Author: nion Date: 2009-07-06 18:36:38 +0000 (Mon, 06 Jul 2009) New Revision: 12296 Modified: data/CVE/list data/NMU/list Log: drupal5/6 issues fixed in 5.18-1.1/6.12-1.1 Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-07-06 16:27:55 UTC (rev 12295) +++ data/CVE/list 2009-07-06 18:36:38 UTC (rev 12296) @@ -107,11 +107,22 @@ NOT-FOR-US: component for Joomla! CVE-2008-6840 (Multiple PHP remote file inclusion vulnerabilities in V-webmail 1.6.4 ...) NOT-FOR-US: V-webmail -CVE-2009-XXXX [multiple drupal issues] - - drupal6 <unfixed> (bug #535435) - - drupal5 <unfixed> (bug #535476) +CVE-2009-XXXX [XSS in forum module] + - drupal6 6.12-1.1 (low; bug #535435) + - drupal5 <not-affected> (Vulnerable code not present) NOTE: http://drupal.org/node/507572 NOTE: requested CVE id +CVE-2009-XXXX [input format access bypass] + - drupal6 6.12-1.1 (medium; bug #535435) + - drupal5 <not-affected> (Vulnerable code not present) + NOTE: http://drupal.org/node/507572 + NOTE: marked as medium as this might lead to code execution if the php filter is enabled + NOTE: requested CVE id +CVE-2009-XXXX [URL password leakage] + - drupal6 6.12-1.1 (low; bug #535435) + - drupal5 5.18-1.1 (low; bug #535476) + NOTE: http://drupal.org/node/507572 + NOTE: requested CVE id CVE-2009-2284 (Cross-site scripting (XSS) vulnerability in phpMyAdmin before 3.2.0.1 ...) - phpmyadmin 4:3.2.0.1-1 (medium; bug #535890) CVE-2009-2280 Modified: data/NMU/list ==================================================================--- data/NMU/list 2009-07-06 16:27:55 UTC (rev 12295) +++ data/NMU/list 2009-07-06 18:36:38 UTC (rev 12296) @@ -155,3 +155,5 @@ 2009-06-22 amule 2.2.5-1.1 2009-07-01 gupnp 0.12.6-3.1 2009-07-06 ipplan 4.91a-1.1 +2009-07-06 drupal5 5.18-1.1 +2009-07-06 drupal6 6.12-1.1