469

Modified:
   data/CVE/list
Log:
add CVEs for roundup

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2013-03-01 17:05:44 UTC (rev 21468)
+++ data/CVE/list	2013-03-01 18:27:52 UTC (rev 21469)
@@ -5783,14 +5783,21 @@
 CVE-2012-6134
 	RESERVED
 	NOT-FOR-US: ruby-omniauth, there was a sponsor request, but no ITP: http://osdir.com/ml/debian-mentors/2011-08/msg00662.html
-CVE-2012-6133
+CVE-2012-6133 [XSS flaws in ok and error messages]
 	RESERVED
-CVE-2012-6132
+	- roundup 1.4.20-1
+	NOTE: http://issues.roundup-tracker.org/issue2550724
+CVE-2012-6132 [XSS flaw with the otk parameter]
 	RESERVED
-CVE-2012-6131
+	- roundup 1.4.20-1
+CVE-2012-6131 [XSS flaw in @action parameter]
 	RESERVED
-CVE-2012-6130
+	- roundup 1.4.20-1
+	NOTE: http://issues.roundup-tracker.org/issue2550711
+CVE-2012-6130 [XSS vulnerability when usernames contain HTML]
 	RESERVED
+	- roundup 1.4.20-1
+	NOTE: http://issues.roundup-tracker.org/issue2550684
 CVE-2012-6129 [Transmission can be made to crash remotely]
 	RESERVED
 	- transmission 2.52-3+nmu1 (bug #700234)