[Secure-testing-commits] r30616 - data/CVE

[Salvatore Bonaccorso]

Author: carnil
Date: 2014-12-09 20:19:18 +0000 (Tue, 09 Dec 2014)
New Revision: 30616

Modified:
   data/CVE/list
Log:
Update information for CVE-2014-9276/mediawiki

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-12-09 19:48:16 UTC (rev 30615)
+++ data/CVE/list	2014-12-09 20:19:18 UTC (rev 30616)
@@ -367,8 +367,10 @@
 CVE-2014-9276 [XSS in Special:ExpandTemplates]
 	RESERVED
 	- mediawiki <unfixed>
-	[squeeze] - mediawiki <end-of-life>
-	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=71111 
+	[wheezy] - mediawiki <not-affected> (Vulnerable code not present)
+	[squeeze] - mediawiki <not-affected> (Vulnerable code not present)
+	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=71111
+	NOTE: No special expand templates before 1.23.x but available as extension.
 CVE-2014-9220 (SQL injection vulnerability in OpenVAS Manager before 4.0.6 and 5.x ...)
 	NOT-FOR-US: OpenVAS Manager
 CVE-2014-9219 [XSS vulnerability in redirection mechanism]