thr3ads.net - Secure testing commits - [Secure-testing-commits] r13144

If this information is useful, please help other people find it:
Share via:

Michael Gilbert

2009-Oct-29 15:32 UTC

[Secure-testing-commits] r13144 - data/CVE

Author: gilbert-guest
Date: 2009-10-29 15:32:38 +0000 (Thu, 29 Oct 2009)
New Revision: 13144

Modified:
   data/CVE/list
Log:
fix request-tracker tracking based on maintainers feedback

Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-10-29 15:29:23 UTC (rev 13143)
+++ data/CVE/list	2009-10-29 15:32:38 UTC (rev 13144)
@@ -994,7 +994,7 @@
 	[etch] - libfwbuilder <not-affected> (Introduced in 3.0.4)
 CVE-2009-XXXX [RT: XSS security problem in custom field display]
 	- request-tracker3.8 3.8.5-1 (bug #546829)
-	- request-tracker3.6 3.6.9-1
+	- request-tracker3.6 3.6.9-1 (bug #546778)
 	[lenny] - request-tracker3.6 <no-dsa> (Minor issue)
 	TODO: next point update: [lenny] - request-tracker3.6 3.6.7-5+lenny2
 CVE-2009-3430 (SQL injection vulnerability in login.php in Allomani Mobile 2.5
allows ...)
@@ -5106,13 +5106,6 @@
 	{DSA-1899-1 DSA-1898-1}
 	- strongswan 4.2.14-1.2 (bug #533837)
 	- openswan 1:2.6.22+dfsg-1
-CVE-2009-XXXX [request-tracker: root priviledges for dialog]
-	- request-tracker3.4 <removed> (low; bug #534498)
-	[etch] - request-tracker3.4 <not-affected> (flaw introduced in 3.6.2)
-	- request-tracker3.6 3.6.8-1 (low; bug #534497)
-	[lenny] - request-tracker3.6 <no-dsa> (Targeted for stable point update)
-	[etch] - request-tracker3.6 <not-affected> (flaw introduced in 3.6.2)
-	- request-tracker3.8 3.8.4-1
 CVE-2009-2184 (Absolute path traversal vulnerability in forcedownload.php in
Gravy ...)
 	NOT-FOR-US: Gravy Media Photo
 CVE-2009-2183 (Directory traversal vulnerability in admin-files/ad.php in
Campsite ...)
@@ -5306,6 +5299,10 @@
 CVE-2009-XXXX [ShowConfigTab unintentionally grants rights intended for
SuperUsers]
 	- request-tracker3.6 3.6.8-1 (low; bug #532990)
 	[lenny] - request-tracker3.6 3.6.7-5+lenny1
+	[etch] - request-tracker3.6 <not-affected> (flaw introduced in 3.6.2)
+	- request-tracker3.4 <removed> (low; bug #534498)
+	[etch] - request-tracker3.4 <not-affected> (flaw introduced in 3.6.2)
+	- request-tracker3.8 3.8.4-1
 CVE-2009-2106 (SQL injection vulnerability in the Virtual Civil Services
(civserv) ...)
 	NOT-FOR-US: Virtual Civil Services extension for TYPO3
 CVE-2009-2105 (SQL injection vulnerability in the References database
(t3references) ...)

Secure testing commits - Oct 2009 - r13144 - data/CVE

[Secure-testing-commits] r13144 - data/CVE