[Secure-testing-commits] r21208 - data/CVE

Salvatore Bonaccorso carnil at alioth.debian.org
Sat Feb 9 09:54:39 UTC 2013


Author: carnil
Date: 2013-02-09 09:54:39 +0000 (Sat, 09 Feb 2013)
New Revision: 21208

Modified:
   data/CVE/list
Log:
update tracker for roundcube, CVE-2012-6121

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2013-02-09 09:17:57 UTC (rev 21207)
+++ data/CVE/list	2013-02-09 09:54:39 UTC (rev 21208)
@@ -4325,10 +4325,9 @@
 	[squeeze] - chicken <no-dsa> (Minor issue)
 CVE-2012-6121 [Cross-site scripting (XSS) in vbscript: and data:text URL handling]
 	RESERVED
-	- roundcube <unfixed>
+	- roundcube <not-affected> (vulnerable code not in stable or testing)
 	NOTE: http://trac.roundcube.net/ticket/1488850
 	NOTE: Upstream patch: https://github.com/roundcube/roundcubemail/commit/74cd0a9b62f11bc07c5a1d3ba0098b54883eb0ba
-	TODO: check and report
 CVE-2012-6120 [Directory /var/log/puppet is world readable]
 	RESERVED
 	- puppet <unfixed>




More information about the Secure-testing-commits mailing list