Author: jmm-guest Date: 2006-08-08 20:16:03 +0000 (Tue, 08 Aug 2006) New Revision: 4529 Modified: data/CVE/list Log: two latest awstats issues do not affect Sarge Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-08-08 19:55:44 UTC (rev 4528) +++ data/CVE/list 2006-08-08 20:16:03 UTC (rev 4529) @@ -784,8 +784,11 @@ NOT-FOR-US: Flipper Poll CVE-2006-3682 (awstats.pl in AWStats 6.5 build 1.857 and earlier allows remote ...) - awstats 6.5-2 (bug #378960; low) + [sarge] - awstats 6.4-1sarge3 + NOTE: A previous DSA introduced a fix that renders this vulnerability in ineffective CVE-2006-3681 (Multiple cross-site scripting (XSS) vulnerabilities in awstats.pl in ...) - - awstats 6.5-2 (bug #378960; low) + - awstats 6.5-2 (bug #378960; unimportant) + NOTE: Path disclosure is not an issue for Debian CVE-2006-3680 (Cross-site scripting (XSS) vulnerability in photocycle in Photocycle ...) NOT-FOR-US: Photocycle CVE-2006-3679 (FatWire Content Server 5.5.0 allows remote attackers to bypass access ...)