[Secure-testing-commits] r7393 - data/CVE
nion at alioth.debian.org
nion at alioth.debian.org
Mon Nov 26 12:21:51 UTC 2007
Author: nion
Date: 2007-11-26 12:21:51 +0000 (Mon, 26 Nov 2007)
New Revision: 7393
Modified:
data/CVE/list
Log:
CVE-2007-5415 unimportant
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-11-26 11:17:28 UTC (rev 7392)
+++ data/CVE/list 2007-11-26 12:21:51 UTC (rev 7393)
@@ -2075,8 +2075,9 @@
NOTE: The underlying PHP issue has been fixed in DSA 1206.
NOTE: Plus, register_globals is not supported in Debian
CVE-2007-5415 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox 2.0, when ...)
- TODO: check
- NOTE: can not reproduce any of the PoC urls in unstable version, anyone knows more?
+ - iceweasel <unfixed> (unimportant)
+ NOTE: if you are on a site which allows UTF-7 sure you need to sanitize the
+ NOTE: equivalent strings in UTF-7
NOTE: referring to the mozilla security team this is a non-issue and a duplicate of
NOTE: CVE-2007-5414, mailed mitre
CVE-2007-5414 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox before ...)
More information about the Secure-testing-commits
mailing list