thr3ads.net - Secure testing commits - [Secure-testing-commits] r18006

If this information is useful, please help other people find it:
Share via:

Luk Claes

2012-Jan-03 17:56 UTC

[Secure-testing-commits] r18006 - data/CVE

Author: luk
Date: 2012-01-03 17:56:08 +0000 (Tue, 03 Jan 2012)
New Revision: 18006

Modified:
   data/CVE/list
Log:
update on rails

Modified: data/CVE/list
==================================================================---
data/CVE/list	2012-01-03 17:45:48 UTC (rev 18005)
+++ data/CVE/list	2012-01-03 17:56:08 UTC (rev 18006)
@@ -5772,6 +5772,7 @@
 	- linux-2.6 3.0.0-2
 CVE-2011-3187 (The to_s method in ...)
 	- rails <unfixed> (unimportant)
+	NOTE: X-Forwarded-For header is user supplied (like User-Agent)
 CVE-2011-3186 (CRLF injection vulnerability in ...)
 	{DSA-2301-1}
 	- rails 2.3.14
@@ -6518,7 +6519,7 @@
 	RESERVED
 CVE-2011-2932 (Cross-site scripting (XSS) vulnerability in ...)
 	- rails 2.3.14
-	[squeeze] - rails <not-affected> (Vulnerable code not present)
+	[squeeze] - rails <unfixed>
 CVE-2011-2931 (Cross-site scripting (XSS) vulnerability in the strip_tags
helper in ...)
 	{DSA-2301-1}
 	- rails 2.3.14

Secure testing commits - Jan 2012 - r18006 - data/CVE

[Secure-testing-commits] r18006 - data/CVE