[Secure-testing-commits] r30132 - in data: . CVE
Raphaël Hertzog
hertzog at moszumanska.debian.org
Tue Nov 18 15:45:52 UTC 2014
Author: hertzog
Date: 2014-11-18 15:45:52 +0000 (Tue, 18 Nov 2014)
New Revision: 30132
Modified:
data/CVE/list
data/dla-needed.txt
Log:
Add details about CVE-2014-4737/textpattern and put it in dla-needed.txt
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-11-18 15:45:42 UTC (rev 30131)
+++ data/CVE/list 2014-11-18 15:45:52 UTC (rev 30132)
@@ -9351,6 +9351,9 @@
NOT-FOR-US: FortiGuard FortiWeb
CVE-2014-4737 (Cross-site scripting (XSS) vulnerability in Textpattern CMS before ...)
- textpattern <removed>
+ NOTE: https://github.com/textpattern/textpattern/commit/1206c7d84949a58cd0a2bc4a91ee53a0c8d4daf6
+ NOTE: is likely the commit fixing the issue. But it does more than the
+ NOTE: strict minimum.
CVE-2014-4736 (SQL injection vulnerability in E2 before 2.4 (2845) allows remote ...)
NOT-FOR-US: E2
CVE-2014-4735 (Cross-site scripting (XSS) vulnerability in MyWebSQL 3.4 and earlier ...)
Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2014-11-18 15:45:42 UTC (rev 30131)
+++ data/dla-needed.txt 2014-11-18 15:45:52 UTC (rev 30132)
@@ -71,6 +71,10 @@
--
squid3 (Matt Palmer)
--
+textpattern
+ NOTE: Has been dropped from newer releases. Should we instead mark
+ it unsupported?
+--
tomcat6 (Holger Levsen and Tony Mancill)
--
xlhtml
More information about the Secure-testing-commits
mailing list