Author: nion
Date: 2008-01-28 21:04:16 +0000 (Mon, 28 Jan 2008)
New Revision: 8049
Modified:
data/CVE/list
Log:
CVE-2007-6611, CVE-2006-6574 fixed in next sarge update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2008-01-28 20:46:29 UTC (rev 8048)
+++ data/CVE/list 2008-01-28 21:04:16 UTC (rev 8049)
@@ -1111,6 +1111,7 @@
CVE-2007-6611 (Cross-site scripting (XSS) vulnerability in view.php in Mantis
before ...)
{DSA-1467-1}
- mantis 1.0.8-4 (low; bug #458377)
+ TODO: r8 [sarge] - mantis 0.19.2-5sarge5
CVE-2007-6683 (The browser plugin in VideoLAN VLC 0.8.6d allows remote
attackers to ...)
- vlc 0.8.6.c-4.1 (medium; bug #458318)
[lenny] - vlc 0.8.6.c-4.1~lenny1
@@ -19087,6 +19088,7 @@
CVE-2006-6574 (Mantis before 1.1.0a2 does not implement per-item access control
for ...)
{DSA-1467-1}
- mantis 1.0.6+dfsg-3 (bug #402802)
+ TODO: r8 [sarge] - mantis 0.19.2-5sarge5
CVE-2004-2666 (Mantis before 20041016 provides a complete Issue History (Bug
History) ...)
- mantis 0.19.2-1
CVE-2003-1312 (siteminderagent/SmMakeCookie.ccc in Netegrity SiteMinder places
a ...)
Hi Nico, On Monday 28 January 2008 22:04, nion at alioth.debian.org wrote:> Log: > CVE-2007-6611, CVE-2006-6574 fixed in next sarge update> CVE-2007-6611 (Cross-site scripting (XSS) vulnerability in view.php in > Mantis before ...) {DSA-1467-1} > - mantis 1.0.8-4 (low; bug #458377) > + TODO: r8 [sarge] - mantis 0.19.2-5sarge5Isn''t this superfluous because the inclusion in the stable update is the direct consequence of the (mentioned) DSA-1467? Or am I missing something? Thijs
Hi Thijs, * Thijs Kinkhorst <thijs at debian.org> [2008-01-29 15:28]:> On Monday 28 January 2008 22:04, nion at alioth.debian.org wrote: > > Log: > > CVE-2007-6611, CVE-2006-6574 fixed in next sarge update > > > CVE-2007-6611 (Cross-site scripting (XSS) vulnerability in view.php in > > Mantis before ...) {DSA-1467-1} > > - mantis 1.0.8-4 (low; bug #458377) > > + TODO: r8 [sarge] - mantis 0.19.2-5sarge5 > > Isn''t this superfluous because the inclusion in the stable update is the > direct consequence of the (mentioned) DSA-1467? Or am I missing something?No you are right, jmm already corrected this. I did not see it was included in the recent DSA when I got the close mail by the BTS. Kind regards Nico -- Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20080129/f8253487/attachment.pgp