[Secure-testing-commits] r13411 - in data: . CVE
Michael Gilbert
gilbert-guest at alioth.debian.org
Tue Dec 1 03:26:34 UTC 2009
Author: gilbert-guest
Date: 2009-12-01 03:26:34 +0000 (Tue, 01 Dec 2009)
New Revision: 13411
Modified:
data/CVE/list
data/embedded-code-copies
Log:
another package that embeds prototypejs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-11-30 21:14:19 UTC (rev 13410)
+++ data/CVE/list 2009-12-01 03:26:34 UTC (rev 13411)
@@ -2478,6 +2478,9 @@
[lenny] - otrs2 <not-affected> (prototype.js not present)
- webcalendar <unfixed> (low; bug #555268)
[lenny] - webcalendar <not-affected> (prototype.js not present)
+ - libhtml-prototype-perl <unfixed> (low; bug #558977)
+ [etch] - libhtml-prototype-perl <no-dsa> (minor issue)
+ [lenny] - libhtml-prototype-perl <no-dsa> (minor issue)
- plone3 <unfixed> (low; bug #555274)
- wesnoth <not-affected> (prototype.js not included in any of the binary packages; bug #555266)
- webcit <not-affected> (fixed since initial inclusion)
@@ -39202,6 +39205,9 @@
[lenny] - webcalendar <not-affected> (prototype.js not present)
- plone3 <unfixed> (low; bug #555274)
- wesnoth <not-affected> (fixed since initial inclusion)
+ - libhtml-prototype-perl <unfixed> (low; bug #558977)
+ [etch] - libhtml-prototype-perl <no-dsa> (minor issue)
+ [lenny] - libhtml-prototype-perl <no-dsa> (minor issue)
NOTE: see http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf
NOTE: This allows to steal data from affected websites. Therefore web applications should
NOTE: only be considered vunerabile if they process confidential data.
Modified: data/embedded-code-copies
===================================================================
--- data/embedded-code-copies 2009-11-30 21:14:19 UTC (rev 13410)
+++ data/embedded-code-copies 2009-12-01 03:26:34 UTC (rev 13411)
@@ -688,6 +688,7 @@
- passenger 2.2.5debian1-1 (embed; bug #555273)
- plone3 <unfixed> (embed; bug #555275)
- wesnoth <not-affected> (prototype.js not included in any of the binary packages; bug #555277)
+ - libhtml-prototype-perl <unfixed> (embed; bug #538920)
- xulrunner <unfixed> (embed)
NOTE: included in iceweasel/xulrunner unit tests directory, so may not be security-relevant
More information about the Secure-testing-commits
mailing list