[Secure-testing-commits] r9539 - data/CVE
nion at alioth.debian.org
nion at alioth.debian.org
Fri Aug 8 10:15:17 UTC 2008
Author: nion
Date: 2008-08-08 10:15:15 +0000 (Fri, 08 Aug 2008)
New Revision: 9539
Modified:
data/CVE/list
Log:
drupal-4.7 has been removed
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-08-08 10:09:44 UTC (rev 9538)
+++ data/CVE/list 2008-08-08 10:15:15 UTC (rev 9539)
@@ -792,8 +792,7 @@
- drupal-4.7 <not-affected> (Vulnerable code not present, feature introduced in 6.0)
CVE-2008-3219 (The Drupal filter_xss_admin function in 5.x before 5.8 and 6.x before ...)
- drupal5 5.8-1 (low; bug #490559)
- - drupal-4.7 <unfixed> (low)
- TODO: report drupal-4.7 bug (see modules/filter.module line 1113, object is returned as valid)
+ - drupal-4.7 <removed>
CVE-2008-3220 (Cross-site request forgery (CSRF) vulnerability in Drupal 5.x before ...)
- drupal5 5.8-1 (low; bug #490559)
- drupal-4.7 <not-affected> (Vulnerable code not present)
@@ -803,9 +802,7 @@
- drupal-4.7 <not-affected> (Vulnerable code not present, openids introduced in 6.0)
CVE-2008-3222 (Session fixation vulnerability in Drupal 5.x before 5.9 and 6.x before ...)
- drupal5 5.9-1 (low; bug #490559)
- - drupal-4.7 <unfixed> (low)
- TODO: report drupal-4.7 bug (see modules/user.module line 964, sess_regenerate() needs to be called)
- NOTE: before login action
+ - drupal-4.7 <removed>
CVE-2008-3223 (SQL injection vulnerability in the Schema API in Drupal 6.x before 6.3 ...)
- drupal5 <not-affected> (Vulnerable code not present, introduced in 6.0)
- drupal-4.7 <not-affected> (Vulnerable code not present, introduced in 6.0)
More information about the Secure-testing-commits
mailing list