Author: alec-guest Date: 2006-10-25 02:55:21 +0000 (Wed, 25 Oct 2006) New Revision: 4883 Modified: data/CVE/list Log: CVE-2001-1535 and CVE-2002-1647: slash fix uploaded Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-10-24 21:24:32 UTC (rev 4882) +++ data/CVE/list 2006-10-25 02:55:21 UTC (rev 4883) @@ -20164,7 +20164,7 @@ CVE-2001-1536 (Autogalaxy stores usernames and passwords in cleartext in cookies, ...) NOT-FOR-US: Autogalaxy CVE-2001-1535 (Slashcode 2.0 creates new accounts with an 8-character random ...) - - slash <unfixed> (bug #328927; low) + - slash 2.2.6-8 (bug #328927; low) [sarge] - slash <no-dsa> (Lack of a security feature, minor security problem) CVE-2001-1534 (mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID''s ...) - apache (bug #328919; unimportant) @@ -25360,7 +25360,7 @@ CVE-2002-1648 (Cross-site request forgery (CSRF) vulnerability in compose.php in ...) - squirrelmail 1:1.2.3 CVE-2002-1647 (The quick login feature in Slash Slashcode does not redirect the user ...) - - slash <unfixed> (bug #160579; low) + - slash 2.2.6-8 (bug #160579; low) [sarge] - slash <no-dsa> (Minor security implications) CVE-2002-1646 (SSH Secure Shell for Servers 3.0.0 to 3.1.1 allows remote attackers to ...) NOT-FOR-US: commercial ssh