[Secure-testing-commits] r31869 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2015-01-31 13:52:15 +0000 (Sat, 31 Jan 2015)
New Revision: 31869

Modified:
   data/CVE/list
Log:
CVEs assigned for roundcube and phpbb3 issues

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-01-31 13:00:36 UTC (rev 31868)
+++ data/CVE/list	2015-01-31 13:52:15 UTC (rev 31869)
@@ -1,5 +1,15 @@
-CVE-2015-XXXX [roundcube: XSS]
+CVE-2015-1433 [roundcube: XSS]
 	- roundcube <unfixed> (low; bug #776700)
+CVE-2015-1432 [phpbb3: CSRF]
+	- phpbb3 <unfixed> (low; bug #776699)
+	[wheezy] - phpbb3 <no-dsa> (Minor issue)
+	[squeeze] - phpbb3 <no-dsa> (Minor issue)
+	NOTE: https://tracker.phpbb.com/browse/PHPBB3-13526
+CVE-2015-1431 [phpbb3: css injection]
+	- phpbb3 <unfixed> (low; bug #776699)
+	[wheezy] - phpbb3 <no-dsa> (Minor issue)
+	[squeeze] - phpbb3 <no-dsa> (Minor issue)
+	NOTE: https://tracker.phpbb.com/browse/PHPBB3-13531
 CVE-2015-1425
 	RESERVED
 CVE-2015-1424 (Cross-site request forgery (CSRF) vulnerability in Gecko CMS 2.2 and ...)
@@ -183,13 +193,6 @@
 CVE-2015-1401
 	RESERVED
 	NOT-FOR-US: typo3 extension
-CVE-2015-XXXX [phpbb3 csrf & css injection]
-	- phpbb3 <unfixed> (low; bug #776699)
-	[wheezy] - phpbb3 <no-dsa> (Minor issue)
-	[squeeze] - phpbb3 <no-dsa> (Minor issue)
-	NOTE: https://wiki.phpbb.com/Release_Highlights/3.0.13
-	NOTE: https://github.com/phpbb/phpbb/pull/3311
-	NOTE: https://github.com/phpbb/phpbb/pull/3316
 CVE-2015-XXXX [can be crashed by some network traffic]
 	- kgb-bot <unfixed> (bug #776424)
 CVE-2014-XXXX [Digest authentification never replay Ldap requests]