[Secure-testing-commits] r10953 - data/CVE
thijs at alioth.debian.org
thijs at alioth.debian.org
Wed Jan 14 13:01:07 UTC 2009
Author: thijs
Date: 2009-01-14 13:01:07 +0000 (Wed, 14 Jan 2009)
New Revision: 10953
Modified:
data/CVE/list
Log:
plone cookie issie no-dsa; it's a good security enhancement bug it cannot
be exploited without other vectors in itself
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-01-14 08:13:43 UTC (rev 10952)
+++ data/CVE/list 2009-01-14 13:01:07 UTC (rev 10953)
@@ -10973,7 +10973,9 @@
[lenny] - plone3 <no-dsa> (Only an issue if not following best practices, see bug #473571)
CVE-2008-1394 (Plone CMS before 3 places a base64 encoded form of the username and ...)
- zope-cmfplone <removed>
+ [etch] - zope-cmfplone <no-dsa> (low)
NOTE: doesn't apply to v3
+ NOTE: more a security enhancement
CVE-2008-1393 (Plone CMS 3.0.5, and probably other 3.x versions, places a base64 ...)
- plone3 <unfixed> (low; bug #473571)
[lenny] - plone3 <no-dsa> (Only an issue if not following best practices, see bug #473571)
More information about the Secure-testing-commits
mailing list