[Secure-testing-commits] r18006 - data/CVE
Luk Claes
luk at alioth.debian.org
Tue Jan 3 17:56:08 UTC 2012
Author: luk
Date: 2012-01-03 17:56:08 +0000 (Tue, 03 Jan 2012)
New Revision: 18006
Modified:
data/CVE/list
Log:
update on rails
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-01-03 17:45:48 UTC (rev 18005)
+++ data/CVE/list 2012-01-03 17:56:08 UTC (rev 18006)
@@ -5772,6 +5772,7 @@
- linux-2.6 3.0.0-2
CVE-2011-3187 (The to_s method in ...)
- rails <unfixed> (unimportant)
+ NOTE: X-Forwarded-For header is user supplied (like User-Agent)
CVE-2011-3186 (CRLF injection vulnerability in ...)
{DSA-2301-1}
- rails 2.3.14
@@ -6518,7 +6519,7 @@
RESERVED
CVE-2011-2932 (Cross-site scripting (XSS) vulnerability in ...)
- rails 2.3.14
- [squeeze] - rails <not-affected> (Vulnerable code not present)
+ [squeeze] - rails <unfixed>
CVE-2011-2931 (Cross-site scripting (XSS) vulnerability in the strip_tags helper in ...)
{DSA-2301-1}
- rails 2.3.14
More information about the Secure-testing-commits
mailing list