[Secure-testing-commits] r10175 - data/CVE

nion at alioth.debian.org nion at alioth.debian.org
Mon Oct 27 08:48:01 UTC 2008


Author: nion
Date: 2008-10-27 08:48:00 +0000 (Mon, 27 Oct 2008)
New Revision: 10175

Modified:
   data/CVE/list
Log:
CVE-2008-4677 non-issue
only one issue of SA-2008-067 affects drupal5


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-10-27 08:47:00 UTC (rev 10174)
+++ data/CVE/list	2008-10-27 08:48:00 UTC (rev 10175)
@@ -34,6 +34,7 @@
 CVE-2008-4724 (Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome ...)
 	{CVE-2008-4723}
 	TODO: check if Webkit is affected
+	NOTE: not reproducible using iceweasel 3.0.1
 CVE-2008-4723 (Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox ...)
 	{CVE-2008-4724}
 	TODO: check
@@ -129,14 +130,14 @@
 CVE-2008-4678 (The HTTP_Request_Parser method in the HTTP Transport component in IBM ...)
 	NOT-FOR-US: IBM Websphere
 CVE-2008-4677 (autoload/netrw.vim (aka the Netrw Plugin) 109, 131, and other versions ...)
-	TODO: check
+	- vim <unfixed> (unimportant)
+	NOTE: documented in netrw documentation
 CVE-2008-XXXX [local file inclusion in drupal]
 	- drupal6 <unfixed> (low; bug #503222)
 	- drupal5 5.10-3 (low; bug #503217)
 CVE-2008-XXXX [XSS in book module in drupal]
 	- drupal6 <unfixed> (low; bug #503222)
-	- drupal5 5.10-3 (low; bug #503217)
-	TODO: check if druapal5 really has this vulnerability, the code looks different
+	- drupal5 <not-affected> (vulnerable code not present)
 CVE-2008-4676 (Unspecified vulnerability in Citrix XenApp (formerly Presentation ...)
 	NOT-FOR-US: Citrix XenApp
 CVE-2008-4675 (SQL injection vulnerability in index.php in PHPcounter 1.3.2 and ...)




More information about the Secure-testing-commits mailing list