Author: seanius Date: 2006-08-23 19:11:20 +0000 (Wed, 23 Aug 2006) New Revision: 4615 Modified: data/CVE/list Log: notes on CVE-2006-2106 Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-08-23 17:29:54 UTC (rev 4614) +++ data/CVE/list 2006-08-23 19:11:20 UTC (rev 4615) @@ -4900,6 +4900,11 @@ CVE-2006-2106 (Cross-site scripting (XSS) vulnerability in Edgewall Software Trac ...) - trac 0.9.5-1 (medium) [sarge] - trac <unfixed> (medium) + NOTE: http://trac.edgewall.org/changeset/3201 + NOTE: http://trac.edgewall.org/changeset/3287 + NOTE: the second reference fixes a regression in the first. i *believe* + NOTE: that these correctly solve the problem, though we really ought + NOTE: to run this by upstream or the reporter. CVE-2006-2105 (Directory traversal vulnerability in index.php in Jupiter CMS 1.1.4 ...) NOT-FOR-US: Jupiter CVE-2006-2104 (Multiple cross-site scripting (XSS) vulnerabilities in Kamgaing Email ...)