[Secure-testing-commits] r17002 - data/CVE
Thijs Kinkhorst
thijs at alioth.debian.org
Tue Jul 26 20:15:31 UTC 2011
Author: thijs
Date: 2011-07-26 20:15:30 +0000 (Tue, 26 Jul 2011)
New Revision: 17002
Modified:
data/CVE/list
Log:
two additional squirrelmail ids also fixed in sid
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2011-07-26 19:50:49 UTC (rev 17001)
+++ data/CVE/list 2011-07-26 20:15:30 UTC (rev 17002)
@@ -260,9 +260,11 @@
CVE-2011-2754 (Cross-site scripting (XSS) vulnerability in the PageBuilder2 (aka Page ...)
NOT-FOR-US: IBM WebSphere Portal
CVE-2011-2753 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
- - squirrelmail <undetermined>
+ - squirrelmail 2:1.4.22-1 (low)
+ NOTE: difficult to exploit
CVE-2011-2752 (CRLF injection vulnerability in SquirrelMail 1.4.21 and earlier allows ...)
- - squirrelmail <undetermined>
+ - squirrelmail 2:1.4.22-1 (low)
+ NOTE: difficult to exploit
CVE-2011-2751 (SQL injection vulnerability in Parodia before 6.809 allows remote ...)
NOT-FOR-US: Parodia
CVE-2011-2750 (NFRAgent.exe in Novell File Reporter 1.0.4.2 and earlier allows remote ...)
More information about the Secure-testing-commits
mailing list