stef-guest at alioth.debian.org
2007-Sep-20 22:47 UTC
[Secure-testing-commits] r6657 - in data: CVE DTSA
Author: stef-guest
Date: 2007-09-20 22:47:40 +0000 (Thu, 20 Sep 2007)
New Revision: 6657
Modified:
data/CVE/list
data/DTSA/list
Log:
gforge: mark CVE-2007-4966 duplicate, DTSA
Modified: data/CVE/list
==================================================================---
data/CVE/list 2007-09-20 21:14:08 UTC (rev 6656)
+++ data/CVE/list 2007-09-20 22:47:40 UTC (rev 6657)
@@ -47,8 +47,8 @@
CVE-2007-4967 (Online Armor Personal Firewall 2.0.1.215 does not properly
validate ...)
NOT-FOR-US: Online Armor Personal Firewall
CVE-2007-4966 (SQL injection vulnerability in www/people/editprofile.php in
GForge ...)
- TODO: check
- NOTE: I am not sure if this is a duplicate of CVE-2007-3913
+ - gforge 4.6.99+svn6086-1
+ NOTE: duplicate of CVE-2007-3913 according to Roland Mas
NOTE: Look at the fix for it:
http://gforge.org/scm/viewvc.php/trunk/gforge/www/people/editprofile.php?root=gforge&r1=5995&r2=6083
NOTE: This is already a fix for an SQL injection via skill_delete
CVE-2007-4965 (Multiple integer overflows in the imageop module in Python 2.5.1
and ...)
Modified: data/DTSA/list
==================================================================---
data/DTSA/list 2007-09-20 21:14:08 UTC (rev 6656)
+++ data/DTSA/list 2007-09-20 22:47:40 UTC (rev 6657)
@@ -164,3 +164,5 @@
[September 13th, 2007] DTSA-58-1 phpgroupware - cross scripting vulnerability
{CVE-2007-4048}
[lenny] - phpgroupware 0.9.16.011-3lenny2
+[September 21st, 2007] DTSA-59-1 gforge - cross site scripting vulnerability in
account/verify.php
+ [lenny] - gforge 4.5.14-23lenny4