white at alioth.debian.org
2009-Feb-04 23:21 UTC
[Secure-testing-commits] r11147 - data/CVE
Author: white Date: 2009-02-04 23:21:43 +0000 (Wed, 04 Feb 2009) New Revision: 11147 Modified: data/CVE/list Log: Newer roundcube is in experimental, so mark the issue accordingly Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-02-04 23:08:00 UTC (rev 11146) +++ data/CVE/list 2009-02-04 23:21:43 UTC (rev 11147) @@ -6,8 +6,9 @@ - trickle <unfixed> (bug #513456; low) [etch] - trickle <no-dsa> (Minor issue) CVE-2009-0413 (Cross-site scripting (XSS) vulnerability in RoundCube Webmail ...) - - roundcube <not-affected> (Vulnerable code not present) - NOTE: Seems to affect versions 0.2, but debian only has 0.1 packaged at the moment + - roundcube <unfixed> (low; bug #514179) + [lenny] - roundcube <not-affected> (Vulnerable code not present) + NOTE: Seems to affect version 0.2, which is only in experimental CVE-2009-0412 (The ProcessLogin function in class.auth.php in Interspire Shopping ...) NOT-FOR-US: Interspire Shopping Cart CVE-2009-0411 (Google Chrome before 1.0.154.46 does not properly restrict access from ...)