[Secure-testing-commits] r31869 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2015-01-31 13:52:15 +0000 (Sat, 31 Jan 2015)
New Revision: 31869

Modified:
   data/CVE/list
Log:
CVEs assigned for roundcube and phpbb3 issues

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2015-01-31 13:00:36 UTC (rev 31868)
+++ data/CVE/list       2015-01-31 13:52:15 UTC (rev 31869)
@@ -1,5 +1,15 @@
-CVE-2015-XXXX [roundcube: XSS]
+CVE-2015-1433 [roundcube: XSS]
        - roundcube <unfixed> (low; bug #776700)
+CVE-2015-1432 [phpbb3: CSRF]
+       - phpbb3 <unfixed> (low; bug #776699)
+       [wheezy] - phpbb3 <no-dsa> (Minor issue)
+       [squeeze] - phpbb3 <no-dsa> (Minor issue)
+       NOTE: https://tracker.phpbb.com/browse/PHPBB3-13526
+CVE-2015-1431 [phpbb3: css injection]
+       - phpbb3 <unfixed> (low; bug #776699)
+       [wheezy] - phpbb3 <no-dsa> (Minor issue)
+       [squeeze] - phpbb3 <no-dsa> (Minor issue)
+       NOTE: https://tracker.phpbb.com/browse/PHPBB3-13531
 CVE-2015-1425
        RESERVED
 CVE-2015-1424 (Cross-site request forgery (CSRF) vulnerability in Gecko CMS 
2.2 and ...)
@@ -183,13 +193,6 @@
 CVE-2015-1401
        RESERVED
        NOT-FOR-US: typo3 extension
-CVE-2015-XXXX [phpbb3 csrf & css injection]
-       - phpbb3 <unfixed> (low; bug #776699)
-       [wheezy] - phpbb3 <no-dsa> (Minor issue)
-       [squeeze] - phpbb3 <no-dsa> (Minor issue)
-       NOTE: https://wiki.phpbb.com/Release_Highlights/3.0.13
-       NOTE: https://github.com/phpbb/phpbb/pull/3311
-       NOTE: https://github.com/phpbb/phpbb/pull/3316
 CVE-2015-XXXX [can be crashed by some network traffic]
        - kgb-bot <unfixed> (bug #776424)
 CVE-2014-XXXX [Digest authentification never replay Ldap requests]


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits