[Secure-testing-commits] r9740 - data/CVE
thijs at alioth.debian.org
thijs at alioth.debian.org
Thu Sep 4 06:52:40 UTC 2008
Author: thijs
Date: 2008-09-04 06:52:39 +0000 (Thu, 04 Sep 2008)
New Revision: 9740
Modified:
data/CVE/list
Log:
cgiwrap is actually affected, the cross site scripting only works on windows
browsers, but will probably work with our installation of cgiwrap as I
understand it. Still, it's quite a minor issue and the fix isn't a real fix.
I'll ask to have it removed from testing/unstable.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-09-03 23:36:27 UTC (rev 9739)
+++ data/CVE/list 2008-09-04 06:52:39 UTC (rev 9740)
@@ -2412,7 +2412,12 @@
CVE-2008-2853 (SQL injection vulnerability in index.php in Easy Webstore 1.2 allows ...)
NOT-FOR-US: Easy Webstore
CVE-2008-2852 (Cross-site scripting (XSS) vulnerability in CGIWrap before 4.1, when ...)
- - cgiwrap <not-affected> (Windows specific issue)
+ - cgiwrap <unfixed> (low; bug #497761)
+ [etch] - cgiwrap <no-dsa> (Minor issue)
+ NOTE: only applies to certain character sets and only works with
+ NOTE: browsers. There isn't a good solution available, the patch uses
+ NOTE: a compile-time charset specification. All in all not a real
+ NOTE: priority to fix in etch.
CVE-2008-2851 (Multiple buffer overflows in OFF System before 0.19.14 allow remote ...)
NOT-FOR-US: OFF System
CVE-2008-2850 (SQL injection vulnerability in the TrailScout module 5.x before ...)
More information about the Secure-testing-commits
mailing list