[Secure-testing-commits] r6019 - data/CVE

fw at alioth.debian.org fw at alioth.debian.org
Sat Jun 16 14:04:26 UTC 2007


Author: fw
Date: 2007-06-16 14:04:25 +0000 (Sat, 16 Jun 2007)
New Revision: 6019

Modified:
   data/CVE/list
Log:
CVE-2007-2681: b2evolution non-issue


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-06-16 13:30:52 UTC (rev 6018)
+++ data/CVE/list	2007-06-16 14:04:25 UTC (rev 6019)
@@ -1255,7 +1255,10 @@
 CVE-2007-2682 (The installer for Adobe Version Cue CS3 Server on Apple Mac OS X, as ...)
 	NOT-FOR-US: Adobe
 CVE-2007-2681 (Directory traversal vulnerability in blogs/index.php in b2evolution ...)
-	TODO: check
+	- b2evolution <unfixed> (unimportant)
+	NOTE: This is a register_globals=on issue.
+	NOTE: More than just blogs/index.php is affected (that file isn't
+	NOTE: installed by the Debian package).
 CVE-2007-2680 (Cross-site scripting (XSS) vulnerability in the management interface ...)
 	NOT-FOR-US: Canon
 CVE-2007-2679 (PHP file inclusion vulnerability in index.php in Ivan Peevski gallery ...)




More information about the Secure-testing-commits mailing list