thijs at alioth.debian.org
2008-Jan-07 21:06 UTC
[Secure-testing-commits] r7853 - data/CVE
Author: thijs
Date: 2008-01-07 21:06:28 +0000 (Mon, 07 Jan 2008)
New Revision: 7853
Modified:
data/CVE/list
Log:
phpsysinfo does not have any cookie based authentication from itself,
hence an XSS cannot do as much harm as it can when psi is embeded in an
application that does such a thing.
Modified: data/CVE/list
==================================================================---
data/CVE/list 2008-01-07 20:21:38 UTC (rev 7852)
+++ data/CVE/list 2008-01-07 21:06:28 UTC (rev 7853)
@@ -7291,6 +7291,8 @@
CVE-2007-4048 (Cross-site scripting (XSS) vulnerability in index.php in
phpSysInfo ...)
{DTSA-58-1}
- phpsysinfo 2.5.1-6.1 (low; bug #435935)
+ [etch] - phpsysinfo <no-dsa> (Minor issue, does not have valuable
cookies)
+ [sarge] - phpsysinfo <no-dsa> (Minor issue, does not have valuable
cookies)
- phpgroupware 0.9.16.012-1 (low; bug #435936)
- egroupware-phpsysinfo 1.2.107-2.dfsg-1.1 (low; bug #435937)
CVE-2007-4047 (geoBlog (aka BitDamaged) 1 does not require authentication for
(1) ...)