[Secure-testing-commits] r5232 - data/CVE
Moritz Muehlenhoff
jmm-guest at alioth.debian.org
Wed Jan 10 19:46:20 CET 2007
Author: jmm-guest
Date: 2007-01-10 19:46:17 +0100 (Wed, 10 Jan 2007)
New Revision: 5232
Modified:
data/CVE/list
Log:
the sid fix is implicit
non-availability on etch is derived from the archive information
no-dsa is not for unchecked security states
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-01-10 18:24:47 UTC (rev 5231)
+++ data/CVE/list 2007-01-10 18:46:17 UTC (rev 5232)
@@ -6,11 +6,7 @@
NOT-FOR-US: Serene Bach
CVE-2007-0136 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal before ...)
- drupal 4.7.5-1
- [sarge] - drupal <no-dsa> (Not known if 4.5.x series was affected)
- [etch] - drupal <not-affected> (Drupal isn't in Etch)
- [sid] - drupal <not-affected> (version 4.7.5-1 uploaded)
NOTE: vendor advisory: http://drupal.org/node/104233
- TODO: check if Sarge was affected
CVE-2007-0135 (PHP remote file inclusion vulnerability in inc/init.inc.php in Aratix ...)
NOT-FOR-US: Aratix
CVE-2007-0134 (Multiple eval injection vulnerabilities in iGeneric iG Shop 1.0 allow ...)
More information about the Secure-testing-commits
mailing list