[Secure-testing-commits] r7238 - data/CVE
thijs at alioth.debian.org
thijs at alioth.debian.org
Wed Nov 7 14:40:24 UTC 2007
Author: thijs
Date: 2007-11-07 14:40:23 +0000 (Wed, 07 Nov 2007)
New Revision: 7238
Modified:
data/CVE/list
Log:
confirmed that cvstrac is not affected, phpmyadmin issue does not affect sarge.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-11-07 09:14:08 UTC (rev 7237)
+++ data/CVE/list 2007-11-07 14:40:23 UTC (rev 7238)
@@ -1731,6 +1731,7 @@
NOT-FOR-US: Pindorama
CVE-2007-5386 (Cross-site scripting (XSS) vulnerability in scripts/setup.php in ...)
- phpmyadmin 4:2.11.1.2-1 (unimportant; bug #446451)
+ [sarge] - phpmyadmin <not-affected> (vulnerable script not present)
CVE-2007-5385 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
NOT-FOR-US: Thomson/Alcatel SpeedTouch 7G router
CVE-2007-5384 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
@@ -14257,7 +14258,9 @@
NOT-FOR-US: ActiveX control in InterActual Player
CVE-2007-0347 (The is_eow function in format.c in CVSTrac before 2.0.1 does not ...)
- cvstrac 2.0.1-1
- NOTE: it is unclear if 1.1.5 is vulnerable (is_repository_file is not in 1.1.5 source)
+ [etch] - cvstrac <not-affected>
+ [sarge] - cvstrac <not-affected>
+ NOTE: 1.1.5 is not vulnerable (is_repository_file is not in 1.1.5 source)
NOTE: the vulnerable code can't be found on other places in 1.1.5 and also similar things
NOTE: are done like using %q instead of %s for user supplied data
CVE-2007-0346 (SQL injection vulnerability in index.php in SmE FileMailer 1.21 allows ...)
More information about the Secure-testing-commits
mailing list