[Secure-testing-commits] r23643 - data/CVE
Salvatore Bonaccorso
carnil at alioth.debian.org
Thu Sep 12 19:16:45 UTC 2013
Author: carnil
Date: 2013-09-12 19:16:43 +0000 (Thu, 12 Sep 2013)
New Revision: 23643
Modified:
data/CVE/list
Log:
Update entry for CVE-2013-5587
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-09-12 18:15:52 UTC (rev 23642)
+++ data/CVE/list 2013-09-12 19:16:43 UTC (rev 23643)
@@ -401,14 +401,12 @@
{DSA-2747-1}
- cacti 0.8.8b+dfsg-3
CVE-2013-5587 (Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x ...)
+ {DSA-2671-1 DSA-2670-1}
- request-tracker3.8 <removed>
- - request-tracker4 <unfixed> (low)
- NOTE: looks like CVE-2013-5587 is not fully correct
+ - request-tracker4 4.0.12-2 (bug #709836)
+ NOTE: This is covered by the patches applied for CVE-2013-3371 in DSA-2760 and DSA-2761.
NOTE: patch for 3.8.17: https://github.com/bestpractical/rt/compare/rt-3.8.16...rt-3.8.17
NOTE: patch for 4.0.13: https://github.com/bestpractical/rt/compare/rt-4.0.12...rt-4.0.13
- NOTE: should already be covered by DSA-2760 and DSA-2761.
- NOTE: NVD mentions split from CVE-2013-3371, due to different affected versions?
- TODO: check
CVE-2013-5580 [denial of service (server crash)]
RESERVED
- ngircd <not-affected> (only affects 20, 20.1, and 20.2)
More information about the Secure-testing-commits
mailing list