[Secure-testing-commits] r13981 - data/CVE
Moritz Muehlenhoff
jmm-guest at alioth.debian.org
Sun Jan 31 11:29:17 UTC 2010
Author: jmm-guest
Date: 2010-01-31 11:29:16 +0000 (Sun, 31 Jan 2010)
New Revision: 13981
Modified:
data/CVE/list
Log:
rails fixed
spu update for status.pm xss
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-01-31 11:21:13 UTC (rev 13980)
+++ data/CVE/list 2010-01-31 11:29:16 UTC (rev 13981)
@@ -2267,7 +2267,7 @@
- mysql-dfsg-5.0 <removed>
TODO: check
CVE-2009-4214 (Cross-site scripting (XSS) vulnerability in the strip_tags function in ...)
- - rails <unfixed> (low; bug #558685)
+ - rails 2.2.3-2 (low; bug #558685)
NOTE: http://groups.google.com/group/rubyonrails-security/browse_thread/thread/4d4f71f2aef4c0ab?pli=1
CVE-2008-7248 (Ruby on Rails 2.1 before 2.1.3 and 2.2.x before 2.2.2 does not verify ...)
- rails <unfixed> (medium; bug #558685)
@@ -12984,6 +12984,7 @@
CVE-2009-0796 (Cross-site scripting (XSS) vulnerability in Status.pm in ...)
- libapache2-mod-perl2 2.0.4-6 (low; bug #567635)
[lenny] - libapache2-mod-perl2 <no-dsa> (Minor issue)
+ TODO: [lenny] - libapache2-mod-perl2 2.0.4-5+lenny1
- apache <removed>
[etch] - apache <no-dsa> (minor issue)
CVE-2009-0795
More information about the Secure-testing-commits
mailing list