thr3ads.net - Secure testing commits - [Secure-testing-commits] r17034

If this information is useful, please help other people find it:
Share via:
Johnathan Ritzi
2011-Jul-28 23:41 UTC
[Secure-testing-commits] r17034 - data/CVE

Author: jrdioko-guest
Date: 2011-07-28 23:41:32 +0000 (Thu, 28 Jul 2011)
New Revision: 17034

Modified:
   data/CVE/list
Log:
Joomla! issues

Updated several TODOs and NFUs to the joomla RFP. Many may still be in
NFU state (I only got through 16% of the file). Also not sure how to
handle the many Joomla! component issues (ITP/RFP or NFU). Probably
doesn''t matter though, since if Joomla! was ever added people would be
aware there are hundreds of CVEs for it and its components...


Modified: data/CVE/list
==================================================================---
data/CVE/list	2011-07-28 22:26:50 UTC (rev 17033)
+++ data/CVE/list	2011-07-28 23:41:32 UTC (rev 17034)
@@ -127,13 +127,13 @@
 CVE-2011-2893 (The DataPilot feature in IBM Lotus Symphony 3 before FP3 allows
...)
 	NOT-FOR-US: IBM Lotus Symphony
 CVE-2011-2892 (Joomla! 1.6.x before 1.6.2 does not prevent page rendering
inside a ...)
-	TODO: check
+	- joomla <itp> (bug #571794)
 CVE-2011-2891 (Joomla! 1.6.x before 1.6.2 allows remote attackers to obtain
sensitive ...)
-	TODO: check
+	- joomla <itp> (bug #571794)
 CVE-2011-2890 (The MediaViewMedia class in ...)
-	TODO: check
+	- joomla <itp> (bug #571794)
 CVE-2011-2889 (templates/system/error.php in Joomla! before 1.5.23 might allow
remote ...)
-	TODO: check
+	- joomla <itp> (bug #571794)
 CVE-2011-2888 (IBM Lotus Symphony 3 before FP3 allows remote attackers to cause
a ...)
 	NOT-FOR-US: IBM Lotus Symphony
 CVE-2011-2887 (IBM Lotus Symphony 3 before FP3 on Linux allows remote attackers
to ...)
@@ -516,7 +516,7 @@
 	RESERVED
 	NOT-FOR-US: cgit
 CVE-2011-2710 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla!
before ...)
-	TODO: check
+	- joomla <itp> (bug #571794)
 CVE-2011-2709
 	RESERVED
 CVE-2011-2708
@@ -1039,7 +1039,7 @@
 	[squeeze] - dokuwiki <no-dsa> (Minor issue, will be fixed in point
update)
 	[lenny] - dokuwiki <no-dsa> (Minor issue)
 CVE-2011-2509 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla!
before ...)
-	TODO: check
+	- joomla <itp> (bug #571794)
 CVE-2011-2508 (Directory traversal vulnerability in
libraries/display_tbl.lib.php in ...)
 	{DSA-2286-1}
 	- phpmyadmin 4:3.4.3.1-1
@@ -1108,7 +1108,7 @@
 	{DSA-2281-1}
 	- opie <removed> (bug #631344)
 CVE-2011-2488 (Joomla! before 1.5.23 does not properly check for errors, which
allows ...)
-	NOT-FOR-US: Joomla
+	- joomla <itp> (bug #571794)
 CVE-2011-2487
 	RESERVED
 CVE-2011-2486
@@ -6761,7 +6761,7 @@
 	- php5 5.3.5-1 (unimportant)
 	NOTE: requires attacker to be able to execute code already
 CVE-2010-4696 (Multiple SQL injection vulnerabilities in Joomla! 1.5.x before
1.5.22 ...)
-	NOT-FOR-US: Joomla 
+	- joomla <itp> (bug #571794)
 CVE-2009-5051 (Hastymail2 before RC 8 does not set the secure flag for the
session ...)
 	NOT-FOR-US: Hastymail
 CVE-2011-0493 (Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha might
allow ...)
@@ -7475,7 +7475,7 @@
 CVE-2010-4639 (SQL injection vulnerability in index.php in MySource Matrix
allows ...)
 	NOT-FOR-US: MySource Matrix
 CVE-2010-4638 (SQL injection vulnerability in the submitSurvey function in ...)
-	NOT-FOR-US: Joomla!
+	NOT-FOR-US: Joomla! JQuarks4s component
 CVE-2010-4637 (Cross-site scripting (XSS) vulnerability in
feedlist/handler_image.php ...)
 	NOT-FOR-US: FeedList
 CVE-2010-4636 (SQL injection vulnerability in detail.asp in Site2Nite Business
...)
@@ -9620,7 +9620,7 @@
 	- imagemagick 8:6.6.0.4-3 (low; bug #601824)
 	[lenny] - imagemagick 7:6.3.7.9.dfsg2-1~lenny4
 CVE-2010-4166 (Multiple SQL injection vulnerabilities in Joomla! 1.5.x before
1.5.22 ...)
-	NOT-FOR-US: Joomla
+	- joomla <itp> (bug #571794)
 CVE-2010-4165 (The do_tcp_setsockopt function in net/ipv4/tcp.c in the Linux
kernel ...)
 	- linux-2.6 2.6.32-28
 	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.28)
@@ -10862,7 +10862,7 @@
 CVE-2010-3713 (rss.php in UseBB before 1.0.11 does not properly handle forum
...)
 	NOT-FOR-US: UseBB
 CVE-2010-3712 (Cross-site scripting (XSS) vulnerability in Joomla! 1.5.x before
...)
-	NOT-FOR-US: Joomla!
+	- joomla <itp> (bug #571794)
 CVE-2010-3711 (libpurple in Pidgin before 2.7.4 does not properly validate the
return ...)
 	- pidgin 2.7.4-1
 	[squeeze] - pidgin 2.7.3-1+squeeze1
@@ -14122,7 +14122,7 @@
 CVE-2010-2536 (Multiple cross-site scripting (XSS) vulnerabilities in rekonq
0.5 and ...)
 	- rekonq 0.5.0-2 (bug #593300)
 CVE-2010-2535 (Multiple cross-site scripting (XSS) vulnerabilities in the Back
End in ...)
-	NOT-FOR-US: Joomla
+	- joomla <itp> (bug #571794)
 CVE-2010-2534 (The NetworkSyncCommandQueue function in
network/network_command.cpp in ...)
 	- openttd 1.0.3-1
 	[lenny] - openttd <not-affected> (Introduced in 1.0.1)
@@ -16524,7 +16524,7 @@
 CVE-2010-1650 (IBM WebSphere Application Server (WAS) 6.0.x before 6.0.2.41,
6.1.x ...)
 	NOT-FOR-US: IBM WebSphere Application Server
 CVE-2010-1649 (Multiple cross-site scripting (XSS) vulnerabilities in the back
end in ...)
-	NOT-FOR-US: Joomla
+	- joomla <itp> (bug #571794)
 CVE-2010-1648 (Cross-site request forgery (CSRF) vulnerability in the login
interface ...)
 	- mediawiki 1:1.15.4-1 (bug #585918; low)
 	[lenny] - mediawiki 1:1.12.0-2lenny6
Secure testing commits - Jul 2011 - r17034 - data/CVE

[Secure-testing-commits] r17034 - data/CVE
