Author: stef-guest Date: 2005-12-02 17:12:55 +0000 (Fri, 02 Dec 2005) New Revision: 2928 Modified: data/CVE/list Log: saxon works as intended but might surprise users Modified: data/CVE/list ==================================================================--- data/CVE/list 2005-12-02 16:20:04 UTC (rev 2927) +++ data/CVE/list 2005-12-02 17:12:55 UTC (rev 2928) @@ -533,7 +533,12 @@ CVE-2005-3758 (Cross-site scripting (XSS) vulnerability in Google Mini Search ...) NOT-FOR-US: Google search appliance CVE-2005-3757 (The Saxon XSLT parser in Google Mini Search Appliance, and possibly ...) - TODO: check, whether this is related to libsaxon-java + NOTE: XSLTs can call arbitrary java methods in libsaxon-java. This behaviour + NOTE: is well documented and can be switched off. Let''s hope that all users + NOTE: of saxon are aware of this. Filed a whishlist bug to add a warning. + NOTE: Current rdependencies: + - ooo2dbk <not-affected> (uses it''s own xslt unless overridden by command line arg) + TODO: check zope-zms (stef-guest: pinged maintainers) CVE-2005-3756 (Google Mini Search Appliance, and possibly Google Search Appliance, ...) NOT-FOR-US: Google search appliance CVE-2005-3755 (Directory traversal vulnerability in Google Mini Search Appliance, and ...)