[Secure-testing-commits] r9423 - data/CVE
nion at alioth.debian.org
nion at alioth.debian.org
Sat Jul 26 19:26:48 UTC 2008
Author: nion
Date: 2008-07-26 19:26:46 +0000 (Sat, 26 Jul 2008)
New Revision: 9423
Modified:
data/CVE/list
Log:
proper upstream fix for CVE-2008-3222 in drupal5 5.8-1
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-07-26 17:28:03 UTC (rev 9422)
+++ data/CVE/list 2008-07-26 19:26:46 UTC (rev 9423)
@@ -191,7 +191,7 @@
- drupal5 <not-affected> (Vulnerable code not present, openids introduced in 6.0)
- drupal-4.7 <not-affected> (Vulnerable code not present, openids introduced in 6.0)
CVE-2008-3222 [session fixation vulnerability]
- - drupal5 5.8-1 (low; bug #490559)
+ - drupal5 5.9-1 (low; bug #490559)
- drupal-4.7 <unfixed> (low)
TODO: report drupal-4.7 bug (see modules/user.module line 964, sess_regenerate() needs to be called)
NOTE: before login action
More information about the Secure-testing-commits
mailing list