[Secure-testing-commits] r6657 - in data: CVE DTSA
stef-guest at alioth.debian.org
stef-guest at alioth.debian.org
Thu Sep 20 22:47:40 UTC 2007
Author: stef-guest
Date: 2007-09-20 22:47:40 +0000 (Thu, 20 Sep 2007)
New Revision: 6657
Modified:
data/CVE/list
data/DTSA/list
Log:
gforge: mark CVE-2007-4966 duplicate, DTSA
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-09-20 21:14:08 UTC (rev 6656)
+++ data/CVE/list 2007-09-20 22:47:40 UTC (rev 6657)
@@ -47,8 +47,8 @@
CVE-2007-4967 (Online Armor Personal Firewall 2.0.1.215 does not properly validate ...)
NOT-FOR-US: Online Armor Personal Firewall
CVE-2007-4966 (SQL injection vulnerability in www/people/editprofile.php in GForge ...)
- TODO: check
- NOTE: I am not sure if this is a duplicate of CVE-2007-3913
+ - gforge 4.6.99+svn6086-1
+ NOTE: duplicate of CVE-2007-3913 according to Roland Mas
NOTE: Look at the fix for it: http://gforge.org/scm/viewvc.php/trunk/gforge/www/people/editprofile.php?root=gforge&r1=5995&r2=6083
NOTE: This is already a fix for an SQL injection via skill_delete
CVE-2007-4965 (Multiple integer overflows in the imageop module in Python 2.5.1 and ...)
Modified: data/DTSA/list
===================================================================
--- data/DTSA/list 2007-09-20 21:14:08 UTC (rev 6656)
+++ data/DTSA/list 2007-09-20 22:47:40 UTC (rev 6657)
@@ -164,3 +164,5 @@
[September 13th, 2007] DTSA-58-1 phpgroupware - cross scripting vulnerability
{CVE-2007-4048}
[lenny] - phpgroupware 0.9.16.011-3lenny2
+[September 21st, 2007] DTSA-59-1 gforge - cross site scripting vulnerability in account/verify.php
+ [lenny] - gforge 4.5.14-23lenny4
More information about the Secure-testing-commits
mailing list