Author: jmm-guest Date: 2007-01-10 19:46:17 +0100 (Wed, 10 Jan 2007) New Revision: 5232 Modified: data/CVE/list Log: the sid fix is implicit non-availability on etch is derived from the archive information no-dsa is not for unchecked security states Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-01-10 18:24:47 UTC (rev 5231) +++ data/CVE/list 2007-01-10 18:46:17 UTC (rev 5232) @@ -6,11 +6,7 @@ NOT-FOR-US: Serene Bach CVE-2007-0136 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal before ...) - drupal 4.7.5-1 - [sarge] - drupal <no-dsa> (Not known if 4.5.x series was affected) - [etch] - drupal <not-affected> (Drupal isn''t in Etch) - [sid] - drupal <not-affected> (version 4.7.5-1 uploaded) NOTE: vendor advisory: http://drupal.org/node/104233 - TODO: check if Sarge was affected CVE-2007-0135 (PHP remote file inclusion vulnerability in inc/init.inc.php in Aratix ...) NOT-FOR-US: Aratix CVE-2007-0134 (Multiple eval injection vulnerabilities in iGeneric iG Shop 1.0 allow ...)