thr3ads.net - Secure testing team - [Secure-testing-team] CVE-2006-3681 and CVE-2006-3682 mixed? [Feb 2007]

If this information is useful, please help other people find it:
Share via:

Helge Kreutzmann

2007-Feb-19 20:05 UTC

[Secure-testing-team] CVE-2006-3681 and CVE-2006-3682 mixed?

Hello,
I just checked out the SVN repository and checked also on the web page,
and I think those CVEs are mixed up. The path vulnerability is 3682,
while XSS is 3681. The first is clearly no problem, as the Debian
package is publicly visible (hence the path can be obtained), for the
second one assume that''s been checked (as stated in the comment),
(i.e. covered in awstats (6.4-1sarge3))

I''ll add them this way in the nonvuln list on debian.org.

Greetings

          Helge
-- 
      Dr. Helge Kreutzmann                     debian@helgefjell.de
           Dipl.-Phys.                   http://www.helgefjell.de/debian.php
        64bit GNU powered                     gpg signed mail preferred
           Help keep free software "libre": http://www.ffii.de/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url :
http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20070219/5d033ad0/attachment.pgp

Secure testing team - Feb 2007 - CVE-2006-3681 and CVE-2006-3682 mixed?

[Secure-testing-team] CVE-2006-3681 and CVE-2006-3682 mixed?