Author: fw Date: 2007-04-16 12:55:06 +0000 (Mon, 16 Apr 2007) New Revision: 5656 Modified: data/CVE/list Log: CVE-2007-1483, CVE-2007-1343: webcalendar fixed (CVE-2006-6669 is still open according to the maintainer.) Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-04-15 09:51:47 UTC (rev 5655) +++ data/CVE/list 2007-04-16 12:55:06 UTC (rev 5656) @@ -1113,8 +1113,7 @@ - php5 <unfixed> (medium) NOTE: local malicious scripts only, but allows arbitrary process memory access CVE-2007-1483 (Multiple PHP remote file inclusion vulnerabilities in WebCalendar ...) - - webcalendar <unfixed> (high) - NOTE: Requested removal from the archive + - webcalendar 1.0.5-1 (high) CVE-2007-1482 (Cross-site scripting (XSS) vulnerability in index.php in WBBlog allows ...) NOT-FOR-US: WBBlog CVE-2007-1481 (SQL injection vulnerability in index.php in WBBlog allows remote ...) @@ -1440,7 +1439,7 @@ NOT-FOR-US: Ezstream CVE-2007-1343 (includes/functions.php in Craig Knudsen WebCalendar before 1.0.5 does ...) {DSA-1267-1} - - webcalendar <unfixed> (high) + - webcalendar 1.0.5-1 (high) CVE-2007-1342 (Cross-site scripting (XSS) vulnerability in admincp/index.php in ...) NOT-FOR-US: vBulletin CVE-2007-1341 (include/auth/auth.php in Simple Invoices before 2007 03 05 does not ...)