[Secure-testing-commits] r10076 - data/CVE
nion at alioth.debian.org
nion at alioth.debian.org
Tue Oct 14 10:42:01 UTC 2008
Author: nion
Date: 2008-10-14 10:41:58 +0000 (Tue, 14 Oct 2008)
New Revision: 10076
Modified:
data/CVE/list
Log:
update on drupal session cookie issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-10-14 00:40:54 UTC (rev 10075)
+++ data/CVE/list 2008-10-14 10:41:58 UTC (rev 10076)
@@ -2191,6 +2191,8 @@
CVE-2008-3661 (Drupal, probably 5.10 and 6.4, does not set the secure flag for the ...)
- drupal5 <unfixed> (low; bug #501063)
- drupal6 <unfixed> (low; bug #501058)
+ NOTE: drupal upstreams advise the users to set session.cookie_secure in the php configuration
+ NOTE: this should be sufficient but documented in README.Debian to fix this bug
CVE-2008-3660 (PHP 4.4.x before 4.4.9 and PHP 5.6 through 5.2.6, when used as a ...)
{DSA-1647-1}
- php5 5.2.6-4 (medium)
More information about the Secure-testing-commits
mailing list