[Secure-testing-commits] r33012 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Fri Mar 20 20:30:37 UTC 2015 

Author: carnil
Date: 2015-03-20 20:30:37 +0000 (Fri, 20 Mar 2015)
New Revision: 33012

Modified:
   data/CVE/list
Log:
Add bug reference for mantis, #780875

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-03-20 20:27:40 UTC (rev 33011)
+++ data/CVE/list	2015-03-20 20:30:37 UTC (rev 33012)
@@ -245,7 +245,7 @@
 	- upstart <not-affected> (Vulnerable cron.daily script not present)
 CVE-2014-9701 [XSS issue in MantisBT permalink_page.php]
 	RESERVED
-	- mantis <removed>
+	- mantis <removed> (bug #780875)
 	[wheezy] - mantis <no-dsa> (Minor issue)
 	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
 	NOTE: Fixed by https://github.com/mantisbt/mantisbt/commit/d95f070d (1.2.x)
@@ -3913,7 +3913,7 @@
 	NOTE: https://www.sympa.org/security_advisories#security_breaches_in_newsletter_posting
 CVE-2014-9624 [CAPTCHA bypass]
 	RESERVED
-	- mantis <removed>
+	- mantis <removed> (bug #780875)
 	[wheezy] - mantis <no-dsa> (Minor issue)
 	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
 	NOTE: Upstream commit: https://github.com/mantisbt/mantisbt/commit/39a92726
@@ -5292,19 +5292,19 @@
 CVE-2014-9574 (Directory traversal vulnerability in install.php in FluxBB before ...)
 	NOT-FOR-US: FluxBB
 CVE-2014-9573 (SQL injection vulnerability in manage_user_page.php in MantisBT before ...)
-	- mantis <removed>
+	- mantis <removed> (bug #780875)
 	[wheezy] - mantis <no-dsa> (Minor issue)
 	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
 	NOTE: Upstream patch: http://github.com/mantisbt/mantisbt/commit/69c2d28d (1.2.x)
 	NOTE: https://www.mantisbt.org/bugs/view.php?id=17940
 CVE-2014-9572 (MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 does not properly ...)
-	- mantis <removed>
+	- mantis <removed> (bug #780875)
 	[wheezy] - mantis <no-dsa> (Minor issue)
 	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
 	NOTE: Upstream patch: http://github.com/mantisbt/mantisbt/commit/5571bcf9 (1.2.x)
 	NOTE: https://www.mantisbt.org/bugs/view.php?id=17939
 CVE-2014-9571 (Cross-site scripting (XSS) vulnerability in admin/install.php in ...)
-	- mantis <removed>
+	- mantis <removed> (bug #780875)
 	[wheezy] - mantis <no-dsa> (Minor issue)
 	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
 	NOTE: Upstream patch: http://github.com/mantisbt/mantisbt/commit/6d47c047 (1.2.x)
@@ -5427,7 +5427,7 @@
 	- weboob 1.0-3 (low; bug #774838)
 	[wheezy] - weboob <no-dsa> (Minor issue)
 CVE-2015-1042 (The string_sanitize_url function in core/string_api.php in MantisBT ...)
-	- mantis <removed>
+	- mantis <removed> (bug #780875)
 	[wheezy] - mantis <no-dsa> (Minor issue)
 	[squeeze] - mantis <not-affected> (Incomplete fix not applied)
 	NOTE: https://www.mantisbt.org/bugs/view.php?id=17997

More information about the Secure-testing-commits mailing list