thijs at alioth.debian.org
2007-Nov-07 14:40 UTC
[Secure-testing-commits] r7238 - data/CVE
Author: thijs Date: 2007-11-07 14:40:23 +0000 (Wed, 07 Nov 2007) New Revision: 7238 Modified: data/CVE/list Log: confirmed that cvstrac is not affected, phpmyadmin issue does not affect sarge. Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-11-07 09:14:08 UTC (rev 7237) +++ data/CVE/list 2007-11-07 14:40:23 UTC (rev 7238) @@ -1731,6 +1731,7 @@ NOT-FOR-US: Pindorama CVE-2007-5386 (Cross-site scripting (XSS) vulnerability in scripts/setup.php in ...) - phpmyadmin 4:2.11.1.2-1 (unimportant; bug #446451) + [sarge] - phpmyadmin <not-affected> (vulnerable script not present) CVE-2007-5385 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) NOT-FOR-US: Thomson/Alcatel SpeedTouch 7G router CVE-2007-5384 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...) @@ -14257,7 +14258,9 @@ NOT-FOR-US: ActiveX control in InterActual Player CVE-2007-0347 (The is_eow function in format.c in CVSTrac before 2.0.1 does not ...) - cvstrac 2.0.1-1 - NOTE: it is unclear if 1.1.5 is vulnerable (is_repository_file is not in 1.1.5 source) + [etch] - cvstrac <not-affected> + [sarge] - cvstrac <not-affected> + NOTE: 1.1.5 is not vulnerable (is_repository_file is not in 1.1.5 source) NOTE: the vulnerable code can''t be found on other places in 1.1.5 and also similar things NOTE: are done like using %q instead of %s for user supplied data CVE-2007-0346 (SQL injection vulnerability in index.php in SmE FileMailer 1.21 allows ...)