Author: alec-guest Date: 2006-05-20 22:59:58 +0000 (Sat, 20 May 2006) New Revision: 4017 Modified: data/CVE/list Log: trac XSS issue fixed in unstable, not in sarge Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-05-20 22:54:05 UTC (rev 4016) +++ data/CVE/list 2006-05-20 22:59:58 UTC (rev 4017) @@ -817,7 +817,8 @@ CVE-2006-2107 (Buffer overflow in BL4 SMTP Server 0.1.4 and earlier allows remote ...) TODO: check CVE-2006-2106 (Cross-site scripting (XSS) vulnerability in Edgewall Software Trac ...) - TODO: check + - trac 0.9.5-1 (medium) + [sarge] - trac <unfixed> (medium) CVE-2006-2105 (Directory traversal vulnerability in index.php in Jupiter CMS 1.1.4 ...) TODO: check CVE-2006-2104 (Multiple cross-site scripting (XSS) vulnerabilities in Kamgaing Email ...)
Moritz Muehlenhoff
2006-May-28 19:03 UTC
[Secure-testing-team] Re: [Secure-testing-commits] r4017 - data/CVE
Alec Berryman wrote:> Author: alec-guest > Date: 2006-05-20 22:59:58 +0000 (Sat, 20 May 2006) > New Revision: 4017 > > Modified: > data/CVE/list > Log: > trac XSS issue fixed in unstable, not in sarge > > Modified: data/CVE/list > ==================================================================> --- data/CVE/list 2006-05-20 22:54:05 UTC (rev 4016) > +++ data/CVE/list 2006-05-20 22:59:58 UTC (rev 4017) > @@ -817,7 +817,8 @@ > CVE-2006-2107 (Buffer overflow in BL4 SMTP Server 0.1.4 and earlier allows remote ...) > TODO: check > CVE-2006-2106 (Cross-site scripting (XSS) vulnerability in Edgewall Software Trac ...) > - TODO: check > + - trac 0.9.5-1 (medium) > + [sarge] - trac <unfixed> (medium)You don''t need to add <unfixed> entries for stable, if the version in Sarge is lower then the fix recorded for Sarge, it will automatically be marked as affected. Cheers, Moritz