[Secure-testing-commits] r23645 - in data: CVE DSA

Salvatore Bonaccorso carnil at alioth.debian.org
Thu Sep 12 19:32:49 UTC 2013 

Author: carnil
Date: 2013-09-12 19:32:48 +0000 (Thu, 12 Sep 2013)
New Revision: 23645

Modified:
   data/CVE/list
   data/DSA/list
Log:
Try to further improve information about CVE-2013-5587

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2013-09-12 19:24:28 UTC (rev 23644)
+++ data/CVE/list	2013-09-12 19:32:48 UTC (rev 23645)
@@ -438,11 +438,15 @@
 	{DSA-2747-1}
 	- cacti 0.8.8b+dfsg-3
 CVE-2013-5587 (Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x ...)
-	- request-tracker3.8 <removed>
+	{DSA-2671-1}
+	- request-tracker3.8 <not-affected> (only covers the issues in 4.x)
 	- request-tracker4 4.0.12-2 (bug #709836)
 	NOTE: This is covered by the patches applied for CVE-2013-3371 in DSA-2760 and DSA-2761.
+	NOTE: NVD explicitly mentions CVE-2013-5587 only for the RT 4.x series.
 	NOTE: patch for 3.8.17: https://github.com/bestpractical/rt/compare/rt-3.8.16...rt-3.8.17
 	NOTE: patch for 4.0.13: https://github.com/bestpractical/rt/compare/rt-4.0.12...rt-4.0.13
+	NOTE: still not clear why the split was done, but confirmed by upstream that this issue
+	NOTE: is covered by the fixes applied for CVE-2013-3371
 CVE-2013-5580 [denial of service (server crash)]
 	RESERVED
 	- ngircd <not-affected> (only affects 20, 20.1, and 20.2)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2013-09-12 19:24:28 UTC (rev 23644)
+++ data/DSA/list	2013-09-12 19:32:48 UTC (rev 23645)
@@ -307,7 +307,7 @@
 	{CVE-2013-3266}
 	[wheezy] - kfreebsd-9 9.0-10+deb70.1
 [22 May 2013] DSA-2671-1 request-tracker4 - several
-	{CVE-2012-4733 CVE-2013-3368 CVE-2013-3369 CVE-2013-3370 CVE-2013-3371 CVE-2013-3372 CVE-2013-3373 CVE-2013-3374}
+	{CVE-2012-4733 CVE-2013-3368 CVE-2013-3369 CVE-2013-3370 CVE-2013-3371 CVE-2013-3372 CVE-2013-3373 CVE-2013-3374 CVE-2013-5587}
 	[wheezy] - request-tracker4 4.0.7-5+deb7u2
 [22 May 2013] DSA-2670-1 request-tracker3.8 - several
 	{CVE-2013-3368 CVE-2013-3369 CVE-2013-3370 CVE-2013-3371 CVE-2013-3372 CVE-2013-3373 CVE-2013-3374}

More information about the Secure-testing-commits mailing list