[Secure-testing-commits] r30548 - data/CVE

Henri Salo fgeek-guest at moszumanska.debian.org
Thu Dec 4 20:16:48 UTC 2014 

Author: fgeek-guest
Date: 2014-12-04 20:16:48 +0000 (Thu, 04 Dec 2014)
New Revision: 30548

Modified:
   data/CVE/list
Log:
mediawiki CVE-2014-9276, CVE-2014-9277

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-12-04 16:14:37 UTC (rev 30547)
+++ data/CVE/list	2014-12-04 20:16:48 UTC (rev 30548)
@@ -1,14 +1,6 @@
 CVE-2014-XXXX [buffer overflow in mpfr_strtofr]
 	- mpfr4 <unfixed> (bug #772008)
 	NOTE: https://gforge.inria.fr/scm/viewvc.php?view=rev&root=mpfr&revision=9243
-CVE-2014-XXXX [XSS in Special:ExpandTemplates]
-	- mediawiki <unfixed>
-	[squeeze] - mediawiki <end-of-life>
-	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=71111
-CVE-2014-XXXX [<cross-domain-policy> mangling allows injection in API format=php]
-	- mediawiki <unfixed>
-	[squeeze] - mediawiki <end-of-life>
-	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=71478
 CVE-2015-0360
 	RESERVED
 CVE-2015-0359
@@ -133,6 +125,14 @@
 	- unrtf <unfixed>
 	NOTE: https://lists.gnu.org/archive/html/bug-unrtf/2014-11/msg00000.html
 	TODO: check
+CVE-2014-9277 [<cross-domain-policy> mangling allows injection in API format=php]
+	- mediawiki <unfixed>
+	[squeeze] - mediawiki <end-of-life>
+	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=71478
+CVE-2014-9276 [XSS in Special:ExpandTemplates]
+	- mediawiki <unfixed>
+	[squeeze] - mediawiki <end-of-life>
+	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=71111 
 CVE-2014-9220
 	NOT-FOR-US: OpenVAS Manager
 CVE-2014-9219 [XSS vulnerability in redirection mechanism]
@@ -2329,8 +2329,8 @@
 	RESERVED
 	- kde-workspace 4:4.11.13-2 (unimportant)
 	NOTE: https://projects.kde.org/projects/kde/kde-workspace/repository/diff?rev=54d0bfb5effff9c8cf60da890b7728cbe36a454e&rev_to=fd2aa9deed44fad6107625ad7360157fea7296f6
-        NOTE: On Debian changing the clock requires authentication, so it's not exploitable
-        NOTE: in the standard setup
+	NOTE: On Debian changing the clock requires authentication, so it's not exploitable
+	NOTE: in the standard setup
 CVE-2014-8583
 	RESERVED
 	- mod-wsgi 4.2.7-1

More information about the Secure-testing-commits mailing list