thr3ads.net - Secure testing commits - [Secure-testing-commits] r14457

If this information is useful, please help other people find it:
Share via:

Pedro Ribeiro

2010-Apr-11 22:37 UTC

[Secure-testing-commits] r14457 - data/CVE

Author: pedrib-guest
Date: 2010-04-11 22:37:44 +0000 (Sun, 11 Apr 2010)
New Revision: 14457

Modified:
   data/CVE/list
Log:
a few NMUs plus a unaffected for drupal6


Modified: data/CVE/list
==================================================================---
data/CVE/list	2010-04-11 21:20:44 UTC (rev 14456)
+++ data/CVE/list	2010-04-11 22:37:44 UTC (rev 14457)
@@ -59,21 +59,21 @@
 CVE-2010-1304 (Directory traversal vulnerability in userstatus.php in the User
Status ...)
    NOT-FOR-US: Joomla!
 CVE-2010-1303 (Multiple cross-site scripting (XSS) vulnerabilities in the
Taxonomy ...)
-	TODO: check
+	- drupal6 <not-affected> (Vulnerable code not present)
 CVE-2010-XXXX [abcm2ps]
 	- abcm2ps <unfixed> (bug filed)
 CVE-2010-1302 (Directory traversal vulnerability in dwgraphs.php in the
DecryptWeb DW ...)
-	TODO: check
+	NOT-FOR-US: Joomla!
 CVE-2010-1301 (SQL injection vulnerability in main.php in Centreon 2.1.5 allows
...)
-	TODO: check
+	NOT-FOR-US: Centreon
 CVE-2010-1300 (SQL injection vulnerability in index.php in Yamamah (aka Dove
Photo ...)
-	TODO: check
+	NOT-FOR-US: Yamamah
 CVE-2010-1299 (Multiple PHP remote file inclusion vulnerabilities in DynPG CMS
4.1.0, ...)
-	TODO: check
+	NOT-FOR-US: DynPG CMS
 CVE-2008-7254 (Directory traversal vulnerability in
includes/template-loader.php in ...)
-	TODO: check
+	NOT-FOR-US: Pepsi CMS
 CVE-2010-1298 (Directory traversal vulnerability in view.php in Pulse CMS 1.2.2
...)
-	TODO: check
+	NOT-FOR-US: Pulse CMS
 CVE-2010-1297
 	RESERVED
 CVE-2010-1296

Michael Gilbert

2010-Apr-11 23:40 UTC

head link

[Secure-testing-commits] r14457 - data/CVE

On Sun, 11 Apr 2010 22:37:50 +0000 Pedro Ribeiro wrote:
> Author: pedrib-guest
> Date: 2010-04-11 22:37:44 +0000 (Sun, 11 Apr 2010)
> New Revision: 14457
> 
> Modified:
>    data/CVE/list
> Log:
> a few NMUs plus a unaffected for drupal6
> 
> 
> Modified: data/CVE/list
> ==================================================================> ---
data/CVE/list	2010-04-11 21:20:44 UTC (rev 14456)
> +++ data/CVE/list	2010-04-11 22:37:44 UTC (rev 14457)
> @@ -59,21 +59,21 @@
>  CVE-2010-1304 (Directory traversal vulnerability in userstatus.php in the
User Status ...)
>     NOT-FOR-US: Joomla!
>  CVE-2010-1303 (Multiple cross-site scripting (XSS) vulnerabilities in the
Taxonomy ...)
> -	TODO: check
> +	- drupal6 <not-affected> (Vulnerable code not present)
this is actually an issue in a drupal module, not drupal itself.
issues in modules that aren''t packaged are usually tracked as NFUs.
>  CVE-2010-XXXX [abcm2ps]
>  	- abcm2ps <unfixed> (bug filed)
>  CVE-2010-1302 (Directory traversal vulnerability in dwgraphs.php in the
DecryptWeb DW ...)
> -	TODO: check
> +	NOT-FOR-US: Joomla!
similarly, this is a joomla module, not joomla itself.  module names
are usually mentioned since if for some reason that code ever does get
packaged, a text search will turn the issue up. although that''s not a
big deal or anything.

thanks for your help triaging these issues!

mike

Secure testing commits - Apr 2010 - r14457 - data/CVE

[Secure-testing-commits] r14457 - data/CVE

[Secure-testing-commits] r14457 - data/CVE