[Secure-testing-commits] r32021 - data/CVE
Raphaël Hertzog
hertzog at moszumanska.debian.org
Fri Feb 6 10:31:16 UTC 2015
Author: hertzog
Date: 2015-02-06 10:31:16 +0000 (Fri, 06 Feb 2015)
New Revision: 32021
Modified:
data/CVE/list
Log:
Mark CVE-2014-4737/textpattern as no-dsa
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-02-06 10:31:09 UTC (rev 32020)
+++ data/CVE/list 2015-02-06 10:31:16 UTC (rev 32021)
@@ -16126,6 +16126,7 @@
NOT-FOR-US: FortiGuard FortiWeb
CVE-2014-4737 (Cross-site scripting (XSS) vulnerability in Textpattern CMS before ...)
- textpattern <removed>
+ [squeeze] - textpattern <no-dsa> (Vulnerability is in setup.php, which becomes inaccessible after installation)
NOTE: https://github.com/textpattern/textpattern/commit/1206c7d84949a58cd0a2bc4a91ee53a0c8d4daf6
NOTE: is likely the commit fixing the issue. But it does more than the
NOTE: strict minimum.
More information about the Secure-testing-commits
mailing list