[Secure-testing-commits] r9999 - data/CVE
jmm-guest at alioth.debian.org
jmm-guest at alioth.debian.org
Sun Oct 5 09:40:54 UTC 2008
Author: jmm-guest
Date: 2008-10-05 09:40:53 +0000 (Sun, 05 Oct 2008)
New Revision: 9999
Modified:
data/CVE/list
Log:
sql-ledger not fully supported
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-10-05 09:30:36 UTC (rev 9998)
+++ data/CVE/list 2008-10-05 09:40:53 UTC (rev 9999)
@@ -26371,7 +26371,9 @@
CVE-2007-0668 (The Loopback Filesystem (LOFS) in Sun Solaris 10 allows local users in ...)
NOT-FOR-US: Sun Solaris.
CVE-2007-0667 (The redirect function in Form.pm for (1) LedgerSMB before 1.1.5 and ...)
- - sql-ledger <unfixed> (bug #409703; medium)
+ - sql-ledger <unfixed> (bug #409703; unimportant)
+ NOTE: It's documented behaviour that SQL-Ledger should only be run in an
+ NOTE: authenticated HTTP zone and without untrusted users
[etch] - sql-ledger <no-dsa> (Should only be used with trusted users)
NOTE: sql-ledger 2.6.22-2 adds a note to README.Debian that sql-ledger
NOTE: is not secure with untrusted users.
More information about the Secure-testing-commits
mailing list