thr3ads.net - Secure testing commits - [Secure-testing-commits] r18819

If this information is useful, please help other people find it:
Share via:
Thijs Kinkhorst
2012-Apr-04 07:30 UTC
[Secure-testing-commits] r18819 - in data: CVE DSA

Author: thijs
Date: 2012-04-04 07:30:37 +0000 (Wed, 04 Apr 2012)
New Revision: 18819

Modified:
   data/CVE/list
   data/DSA/list
Log:
triaged movabletype issues; sectool nfu


Modified: data/CVE/list
==================================================================---
data/CVE/list	2012-04-04 06:10:05 UTC (rev 18818)
+++ data/CVE/list	2012-04-04 07:30:37 UTC (rev 18819)
@@ -133,9 +133,9 @@
 CVE-2012-1986
 	RESERVED
 CVE-2011-5085 (Unspecified vulnerability in Movable Type 4.x before 4.36 and
5.x ...)
-	TODO: check
+	- movabletype-opensource 5.1.2+dfsg-1
 CVE-2011-5084 (Cross-site scripting (XSS) vulnerability in Movable Type 4.x
before ...)
-	TODO: check
+	- movabletype-opensource 5.1.2+dfsg-1
 CVE-2012-1985
 	RESERVED
 CVE-2012-1984
@@ -905,8 +905,9 @@
 	RESERVED
 CVE-2012-1616
 	RESERVED
-CVE-2012-1615
+CVE-2012-1615 [sectool dbus priv escalation]
 	RESERVED
+	NOT-FOR-US: sectool
 CVE-2012-1614
 	RESERVED
 CVE-2012-1613
@@ -1176,7 +1177,7 @@
 CVE-2012-1498 (Multiple cross-site request forgery (CSRF) vulnerabilities in
Webfolio ...)
 	NOT-FOR-US: Webfolio CMS
 CVE-2012-1497 (The default configuration of Movable Type before 4.38, 5.0x
before ...)
-	- movabletype-opensource <undetermined>
+	- movabletype-opensource 5.1.3+dfsg-1
 CVE-2012-1496
 	RESERVED
 CVE-2012-1495
@@ -1656,7 +1657,7 @@
 CVE-2012-1263
 	RESERVED
 CVE-2012-1262 (Cross-site scripting (XSS) vulnerability in
cgi-bin/mt/mt-wizard.cgi ...)
-	- movabletype-opensource <undetermined>
+	- movabletype-opensource 5.1.3+dfsg-1
 CVE-2012-1261
 	RESERVED
 CVE-2012-1260
@@ -4040,13 +4041,13 @@
 CVE-2012-0321 (Unspecified vulnerability in the device driver in Kingsoft
Internet ...)
 	NOT-FOR-US: Kingsoft Internet Security 2011
 CVE-2012-0320 (Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13
...)
-	- movabletype-opensource <undetermined>
+	- movabletype-opensource 5.1.3+dfsg-1
 CVE-2012-0319 (The file-management system in Movable Type before 4.38, 5.0x
before ...)
-	- movabletype-opensource <undetermined>
+	- movabletype-opensource 5.1.3+dfsg-1
 CVE-2012-0318 (Multiple cross-site scripting (XSS) vulnerabilities in Movable
Type ...)
-	- movabletype-opensource <undetermined>
+	- movabletype-opensource 5.1.3+dfsg-1
 CVE-2012-0317 (Multiple cross-site request forgery (CSRF) vulnerabilities in
Movable ...)
-	- movabletype-opensource <undetermined>
+	- movabletype-opensource 5.1.3+dfsg-1
 CVE-2012-0316 (The Cookpad 1.5.16 and earlier and Cookpad Noseru 1.1.1 and
earlier ...)
 	NOT-FOR-US: Cookpad
 CVE-2012-0315 (Untrusted search path vulnerability in ALFTP before 5.31 allows
local ...)

Modified: data/DSA/list
==================================================================---
data/DSA/list	2012-04-04 06:10:05 UTC (rev 18818)
+++ data/DSA/list	2012-04-04 07:30:37 UTC (rev 18819)
@@ -67,6 +67,7 @@
         {CVE-2012-1102}
 	[squeeze] - libxml-atom-perl 0.37-1+squeeze1
 [02 Mar 2012] DSA-2423-1 movabletype-opensource - several
+	{CVE-2012-1497 CVE-2012-1262 CVE-2012-0320 CVE-2012-0319 CVE-2012-0318
CVE-2012-0317 CVE-2011-5085 CVE-2011-5084}
 	[squeeze] - movabletype-opensource 4.3.8+dfsg-0+squeeze2
 [29 Feb 2012] DSA-2422-1 file - missing bounds check
         {CVE-2012-1571}
Secure testing commits - Apr 2012 - r18819 - in data: CVE DSA

[Secure-testing-commits] r18819 - in data: CVE DSA
