[Secure-testing-commits] r22013 - data/CVE
Salvatore Bonaccorso
carnil at alioth.debian.org
Sun Apr 21 19:05:28 UTC 2013
Author: carnil
Date: 2013-04-21 19:05:28 +0000 (Sun, 21 Apr 2013)
New Revision: 22013
Modified:
data/CVE/list
Log:
add fixed version for tcpdf issue, tcpdf was now packaged
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-04-21 18:39:01 UTC (rev 22012)
+++ data/CVE/list 2013-04-21 19:05:28 UTC (rev 22013)
@@ -48570,7 +48570,7 @@
CVE-2010-XXXX [tcpdf code execution via tcpdf tag]
- moodle <not-affected> (Vulnerable code not present)
- phpmyadmin <not-affected> (Vulnerable code not present)
- - tcpdf <itp> (bug #495985)
+ - tcpdf 6.0.010+dfsg-1
NOTE: http://sourceforge.net/projects/tcpdf/files/CHANGELOG.TXT/view
NOTE: http://seclists.org/fulldisclosure/2010/Apr/104
NOTE: setting K_TCPDF_CALLS_IN_HTML to false mitigates the problem
More information about the Secure-testing-commits
mailing list