[Secure-testing-commits] r31039 - data/CVE

Tue Dec 30 02:25:32 UTC 2014

Author: jmm
Date: 2014-12-30 02:25:32 +0000 (Tue, 30 Dec 2014)
New Revision: 31039

Modified:
   data/CVE/list
Log:
perl no-dsa
filed bug for phpmyadmin and movabletype


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2014-12-30 02:02:53 UTC (rev 31038)
+++ data/CVE/list	2014-12-30 02:25:32 UTC (rev 31039)
@@ -8,7 +8,9 @@
 	[squeeze] - libsndfile <no-dsa> (Minor issue)
 	[wheezy] - libsndfile <no-dsa> (Minor issue)
 CVE-2014-XXXX [a2p: buffer overflow]
-	- perl <unfixed> (bug #769606)
+	- perl <unfixed> (low; bug #769606)
+	[squeeze] - perl <no-dsa> (Minor issue)
+	[wheezy] - perl <no-dsa> (Minor issue)
 CVE-2014-XXXX [dir traversal]
 	- elfutils <unfixed>
 	[wheezy] - elfutils <no-dsa> (Minor issue)
@@ -1148,12 +1150,11 @@
 CVE-2014-9220 (SQL injection vulnerability in OpenVAS Manager before 4.0.6 and 5.x ...)
 	NOT-FOR-US: OpenVAS Manager
 CVE-2014-9219 (Cross-site scripting (XSS) vulnerability in the redirection feature in ...)
-	- phpmyadmin <unfixed>
+	- phpmyadmin <unfixed> (bug #774194)
 	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/9b2479b7216dd91a6cc2f231c0fd6b85d457f6e2
 	NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2014-18.php
-	TODO: check older versions
 CVE-2014-9218 (libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.7, 4.1.x ...)
-	- phpmyadmin <unfixed>
+	- phpmyadmin <unfixed> (bug #774194)
 	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/1ac863c7573d12012374d5d41e5c7dc5505ea6e1 (master)
 	NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2014-17.php
 CVE-2014-9172
@@ -1361,7 +1362,7 @@
 CVE-2014-9058
 	RESERVED
 CVE-2014-9057 (SQL injection vulnerability in the XML-RPC interface in Movable Type ...)
-	- movabletype-opensource <unfixed>
+	- movabletype-opensource <unfixed> (bug #774192)
 	NOTE: https://movabletype.org/news/2014/12/6.0.6.html
 	NOTE: https://movabletype.org/documentation/appendices/release-notes/6.0.6.html
 CVE-2014-9056


