[Secure-testing-commits] r38754 - data/CVE

Thu Jan 7 19:21:33 UTC 2016

Author: jmm
Date: 2016-01-07 19:21:33 +0000 (Thu, 07 Jan 2016)
New Revision: 38754

Modified:
   data/CVE/list
Log:
mediawiki-extensions removed
mandb no-dsa


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2016-01-07 19:11:56 UTC (rev 38753)
+++ data/CVE/list	2016-01-07 19:21:33 UTC (rev 38754)
@@ -24859,6 +24859,8 @@
 CVE-2015-1336 [TOCTOU bug when processing catman pages]
 	RESERVED
 	- man-db <unfixed>
+	[jessie] - man-db <no-dsa> (Minor issue)
+	[wheezy] - man-db <no-dsa> (Minor issue)
 	[squeeze] - man-db <no-dsa> (Not exploitable in practice)
 	NOTE: http://www.halfdog.net/Security/2015/MandbSymlinkLocalRootPrivilegeEscalation/
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/man-db/+bug/1482786
@@ -62110,7 +62112,7 @@
 CVE-2013-4306 (Cross-site request forgery (CSRF) vulnerability in ...)
 	NOT-FOR-US: Mediawiki CheckUser extension
 CVE-2013-4305 (Cross-site scripting (XSS) vulnerability in contrib/example.php in the ...)
-	- mediawiki-extensions <unfixed> (unimportant)
+	- mediawiki-extensions <removed> (unimportant)
 	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=49070
 	NOTE: Just an example file
 CVE-2013-4304 (The CentralAuth extension for MediaWiki 1.19.x before 1.19.8, 1.20.x ...)


