Author: jmm
Date: 2011-09-12 07:48:28 +0000 (Mon, 12 Sep 2011)
New Revision: 17215
Modified:
data/CVE/list
Log:
mantis CVEfied
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2011-09-12 07:45:36 UTC (rev 17214)
+++ data/CVE/list 2011-09-12 07:48:28 UTC (rev 17215)
@@ -11,11 +11,6 @@
NOT-FOR-US: IBM OpenAdmin Too
CVE-2010-4833 (Untrusted search path vulnerability in ...)
TODO: check
-CVE-2011-XXXX [mantis multiple issues]
- - mantis 1.2.7-1 (medium; bug #640297)
- TODO: split into individual CVE ids after assignment
- NOTE: requested CVE ids
- NOTE: medium due to LFI
CVE-2011-3350 [masqmail improper privilege dropping]
RESERVED
- masqmail <unfixed> (low; bug #638002)
@@ -83,12 +78,15 @@
RESERVED
CVE-2011-3359
RESERVED
-CVE-2011-3358
+CVE-2011-3358 [XSS issues with unescaped os, os_build and platform]
RESERVED
-CVE-2011-3357
+ - mantis 1.2.7-1 (low; bug #640297)
+CVE-2011-3357 [LFI and XSS via bug_actiongroup_ext_page.php]
RESERVED
-CVE-2011-3356
+ - mantis 1.2.7-1 (medium; bug #640297)
+CVE-2011-3356 [XSS injection via PHP_SELF]
RESERVED
+ - mantis 1.2.7-1 (low; bug #640297)
CVE-2011-3355
RESERVED
- evolution-data-server3 <unfixed>
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
