Moritz Muehlenhoff
2006-Jan-27 10:50 UTC
[Secure-testing-commits] r3382 - in data: CVE DSA
Author: jmm-guest
Date: 2006-01-27 10:49:41 +0000 (Fri, 27 Jan 2006)
New Revision: 3382
Modified:
data/CVE/list
data/DSA/list
Log:
drupal DSA
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-01-27 09:14:25 UTC (rev 3381)
+++ data/CVE/list 2006-01-27 10:49:41 UTC (rev 3382)
@@ -2354,13 +2354,10 @@
NOT-FOR-US: Multipke DuWare products
CVE-2005-3975 (Interpretation conflict in file.inc in Drupal 4.5.0 through
4.5.5 and ...)
- drupal 4.5.6-1 (bug #348811; medium)
- NOTE: Sarge is affected
CVE-2005-3974 (Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3, when running
on ...)
- drupal 4.5.6-1 (low)
- [sarge] - drupal <not-affected> (Only vulnerable if running PHP 5)
CVE-2005-3973 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal
4.5.0 ...)
- drupal 4.5.6-1 (bug #348811; medium)
- NOTE: Sarge is affected
CVE-2005-3972 (Cross-site scripting (XSS) vulnerability in extremesearch.php in
...)
NOT-FOR-US: Extreme Search Corporate Edition
CVE-2005-3971 (Cross-site scripting (XSS) vulnerability in the login form in
Citrix ...)
Modified: data/DSA/list
==================================================================---
data/DSA/list 2006-01-27 09:14:25 UTC (rev 3381)
+++ data/DSA/list 2006-01-27 10:49:41 UTC (rev 3382)
@@ -1,3 +1,7 @@
+[27 Jan 2006] DSA-958-1 drupal - several
+ {CVE-2005-3973 CVE-2005-3974 CVE-2005-3975}
+ [sarge] - drupal 4.5.3-5
+ NOTE: fixed in testing at time of DSA
[26 Jan 2006] DSA-957-1 imagemagick - missing shell meta sanitising
{CVE-2005-4601}
[woody] - imagemagick 4:5.4.4.5-1woody7