[Secure-testing-commits] r28971 - data/CVE

Helmut Grohne helmutg at moszumanska.debian.org
Tue Sep 23 06:59:12 UTC 2014 

Author: helmutg
Date: 2014-09-23 06:59:11 +0000 (Tue, 23 Sep 2014)
New Revision: 28971

Modified:
   data/CVE/list
Log:
various typo3 extensions are NFUs

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-09-23 06:58:22 UTC (rev 28970)
+++ data/CVE/list	2014-09-23 06:59:11 UTC (rev 28971)
@@ -879,27 +879,28 @@
 	- procmail 3.22-22 (bug #760443)
 	NOTE: http://www.openwall.com/lists/oss-security/2014/09/03/8
 CVE-2014-6241 (SQL injection vulnerability in the wt_directory extension before 1.4.1 ...)
-	TODO: check
+	NOT-FOR-US: Typo3 extension wt_directory
 CVE-2014-6240 (Cross-site scripting (XSS) vulnerability in the Google Sitemap ...)
-	TODO: check
+	NOT-FOR-US: Typo3 extension weeaar_googlesitemap
 CVE-2014-6239 (SQL injection vulnerability in the Address visualization with Google ...)
-	TODO: check
+	NOT-FOR-US: Typo3 extension st_address_map
 CVE-2014-6238 (Cross-site scripting (XSS) vulnerability in the Akronymmanager (aka SB ...)
-	TODO: check
+	NOT-FOR-US: Typo3 extension Akronymmanager
 CVE-2014-6237 (Cross-site scripting (XSS) vulnerability in the News Pack extension ...)
-	TODO: check
+	NOT-FOR-US: Typo3 extension News Pack
 CVE-2014-6236 (Unspecified vulnerability in the LumoNet PHP Include (lumophpinclude) ...)
-	TODO: check
+	NOT-FOR-US: Typo3 extension lumophpinclude
 CVE-2014-6235 (Unspecified vulnerability in the ke DomPDF extension before 0.0.5 for ...)
-	TODO: check
+	NOT-FOR-US: Typo3 extension DomPDF
 CVE-2014-6234 (Cross-site scripting (XSS) vulnerability in the Open Graph protocol ...)
-	TODO: check
+	NOT-FOR-US: Typo3 extension jh_opengraphprotocol
 CVE-2014-6233 (SQL injection vulnerability in the Flat Manager (flatmgr) extension ...)
-	TODO: check
+	NOT-FOR-US: Typo3 extension flatmgr
 CVE-2014-6232 (Unspecified vulnerability in the LDAP (eu_ldap) extension before ...)
-	TODO: check
+	NOT-FOR-US: Typo3 extension eu_ldap
 CVE-2014-6231 (Unspecified vulnerability in the CWT Frontend Edit (cwt_feedit) ...)
-	TODO: check
+	NOT-FOR-US: Typo3 extension cwt_feedit
+	NOTE: This is different from the feedit extension in typo3-src.
 CVE-2014-6227
 	RESERVED
 CVE-2014-6226

More information about the Secure-testing-commits mailing list