[Secure-testing-commits] r6390 - data/CVE
thijs at alioth.debian.org
thijs at alioth.debian.org
Fri Aug 24 09:50:11 UTC 2007
Author: thijs
Date: 2007-08-24 09:50:11 +0000 (Fri, 24 Aug 2007)
New Revision: 6390
Modified:
data/CVE/list
Log:
reported bug for websvn.
Websvn does not have cookie based authentication by itself.
I therefore don't think this is serious enough for a stable update.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-08-24 09:27:16 UTC (rev 6389)
+++ data/CVE/list 2007-08-24 09:50:11 UTC (rev 6390)
@@ -3223,7 +3223,9 @@
CVE-2007-3057 (PHP remote file inclusion vulnerability in ...)
NOT-FOR-US: XOOPS
CVE-2007-3056 (Cross-site scripting (XSS) vulnerability in filedetails.php in WebSVN ...)
- - websvn <unfixed> (low)
+ - websvn <unfixed> (low; bug #439337)
+ NOTE: Websvn does not have cookie based authentication by itself.
+ NOTE: I therefore don't think this is serious enough for a stable update.
CVE-2007-3055 (Cross-site scripting (XSS) vulnerability in index.php in Codelib ...)
NOT-FOR-US: Codelib Linker
CVE-2007-3054 (Cross-site scripting (XSS) vulnerability in search.php in Codelib ...)
More information about the Secure-testing-commits
mailing list