[Secure-testing-commits] r13570 - in data: CVE NMU
Steffen Joeris
white at alioth.debian.org
Wed Dec 16 11:43:32 UTC 2009
Author: white
Date: 2009-12-16 11:43:32 +0000 (Wed, 16 Dec 2009)
New Revision: 13570
Modified:
data/CVE/list
data/NMU/list
Log:
XSS issue fixed in NMU; other issue won't be fixed for etch/lenny, whitelist policy will be implemented for squeeze, blocker bug filed
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-12-16 11:31:42 UTC (rev 13569)
+++ data/CVE/list 2009-12-16 11:43:32 UTC (rev 13570)
@@ -746,14 +746,14 @@
CVE-2009-4047 (Multiple cross-site scripting (XSS) vulnerabilities in PHD Help Desk ...)
NOT-FOR-US: PHD Help Desk
CVE-2009-4112 (Cacti 0.8.7e and earlier allows remote authenticated administrators to ...)
- - cacti <unfixed> (low)
- TODO: check
+ - cacti <unfixed> (low; bug #561339)
+ [etch] - cacti <no-dsa> (Minor issue, workaround explained in DSA)
+ [lenny] - cacti <no-dsa> (Minor issue, workaround explained in DSA)
NOTE: 4B0E1566.1070509 at moritz-naumann.com in bugtraq
NOTE: low or maybe even unimportant as one requires admin access
- NOTE: to cacti
+ NOTE: to cacti, upstream will implement a whitelist
CVE-2009-4032 (Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7e ...)
- - cacti <unfixed>
- TODO: check
+ - cacti 0.8.7e-1.1 (low; bug #561338)
NOTE: http://docs.cacti.net/#cross-site_scripting_fixes
NOTE: http://www.cacti.net/download_patches.php
CVE-2009-4046 (Multiple SQL injection vulnerabilities in FrontAccounting (FA) 2.2.x ...)
Modified: data/NMU/list
===================================================================
--- data/NMU/list 2009-12-16 11:31:42 UTC (rev 13569)
+++ data/NMU/list 2009-12-16 11:43:32 UTC (rev 13570)
@@ -179,3 +179,4 @@
2009-11-21 gimp 2.6.7-1.1
2009-11-29 audiofile 0.2.6-7.1
2009-12-06 libstruts1.2-java 1.2.9-3.1
+2009-12-16 cacti 0.8.7e-1.1
More information about the Secure-testing-commits
mailing list