[Secure-testing-commits] r14505 - data/CVE
Thijs Kinkhorst
thijs at alioth.debian.org
Sat Apr 17 08:14:35 UTC 2010
Author: thijs
Date: 2010-04-17 08:14:30 +0000 (Sat, 17 Apr 2010)
New Revision: 14505
Modified:
data/CVE/list
Log:
tcpdf copies in moodle and phpmyadmin too old to have vulnerability
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-04-16 23:02:05 UTC (rev 14504)
+++ data/CVE/list 2010-04-17 08:14:30 UTC (rev 14505)
@@ -443,11 +443,12 @@
CVE-2010-1245
RESERVED
CVE-2010-XXXX [tcpdf code execution via tcpdf tag]
- - moodle <undetermined>
- - phpmyadmin <undetermined>
+ - moodle <not-affected> (Vulnerable code not present)
+ - phpmyadmin <not-affected> (Vulnerable code not present)
- tcpdf <itp> (bug #495985)
TODO: check
NOTE: http://sourceforge.net/projects/tcpdf/files/CHANGELOG.TXT/view
+ NOTE: http://seclists.org/fulldisclosure/2010/Apr/104
NOTE: setting K_TCPDF_CALLS_IN_HTML to false mitigates the problem
CVE-2010-XXXX [xmail insecure temp files handling]
- xmail <undetermined>
More information about the Secure-testing-commits
mailing list