[Secure-testing-commits] r13642 - data/CVE
Steffen Joeris
white at alioth.debian.org
Thu Dec 24 12:04:20 UTC 2009
Author: white
Date: 2009-12-24 12:04:13 +0000 (Thu, 24 Dec 2009)
New Revision: 13642
Modified:
data/CVE/list
Log:
One rails issue does not affect lenny, since the version does not include 'text' in unverifiable_types
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-12-24 10:50:05 UTC (rev 13641)
+++ data/CVE/list 2009-12-24 12:04:13 UTC (rev 13642)
@@ -986,6 +986,7 @@
NOTE: http://groups.google.com/group/rubyonrails-security/browse_thread/thread/4d4f71f2aef4c0ab?pli=1
CVE-2008-7248 (Ruby on Rails 2.1 before 2.1.3 and 2.2.x before 2.2.2 does not verify ...)
- rails <unfixed> (medium; bug #558685)
+ [lenny] - rails <not-affected> (Vulnerable code not present)
NOTE: http://weblog.rubyonrails.org/2008/11/18/potential-circumvention-of-csrf-protection-in-rails-2-1
CVE-2009-4073 (The printing functionality in Microsoft Internet Explorer 8 allows ...)
NOT-FOR-US: Microsoft Internet Explorer 8
More information about the Secure-testing-commits
mailing list