[Secure-testing-commits] r6657 - in data: CVE DTSA

stef-guest at alioth.debian.org stef-guest at alioth.debian.org
Thu Sep 20 22:47:40 UTC 2007


Author: stef-guest
Date: 2007-09-20 22:47:40 +0000 (Thu, 20 Sep 2007)
New Revision: 6657

Modified:
   data/CVE/list
   data/DTSA/list
Log:
gforge: mark CVE-2007-4966 duplicate, DTSA

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-09-20 21:14:08 UTC (rev 6656)
+++ data/CVE/list	2007-09-20 22:47:40 UTC (rev 6657)
@@ -47,8 +47,8 @@
 CVE-2007-4967 (Online Armor Personal Firewall 2.0.1.215 does not properly validate ...)
 	NOT-FOR-US: Online Armor Personal Firewall
 CVE-2007-4966 (SQL injection vulnerability in www/people/editprofile.php in GForge ...)
-	TODO: check
-	NOTE: I am not sure if this is a duplicate of CVE-2007-3913
+	- gforge 4.6.99+svn6086-1
+	NOTE: duplicate of CVE-2007-3913 according to Roland Mas
 	NOTE: Look at the fix for it: http://gforge.org/scm/viewvc.php/trunk/gforge/www/people/editprofile.php?root=gforge&r1=5995&r2=6083
 	NOTE: This is already a fix for an SQL injection via skill_delete
 CVE-2007-4965 (Multiple integer overflows in the imageop module in Python 2.5.1 and ...)

Modified: data/DTSA/list
===================================================================
--- data/DTSA/list	2007-09-20 21:14:08 UTC (rev 6656)
+++ data/DTSA/list	2007-09-20 22:47:40 UTC (rev 6657)
@@ -164,3 +164,5 @@
 [September 13th, 2007] DTSA-58-1 phpgroupware - cross scripting vulnerability
 	{CVE-2007-4048}
 	[lenny] - phpgroupware 0.9.16.011-3lenny2
+[September 21st, 2007] DTSA-59-1 gforge - cross site scripting vulnerability in account/verify.php
+	[lenny] - gforge 4.5.14-23lenny4




More information about the Secure-testing-commits mailing list