[Secure-testing-commits] r20086 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2012-09-03 16:32:42 +0000 (Mon, 03 Sep 2012)
New Revision: 20086

Modified:
   data/CVE/list
Log:
CVE-2012-4399 cakephp issue

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-09-03 11:38:33 UTC (rev 20085)
+++ data/CVE/list	2012-09-03 16:32:42 UTC (rev 20086)
@@ -877,8 +877,13 @@
 	RESERVED
 CVE-2012-4400
 	RESERVED
-CVE-2012-4399
+CVE-2012-4399 [cakephp XXE injection]
 	RESERVED
+	- cakephp <unfixed>
+	TODO: Check if Debian-packages are affected. Advisory says 2.x
+	NOTE: http://seclists.org/bugtraq/2012/Jul/101
+	NOTE: http://bakery.cakephp.org/articles/markstory/2012/07/14/security_release_-_cakephp_2_1_5_2_2_1
+	NOTE: http://osvdb.org/show/osvdb/84042
 CVE-2012-4398
 	RESERVED
 	- linux <unfixed>