[Secure-testing-commits] r31420 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Sat Jan 17 10:09:36 UTC 2015 

Author: carnil
Date: 2015-01-17 10:09:36 +0000 (Sat, 17 Jan 2015)
New Revision: 31420

Modified:
   data/CVE/list
Log:
Add references for mantis issues

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-01-17 10:08:30 UTC (rev 31419)
+++ data/CVE/list	2015-01-17 10:09:36 UTC (rev 31420)
@@ -1,3 +1,9 @@
+CVE-2015-XXXX [CAPTCHA bypass]
+	- mantis <removed>
+	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
+	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/01/17/5
+	NOTE: Upstream commit: https://github.com/mantisbt/mantisbt/commit/39a92726
+	NOTE: https://www.mantisbt.org/bugs/view.php?id=17984
 CVE-2015-1051
 	NOT-FOR-US: Drupal extension drupal7-context
 CVE-2015-XXXX [directory traversal in bsdcpio]
@@ -1274,16 +1280,22 @@
 	- mantis <removed>
 	[wheezy] - mantis <no-dsa> (Minor issue)
 	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
+	NOTE: Upstream patch: http://github.com/mantisbt/mantisbt/commit/69c2d28d (1.2.x)
+	NOTE: https://www.mantisbt.org/bugs/view.php?id=17940
 CVE-2014-9572
 	RESERVED
 	- mantis <removed>
 	[wheezy] - mantis <no-dsa> (Minor issue)
 	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
+	NOTE: Upstream patch: http://github.com/mantisbt/mantisbt/commit/5571bcf9 (1.2.x)
+	NOTE: https://www.mantisbt.org/bugs/view.php?id=17939
 CVE-2014-9571
 	RESERVED
 	- mantis <removed>
 	[wheezy] - mantis <no-dsa> (Minor issue)
 	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
+	NOTE: Upstream patch: http://github.com/mantisbt/mantisbt/commit/6d47c047 (1.2.x)
+	NOTE: https://www.mantisbt.org/bugs/view.php?id=17938
 CVE-2014-9570
 	RESERVED
 CVE-2014-9569 (Multiple cross-site scripting (XSS) vulnerabilities in SAP NetWeaver ...)
@@ -1406,6 +1418,8 @@
 	- mantis <removed>
 	[wheezy] - mantis <no-dsa> (Minor issue)
 	[squeeze] - mantis <not-affected> (Incomplete fix not applied)
+	NOTE: https://www.mantisbt.org/bugs/view.php?id=17997
+	NOTE: http://github.com/mantisbt/mantisbt/commit/d95f070d
 CVE-2015-1031 [use-after-free]
 	RESERVED
 	- privoxy 3.0.21-5 (bug #775167)

More information about the Secure-testing-commits mailing list