[Secure-testing-commits] r21876 - data/CVE
Michael Gilbert
mgilbert at alioth.debian.org
Sun Apr 7 23:56:44 UTC 2013
Author: mgilbert
Date: 2013-04-07 23:56:44 +0000 (Sun, 07 Apr 2013)
New Revision: 21876
Modified:
data/CVE/list
Log:
info on old jquery issue
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-04-07 21:14:24 UTC (rev 21875)
+++ data/CVE/list 2013-04-07 23:56:44 UTC (rev 21876)
@@ -92615,7 +92615,8 @@
CVE-2007-2380 (The Microsoft Atlas framework exchanges data using JavaScript Object ...)
NOT-FOR-US: Microsoft Atlas
CVE-2007-2379 (The jQuery framework exchanges data using JavaScript Object Notation ...)
- - jquery <undetermined> (low)
+ - jquery <unfixed> (unimportant)
+ NOTE: the paper in this reference is a guideline on how to avoid writing unsafe jquery applications. there really isn't anything to fix in the library itself.
NOTE: https://www.fortify.com/vulncat/en/vulncat/javascript/javascript_hijacking_ad_hoc_ajax.html
CVE-2007-2378 (The Google Web Toolkit (GWT) framework exchanges data using JavaScript ...)
- gwt <unfixed> (unimportant; bug #563542)
More information about the Secure-testing-commits
mailing list