thr3ads.net - Secure testing commits - [Secure-testing-commits] r9612

If this information is useful, please help other people find it:
Share via:

nion at alioth.debian.org

2008-Aug-20 18:06 UTC

[Secure-testing-commits] r9612 - in data: CVE DTSA

Author: nion
Date: 2008-08-20 18:06:42 +0000 (Wed, 20 Aug 2008)
New Revision: 9612

Modified:
   data/CVE/list
   data/DTSA/list
Log:
drupal5 cveified

Modified: data/CVE/list
==================================================================---
data/CVE/list	2008-08-20 10:25:30 UTC (rev 9611)
+++ data/CVE/list	2008-08-20 18:06:42 UTC (rev 9612)
@@ -1,11 +1,21 @@
 CVE-2008-3699 [insecure tmp file usage in amarok]
 	- amarok 1.4.10-1 (low; bug #494765)
-CVE-2008-XXXX [drupal XSS]
+CVE-2008-3740 [drupal XSS]
 	- drupal5 5.10-1 (low; bug #495122)
-	[lenny] - drupal5 5.9-1~lenny1
-	NOTE: this is temporary workaround because of the missing CVE id, this is
DTSA-156-1
-	TODO: check drupal4.7, request CVE id
-	NOTE: CVE id requested by oss people
+	TODO: check drupal4.7
+CVE-2008-3741 [drupal XSS]
+	- drupal5 5.10-1 (low; bug #495122)
+	TODO: check drupal4.7
+CVE-2008-3742 [drupal file uploads via blogApi]
+	- drupal5 5.10-1 (medium; bug #495122)
+	TODO: check drupal4.7
+CVE-2008-3743 [drupal CSRF]
+	- drupal5 <not-affected> (Vulnerable code not present)
+CVE-2008-3744 [drupal CSRF]
+	- drupal5 5.10-1 (low; bug #495122)
+	TODO: check drupal4.7
+CVE-2008-3745 [drupal upload module privilege escalation]
+	- drupal5 <not-affected> (Vulnerable code only present in 6.x)
 CVE-2008-3666 (Unspecified vulnerability in Sun Solaris 10 and OpenSolaris
before ...)
 	NOT-FOR-US: Sun Solaris 10
 CVE-2008-3665

Modified: data/DTSA/list
==================================================================---
data/DTSA/list	2008-08-20 10:25:30 UTC (rev 9611)
+++ data/DTSA/list	2008-08-20 18:06:42 UTC (rev 9612)
@@ -458,8 +458,8 @@
 	[lenny] - git-core 1.5.6.3-1+lenny2
 	NOTE: DTSA-153-1 was incomplete
 [August 17th, 2008] DTSA-156-1 drupal5 - multiple vulnerabilities
+	{CVE-2008-3740 CVE-2008-3741 CVE-2008-3742 CVE-2008-3743 CVE-2008-3744
CVE-2008-3745}
 	[lenny] - drupal5 5.9-1.1+lenny1
 [August 17th, 2008] DTSA-157-1 python2.5 - multiple vulnerabilities
 	{CVE-2008-3142 CVE-2008-3144 CVE-2008-2315 CVE-2008-2316}
 	[lenny] - python2.5 2.5.2-6+lenny1
-

Secure testing commits - Aug 2008 - r9612 - in data: CVE DTSA

[Secure-testing-commits] r9612 - in data: CVE DTSA