[Secure-testing-commits] r7040 - data/CVE

nion at alioth.debian.org nion at alioth.debian.org
Sat Oct 20 14:08:20 UTC 2007


Author: nion
Date: 2007-10-20 14:08:20 +0000 (Sat, 20 Oct 2007)
New Revision: 7040

Modified:
   data/CVE/list
Log:
checked jspwiki vulnerabilities


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-10-20 13:11:18 UTC (rev 7039)
+++ data/CVE/list	2007-10-20 14:08:20 UTC (rev 7040)
@@ -1404,17 +1404,14 @@
 CVE-2007-5122 (SQL injection vulnerability in store_info.php in SoftBiz Classifieds ...)
 	NOT-FOR-US: SoftBiz Classifieds PLUS
 CVE-2007-5121 (Cross-site scripting (XSS) vulnerability in JSPWiki 2.5.139-beta ...)
-	- jspwiki <unfixed> (medium; bug #445477)
+	- jspwiki <not-affected> (The version we ship does not process a redirect parameter in Login.jsp and other source files)
 	[sarge] - jspwiki <no-dsa> (Contrib not supported)
-	TODO: check, if affected at all
 CVE-2007-5120 (Multiple cross-site scripting (XSS) vulnerabilities in JSPWiki 2.4.103 ...)
 	- jspwiki <unfixed> (medium; bug #445477)
 	[sarge] - jspwiki <no-dsa> (Contrib not supported)
-	TODO: check, if affected at all
 CVE-2007-5119 (JSPWiki 2.4.103 and 2.5.139-beta allows remote attackers to obtain ...)
 	- jspwiki <unfixed> (medium; bug #445477)
 	[sarge] - jspwiki <no-dsa> (Contrib not supported)
-	TODO: check, if affected at all
 CVE-2007-5118 (Unspecified vulnerability in the HID (Human Interface Device) class ...)
 	NOT-FOR-US: Solaris
 CVE-2007-5117 (Multiple PHP remote file inclusion vulnerabilities in FrontAccounting ...)




More information about the Secure-testing-commits mailing list