Author: adsb
Date: 2011-10-11 18:08:18 +0000 (Tue, 11 Oct 2011)
New Revision: 17408
Modified:
data/CVE/list
data/DSA/list
Log:
DSA 2322-1 (bugzilla)
Modified: data/CVE/list
==================================================================---
data/CVE/list 2011-10-11 10:46:27 UTC (rev 17407)
+++ data/CVE/list 2011-10-11 18:08:18 UTC (rev 17408)
@@ -2849,6 +2849,7 @@
- bugzilla <not-affected> (Only affects Bugzilla 4.1, never uploaded to
the archive)
CVE-2011-2978 (Bugzilla 2.16rc1 through 2.22.7, 3.0.x through 3.3.x, 3.4.x
before ...)
- bugzilla <removed> (low)
+ [squeeze] - bugzilla 3.6.2.0-4.4
CVE-2011-2977 (Bugzilla 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and
4.1.x ...)
- bugzilla <not-affected> (Only affects Bugzilla on Windows)
CVE-2011-2976 (Cross-site scripting (XSS) vulnerability in Bugzilla 2.16rc1
through ...)
@@ -4443,10 +4444,13 @@
RESERVED
CVE-2011-2381 (CRLF injection vulnerability in Bugzilla 2.17.1 through 2.22.7,
3.0.x ...)
- bugzilla <removed> (low)
+ [squeeze] - bugzilla 3.6.2.0-4.4
CVE-2011-2380 (Bugzilla 2.23.3 through 2.22.7, 3.0.x through 3.3.x, 3.4.x
before ...)
- bugzilla <removed> (low)
+ [squeeze] - bugzilla 3.6.2.0-4.4
CVE-2011-2379 (Cross-site scripting (XSS) vulnerability in Bugzilla 2.4 through
...)
- bugzilla <removed> (low)
+ [squeeze] - bugzilla 3.6.2.0-4.4
CVE-2011-2378 (The appendChild function in Mozilla Firefox before 3.6.20,
Thunderbird ...)
{DSA-2297-1 DSA-2296-1 DSA-2295-1}
- icedove 3.1.12-1
@@ -11474,6 +11478,7 @@
NOT-FOR-US: Majordomo
CVE-2011-0048 (Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4,
and ...)
- bugzilla <removed> (bug #611176)
+ [squeeze] - bugzilla 3.6.2.0-4.4
NOTE: http://www.bugzilla.org/security/3.2.9/
CVE-2011-0047 (Cross-site scripting (XSS) vulnerability in MediaWiki before
1.16.2 ...)
- mediawiki 1:1.15.5-3 (low; bug #611787)
@@ -11481,6 +11486,7 @@
[squeeze] - mediawiki 1:1.15.5-2squeeze1 (low; bug #611787)
CVE-2011-0046 (Multiple cross-site request forgery (CSRF) vulnerabilities in
Bugzilla ...)
- bugzilla <removed> (bug #611176)
+ [squeeze] - bugzilla 3.6.2.0-4.4
NOTE: http://www.bugzilla.org/security/3.2.9/
CVE-2010-4578 (Google Chrome before 8.0.552.224 and Chrome OS before
8.0.552.343 do ...)
{DSA-2188-1}
@@ -11509,6 +11515,7 @@
NOT-FOR-US: VMware ESXi
CVE-2010-4572 (CRLF injection vulnerability in chart.cgi in Bugzilla before
3.2.10, ...)
- bugzilla <removed>
+ [squeeze] - bugzilla 3.6.2.0-4.4
NOTE: http://www.bugzilla.org/security/3.2.9/
NOTE: perl and associate packages are CVE-2010-2761 and CVE-2010-4411 (see
above reference)
CVE-2010-4571
@@ -11519,9 +11526,11 @@
- bugzilla <not-affected> (vulnerable code introduced in 3.7)
CVE-2010-4568 (Bugzilla 2.14 through 2.22.7; 3.0.x, 3.1.x, and 3.2.x before
3.2.10; ...)
- bugzilla <removed> (bug #611176)
+ [squeeze] - bugzilla 3.6.2.0-4.4
NOTE: http://www.bugzilla.org/security/3.2.9/
CVE-2010-4567 (Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4,
and ...)
- bugzilla <removed> (high; bug #611176)
+ [squeeze] - bugzilla 3.6.2.0-4.4
NOTE: http://www.bugzilla.org/security/3.2.9/
CVE-2010-4566 (The web authentication form in the NT4 authentication component
in ...)
NOT-FOR-US: Citrix Acces Gateway
Modified: data/DSA/list
==================================================================---
data/DSA/list 2011-10-11 10:46:27 UTC (rev 17407)
+++ data/DSA/list 2011-10-11 18:08:18 UTC (rev 17408)
@@ -1,3 +1,6 @@
+[11 Oct 2011] DSA-2322-1 bugzilla - several
+ {CVE-2011-2979 CVE-2010-4567 CVE-2010-4568 CVE-2010-4572 CVE-2011-0046
CVE-2011-0048 CVE-2011-2379 CVE-2011-2380 CVE-2011-2381 CVE-2011-2978}
+ [squeeze] - bugzilla 3.6.2.0-4.4
[10 Oct 2011] DSA-2321-1 moin - cross-site scripting
{CVE-2011-1058}
[squeeze] - moin 1.9.3-1+squeeze1