[Secure-testing-commits] r7248 - data/CVE

nion at alioth.debian.org nion at alioth.debian.org
Thu Nov 8 21:11:41 UTC 2007


Author: nion
Date: 2007-11-08 21:11:40 +0000 (Thu, 08 Nov 2007)
New Revision: 7248

Modified:
   data/CVE/list
Log:
CVE-2007-5828 python-django not an issue


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-11-08 20:57:05 UTC (rev 7247)
+++ data/CVE/list	2007-11-08 21:11:40 UTC (rev 7248)
@@ -113,7 +113,9 @@
 CVE-2007-5829 (The Disk Mount scanner in Symantec AntiVirus for Macintosh 9.x and ...)
 	NOT-FOR-US: Symantec AntiVirus
 CVE-2007-5828 (Cross-site request forgery (CSRF) vulnerability in the admin panel in ...)
-	TODO: check
+	- python-django <unfixed> (unimportant)
+	NOTE: this is documented in docs/csrf.txt included in the python-django package and
+	NOTE: there is a plugin enabling this feature. This is intended behaviour.
 CVE-2007-5827 (iSCSI Enterprise Target (iscsitarget) 0.4.15 uses weak permissions for ...)
 	- iscsitarget 0.4.15-5 (bug #448873)
 	NOTE: init script has "dump" function, which marks conffile correctly




More information about the Secure-testing-commits mailing list