Secure testing commits - Jul 2008 - r9384 - data/CVE

Author: nion
Date: 2008-07-21 12:23:50 +0000 (Mon, 21 Jul 2008)
New Revision: 9384

Modified:
   data/CVE/list
Log:
drupal cveified (CVE-2008-32[19-23]), parts also affect drupal-4.7


Modified: data/CVE/list
==================================================================---
data/CVE/list	2008-07-21 11:51:52 UTC (rev 9383)
+++ data/CVE/list	2008-07-21 12:23:50 UTC (rev 9384)
@@ -165,12 +165,28 @@
 	NOT-FOR-US: ancient issue
 CVE-2008-3229 [buffer overflow in XAUTHORITY handling in op]
 	- op <not-affected> (not configured with xauth support)
-CVE-2008-XXXX [several issues in last upstream announcement]
-	- drupal5 5.8-1 (bug #490559)
-	- drupal-4.7 <not-affected>
-	NOTE: http://drupal.org/node/280571
-	NOTE: Upstream advisory states that drupal5 is only affected to a few of the
issues
-	NOTE: drupal-4.7 is not mentioned as vulnerable
+CVE-2008-3218 [multiple XSS related to free tagging taxonomy terms not properly
handled in node preview]
+	- drupal5 <not-affected> (Vulnerable code not present, feature
introduced in 6.0)
+	- drupal-4.7 <not-affected> (Vulnerable code not present, feature
introduced in 6.0)
+CVE-2008-3219 [filter_xss_admin doesnt prevent use of object HTML tag in
administrator input]
+	- drupal5 5.8-1 (low; bug #490559)
+	- drupal-4.7 <unfixed> (low)
+	TODO: report drupal-4.7 bug (see modules/filter.module line 1113, object is
returned as valid)
+CVE-2008-3220 [CSRF might delete translated strings]
+	- drupal5 5.8-1 (low; bug #490559)
+	- drupal-4.7 <not-affected> (Vulnerable code not present)
+	NOTE: drupal-4.7 uses the locale_admin_string_delete callback which returns a
confirmation dialog
+CVE-2008-3221 [CSRF might delete openid identities]
+	- drupal5 <not-affected> (Vulnerable code not present, openids
introduced in 6.0)
+	- drupal-4.7 <not-affected> (Vulnerable code not present, openids
introduced in 6.0)
+CVE-2008-3222 [session fixation vulnerability]
+	- drupal5 5.8-1 (low; bug #490559)
+	- drupal-4.7 <unfixed> (low)
+	TODO: report drupal-4.7 bug (see modules/user.module line 964,
sess_regenerate() needs to be called)
+	NOTE: before login action
+CVE-2008-3223 [SQL Injection in Schema API]
+	- drupal5 <not-affected> (Vulnerable code not present, introduced in
6.0)
+	- drupal-4.7 <not-affected> (Vulnerable code not present, introduced in
6.0)
 CVE-2008-3145 [DoS via injecting a series of malformed packets]
 	RESERVED
 	- wireshark <unfixed> (low)